Redhat Enterprise Linux vulnerabilities

CVE-2016-5314 [HIGH] CWE-787 CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

CVE-2017-2619 [HIGH] CWE-362 CVE-2017-2619: Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink r Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

CVE-2016-8612 [MEDIUM] CWE-20 CVE-2016-8612: Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Valida Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

CVE-2018-1063 [MEDIUM] CWE-59 CVE-2018-1063: Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivile Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The is

CVE-2017-15134 [HIGH] CWE-120 CVE-2017-15134: A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x befor A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-1049 [MEDIUM] CWE-362 CVE-2018-1049: In systemd prior to 234 a race condition exists between .mount and .automount units such that automo In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVE-2018-1000026 [HIGH] CWE-20 CVE-2018-1000026: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2

CVE-2014-8171 [MEDIUM] CWE-399 CVE-2014-8171: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

CVE-2017-12197 [MEDIUM] CWE-863 CVE-2017-12197: It was found that libpam4j up to and including 1.8 did not properly validate user accounts when auth It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

CVE-2017-15127 [MEDIUM] CWE-460 CVE-2017-15127: A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

CVE-2017-15128 [MEDIUM] CWE-119 CVE-2017-15128: A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).

CVE-2017-12189 [HIGH] CVE-2017-12189: It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platfor It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

CVE-2017-15131 [HIGH] CWE-284 CVE-2017-15131: It was found that system umask policy is not being honored when creating XDG user directories, since It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

CVE-2017-15129 [MEDIUM] CWE-362 CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an

CVE-2014-1859 [MEDIUM] CWE-59 CVE-2014-1859: (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/te (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

CVE-2014-8119 [HIGH] CWE-20 CVE-2014-8119: The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of servic The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

CVE-2016-3695 [MEDIUM] CWE-74 CVE-2016-3695: The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

CVE-2017-15103 [HIGH] CWE-78 CVE-2017-15103: A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authent A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

CVE-2017-15104 [HIGH] CWE-552 CVE-2017-15104: An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. A An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

CVE-2017-15121 [MEDIUM] CWE-20 CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an app A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.