Oracle Linux vulnerabilities

CVE-2016-7039 [HIGH] CWE-399 CVE-2016-7039: The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

CVE-2016-0617 [MEDIUM] CVE-2016-0617: Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.

CVE-2016-2776 [HIGH] CWE-20 CVE-2016-2776: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVE-2016-6250 [HIGH] CWE-190 CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

CVE-2016-5418 [HIGH] CWE-19 CVE-2016-5418: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVE-2016-4809 [HIGH] CWE-20 CVE-2016-4809: The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchiv The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

CVE-2016-7166 [MEDIUM] CWE-399 CVE-2016-7166: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote a libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

CVE-2016-5844 [MEDIUM] CWE-190 CVE-2016-5844: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a den Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

CVE-2015-8922 [MEDIUM] CWE-476 CVE-2015-8922: The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

CVE-2016-2182 [CRITICAL] CWE-787 CVE-2016-2182: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate di The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2016-2181 [HIGH] CWE-189 CVE-2016-2181: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

CVE-2016-6302 [HIGH] CWE-20 CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC s The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

CVE-2016-2179 [HIGH] CWE-399 CVE-2016-2179: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue ent The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.

CVE-2016-5404 [MEDIUM] CWE-284 CVE-2016-5404: The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which all The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

CVE-2016-5408 [CRITICAL] CVE-2016-5408: Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package be Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.

CVE-2016-6198 [MEDIUM] CWE-284 CVE-2016-6198: The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

CVE-2016-6197 [MEDIUM] CWE-20 CVE-2016-6197: fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does no fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

CVE-2016-5254 [CRITICAL] CWE-416 CVE-2016-5254: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48 Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

CVE-2016-5252 [HIGH] CWE-119 CVE-2016-5252: Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48. Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

CVE-2016-5259 [HIGH] CWE-416 CVE-2016-5259: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.