Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7533 (GCVE-0-2017-7533)
Vulnerability from cvelistv5 – Published: 2017-08-05 16:00 – Updated: 2024-08-05 16:04
VLAI?
EPSS
Summary
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Severity ?
No CVSS data available.
CWE
- race condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel through 4.12.4 |
Affected:
Linux kernel through 4.12.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"name": "100123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100123"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"name": "RHSA-2017:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
},
{
"name": "DSA-3945",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "1039075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039075"
},
{
"name": "RHSA-2017:2770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "RHSA-2017:2869",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel through 4.12.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel through 4.12.4"
}
]
}
],
"datePublic": "2017-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "race condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-28T20:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"name": "100123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100123"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"name": "RHSA-2017:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
},
{
"name": "DSA-3945",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "1039075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039075"
},
{
"name": "RHSA-2017:2770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "RHSA-2017:2869",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7533",
"datePublished": "2017-08-05T16:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2017-AVI-267
Vulnerability from certfr_avis - Published: 2017-08-16 - Updated: 2017-08-16
De multiples vulnérabilités ont été corrigées dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server pour ARM 7 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 5.9 x86_64, ia64 et i386 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Oracle | Virtualization | Red Hat Virtualization Host 4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux pour Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server pour ARM 7 aarch64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 5.9 x86_64, ia64 et i386",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 x86_64",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
}
],
"initial_release_date": "2017-08-16T00:00:00",
"last_revision_date": "2017-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-267",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de RedHat\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2472 du 15 ao\u00fbt 2017",
"url": "https://access.redhat.com/errata/RHSA-2017:2472"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2473 du 15 ao\u00fbt 2017",
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
}
]
}
CERTFR-2017-AVI-287
Vulnerability from certfr_avis - Published: 2017-09-07 - Updated: 2017-09-07
De multiples vulnérabilités ont été corrigées dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003e\u003c/p\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-7097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2016-9685",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9685"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2016-9576",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9576"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2016-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
},
{
"name": "CVE-2016-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10088"
},
{
"name": "CVE-2016-8645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8645"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2017-7889",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7889"
},
{
"name": "CVE-2016-9604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9604"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2017-6001",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6001"
},
{
"name": "CVE-2017-8797",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8797"
},
{
"name": "CVE-2015-8839",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8839"
}
],
"initial_release_date": "2017-09-07T00:00:00",
"last_revision_date": "2017-09-07T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2669 du 06 septembre 2017",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
}
],
"reference": "CERTFR-2017-AVI-287",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de RedHat\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2669 du 06 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-310
Vulnerability from certfr_avis - Published: 2017-09-20 - Updated: 2017-09-20
Une vulnérabilité a été corrigée dans le noyau Linux de RedHat. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Red Hat Enterprise Linux 7.3 Extended Update Support
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eRed Hat Enterprise Linux 7.3 Extended Update Support\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
}
],
"initial_release_date": "2017-09-20T00:00:00",
"last_revision_date": "2017-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2770 du 19 septembre 2017",
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
}
],
"reference": "CERTFR-2017-AVI-310",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003ele noyau\nLinux de RedHat\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2770 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-449
Vulnerability from certfr_avis - Published: 2017-12-05 - Updated: 2017-12-05
De multiples vulnérabilités ont été découvertes dans Google Android . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 04 d\u00e9cembre 2017",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0878",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0878"
},
{
"name": "CVE-2017-14907",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14907"
},
{
"name": "CVE-2017-9710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9710"
},
{
"name": "CVE-2017-9722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9722"
},
{
"name": "CVE-2017-9698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9698"
},
{
"name": "CVE-2017-11044",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11044"
},
{
"name": "CVE-2017-13170",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13170"
},
{
"name": "CVE-2017-14899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14899"
},
{
"name": "CVE-2017-13158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13158"
},
{
"name": "CVE-2017-14904",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14904"
},
{
"name": "CVE-2017-6211",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6211"
},
{
"name": "CVE-2017-14897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14897"
},
{
"name": "CVE-2017-14902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14902"
},
{
"name": "CVE-2017-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14914"
},
{
"name": "CVE-2017-0564",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0564"
},
{
"name": "CVE-2017-9700",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9700"
},
{
"name": "CVE-2017-11019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11019"
},
{
"name": "CVE-2017-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14896"
},
{
