Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2017-1000410 [HIGH] CVE-2017-1000410: The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of th

CVE-2017-15121 [MEDIUM] CWE-20 CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an app A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

CVE-2017-3157 [MEDIUM] CWE-200 CVE-2017-3157: By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could cra By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send t

CVE-2016-8610 [HIGH] CWE-400 CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the w A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

CVE-2015-7529 [HIGH] CWE-59 CVE-2015-7529: sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

CVE-2015-5739 [CRITICAL] CWE-444 CVE-2015-5739: The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP head The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

CVE-2015-5740 [CRITICAL] CWE-444 CVE-2015-5740: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

CVE-2017-0903 [CRITICAL] CWE-502 CVE-2017-0903: RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulner RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

CVE-2017-1000116 [CRITICAL] CWE-78 CVE-2017-1000116: Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shel Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

CVE-2017-1000111 [HIGH] CVE-2017-1000111: Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously dis Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue

CVE-2017-1000115 [HIGH] CWE-59 CVE-2017-1000115: Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositor Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CVE-2017-1000251 [HIGH] CWE-787 CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000083 [HIGH] CVE-2017-1000083: backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows r backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVE-2017-14064 [CRITICAL] CWE-119 CVE-2017-14064: Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

CVE-2017-0899 [CRITICAL] CWE-150 CVE-2017-0899: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that inc RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

CVE-2017-0900 [HIGH] CWE-20 CVE-2017-0900: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

CVE-2017-0902 [HIGH] CWE-350 CVE-2017-0902: RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MIT RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

CVE-2017-0901 [HIGH] CWE-22 CVE-2017-0901: RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously cr RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVE-2017-5208 [HIGH] CWE-190 CVE-2017-5208: Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

CVE-2017-10661 [HIGH] CWE-416 CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privile Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.