"name": "CVE-2017-11005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11005"
},
{
"name": "CVE-2017-15813",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15813"
},
{
"name": "CVE-2017-0877",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0877"
},
{
"name": "CVE-2017-0873",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0873"
},
{
"name": "CVE-2017-11016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11016"
},
{
"name": "CVE-2017-11033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11033"
},
{
"name": "CVE-2017-9708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9708"
},
{
"name": "CVE-2017-13152",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13152"
},
{
"name": "CVE-2017-13169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13169"
},
{
"name": "CVE-2017-14903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14903"
},
{
"name": "CVE-2017-14908",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14908"
},
{
"name": "CVE-2017-13156",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13156"
},
{
"name": "CVE-2017-13173",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13173"
},
{
"name": "CVE-2017-13167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13167"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-11049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11049"
},
{
"name": "CVE-2017-14918",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14918"
},
{
"name": "CVE-2017-13171",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13171"
},
{
"name": "CVE-2017-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13153"
},
{
"name": "CVE-2017-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0880"
},
{
"name": "CVE-2017-0879",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0879"
},
{
"name": "CVE-2017-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0870"
},
{
"name": "CVE-2017-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13151"
},
{
"name": "CVE-2017-6262",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6262"
},
{
"name": "CVE-2017-13164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13164"
},
{
"name": "CVE-2017-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0871"
},
{
"name": "CVE-2017-14917",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14917"
},
{
"name": "CVE-2017-9716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9716"
},
{
"name": "CVE-2017-13150",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13150"
},
{
"name": "CVE-2017-11047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11047"
},
{
"name": "CVE-2017-13163",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13163"
},
{
"name": "CVE-2017-9709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9709"
},
{
"name": "CVE-2017-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14901"
},
{
"name": "CVE-2017-11042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11042"
},
{
"name": "CVE-2017-13166",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13166"
},
{
"name": "CVE-2017-13148",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13148"
},
{
"name": "CVE-2017-0807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0807"
},
{
"name": "CVE-2017-13160",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13160"
},
{
"name": "CVE-2017-13165",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13165"
},
{
"name": "CVE-2017-13174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13174"
},
{
"name": "CVE-2017-13157",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13157"
},
{
"name": "CVE-2017-9703",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9703"
},
{
"name": "CVE-2017-15868",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15868"
},
{
"name": "CVE-2016-3706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3706"
},
{
"name": "CVE-2017-0872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0872"
},
{
"name": "CVE-2017-11031",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11031"
},
{
"name": "CVE-2017-13172",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13172"
},
{
"name": "CVE-2017-13175",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13175"
},
{
"name": "CVE-2017-6276",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6276"
},
{
"name": "CVE-2017-14905",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14905"
},
{
"name": "CVE-2017-13149",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13149"
},
{
"name": "CVE-2017-14909",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14909"
},
{
"name": "CVE-2017-13159",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13159"
},
{
"name": "CVE-2017-6280",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6280"
},
{
"name": "CVE-2017-8281",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8281"
},
{
"name": "CVE-2017-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0837"
},
{
"name": "CVE-2017-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14895"
},
{
"name": "CVE-2017-11045",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11045"
},
{
"name": "CVE-2017-11030",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11030"
},
{
"name": "CVE-2017-13162",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13162"
},
{
"name": "CVE-2017-13168",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13168"
},
{
"name": "CVE-2017-14916",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14916"
},
{
"name": "CVE-2017-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14898"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0876"
},
{
"name": "CVE-2017-11006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11006"
},
{
"name": "CVE-2017-0874",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0874"
},
{
"name": "CVE-2017-11007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11007"
},
{
"name": "CVE-2017-6263",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6263"
},
{
"name": "CVE-2017-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8244"
},
{
"name": "CVE-2016-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5341"
},
{
"name": "CVE-2017-9718",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9718"
},
{
"name": "CVE-2017-13154",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13154"
},
{
"name": "CVE-2017-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14900"
},
{
"name": "CVE-2016-4429",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4429"
},
{
"name": "CVE-2017-11043",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11043"
},
{
"name": "CVE-2017-13161",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13161"
}
],
"initial_release_date": "2017-12-05T00:00:00",
"last_revision_date": "2017-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-449",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android .\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 04 d\u00e9cembre 2017",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 04 d\u00e9cembre 2017",
"url": "https://source.android.com/security/bulletin/2017-12-01"
}
]
}
CERTFR-2017-AVI-311
Vulnerability from certfr_avis - Published: 2017-09-20 - Updated: 2017-09-20
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Point of Sale 11-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 11-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Point of Sale 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8831"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-10661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10661"
},
{
"name": "CVE-2017-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12762"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-14051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14051"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2016-10200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10200"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2017-1000112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-7184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7184"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-09-20T00:00:00",
"last_revision_date": "2017-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20172525-1 du 19 septembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1/"
}
],
"reference": "CERTFR-2017-AVI-311",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20172525-1 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-249
Vulnerability from certfr_avis - Published: 2017-08-07 - Updated: 2017-08-10
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP1 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud 6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2636"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-8797",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8797"
}
],
"initial_release_date": "2017-08-07T00:00:00",
"last_revision_date": "2017-08-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2092-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172092-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2093-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172093-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2064-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172064-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2067-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172067-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2088-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172088-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2070-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172070-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2114-1 du 09 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172114-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2042-1 du 04 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172042-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2103-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172103-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2069-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172069-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2062-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172062-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2043-1 du 04 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172043-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2095-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172095-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2099-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172099-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2096-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172096-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2089-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172089-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2100-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172100-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2074-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172074-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2066-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172066-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2072-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172072-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2049-1 du 04 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172049-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2068-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172068-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2046-1 du 04 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172046-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2091-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172091-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2060-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172060-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2098-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172098-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2065-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172065-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2063-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172063-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2094-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172094-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2061-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172061-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2102-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172102-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2073-1 du 07 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172073-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2090-1 du 08 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172090-1/"
}
],
"reference": "CERTFR-2017-AVI-249",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-08-07T00:00:00.000000"
},
{
"description": "ajout des bulletins de s\u00e9curit\u00e9 Suse du 07 ao\u00fbt 2017.",
"revision_date": "2017-08-08T00:00:00.000000"
},
{
"description": "ajout des bulletins de s\u00e9curit\u00e9 Suse du 08 ao\u00fbt 2017.",
"revision_date": "2017-08-09T00:00:00.000000"
},
{
"description": "ajout du bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2114-1 du 09 ao\u00fbt 2017.",
"revision_date": "2017-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2069-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2093-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2060-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2103-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2064-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2091-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2074-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2065-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2099-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2042-1 du 04 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2090-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2072-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2068-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2062-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2073-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2043-1 du 04 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2066-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2049-1 du 04 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2070-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2061-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2098-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2095-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2094-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2096-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2063-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2092-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2114-1 du 09 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2046-1 du 04 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2100-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2067-1 du 07 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2088-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2089-1 du 08 ao\u00fbt 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2102-1 du 08 ao\u00fbt 2017",
"url": null
}
]
}
CERTFR-2017-AVI-247
Vulnerability from certfr_avis - Published: 2017-08-04 - Updated: 2017-08-16
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 17.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10810"
}
],
"initial_release_date": "2017-08-04T00:00:00",
"last_revision_date": "2017-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-247",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-08-04T00:00:00.000000"
},
{
"description": "ajout de deux nouveaux bulletins publi\u00e9s par l\u0027\u00e9diteur pour un probl\u00e8me de regression.",
"revision_date": "2017-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027 Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3377-2 du 03 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3377-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3377-1 du 03 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3377-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3392-2 du 16 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3392-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3392-1 du 16 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3392-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3378-2 du 03 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3378-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3378-1 du 03 ao\u00fbt 2017",
"url": "https://usn.ubuntu.com/usn/usn-3378-1/"
}
]
}
CERTFR-2017-AVI-282
Vulnerability from certfr_avis - Published: 2017-09-05 - Updated: 2017-09-05
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2636"
},
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2016-4997",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2016-10200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10200"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2014-9922",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9922"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2015-3288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3288"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2016-4998",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4998"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2016-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2188"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-7184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7184"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2015-8970",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8970"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-09-05T00:00:00",
"last_revision_date": "2017-09-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2342-1 du 04 septembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172342-1/"
}
],
"reference": "CERTFR-2017-AVI-282",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2342-1 du 04 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-277
Vulnerability from certfr_avis - Published: 2017-08-30 - Updated: 2017-08-30
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8831"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10810"
},
{
"name": "CVE-2017-1000112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
},
{
"name": "CVE-2017-1000111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
},
{
"name": "CVE-2017-7541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7541"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
}
],
"initial_release_date": "2017-08-30T00:00:00",
"last_revision_date": "2017-08-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2286-1 du 29 ao\u00fbt 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172286-1/"
}
],
"reference": "CERTFR-2017-AVI-277",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-08-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2286-1 du 29 ao\u00fbt 2017",
"url": null
}
]
}
CERTFR-2017-AVI-337
Vulnerability from certfr_avis - Published: 2017-10-11 - Updated: 2017-10-11
Une vulnérabilité a été découverte dans le noyau Linux de RedHat . Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.2 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.2 ppc64le |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - AUS 7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.2 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
}
],
"initial_release_date": "2017-10-11T00:00:00",
"last_revision_date": "2017-10-11T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le noyau Linux de RedHat . Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2017:2869 du 10 octobre 2017",
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
}
]
}
CERTFR-2017-AVI-400
Vulnerability from certfr_avis - Published: 2017-11-09 - Updated: 2017-11-09
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-14106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14106"
},
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8831"
},
{
"name": "CVE-2017-14051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14051"
},
{
"name": "CVE-2017-1000251",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000251"
},
{
"name": "CVE-2017-11472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11472"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10810"
},
{
"name": "CVE-2017-12154",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12154"
},
{
"name": "CVE-2017-1000112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
},
{
"name": "CVE-2017-1000252",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000252"
},
{
"name": "CVE-2017-1000111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
},
{
"name": "CVE-2017-7541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7541"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-7518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7518"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-12134",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12134"
}
],
"initial_release_date": "2017-11-09T00:00:00",
"last_revision_date": "2017-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-400",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:2956-1 du 8 novembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172956-1/"
}
]
}
CERTFR-2017-AVI-288
Vulnerability from certfr_avis - Published: 2017-09-11 - Updated: 2017-09-11
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2014-9922",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9922"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2016-10277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10277"
}
],
"initial_release_date": "2017-09-11T00:00:00",
"last_revision_date": "2017-09-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2389-1 du 08 septembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/"
}
],
"reference": "CERTFR-2017-AVI-288",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2389-1 du 08 septembre 2017",
"url": null
}
]
}
CNVD-2017-27462
Vulnerability from cnvd - Published: 2017-09-19
VLAI Severity ?
Title
Linux kernel拒绝服务漏洞(CNVD-2017-27462)
Description
Linux kernel是一款开源的操作系统。
Linux kernel fsnotify实现中存在竞争条件漏洞,允许本地攻击者利用漏洞提交特制的请求,进行拒绝服务攻击。
Severity
中
Patch Name
Linux kernel拒绝服务漏洞(CNVD-2017-27462)的补丁
Patch Description
Linux kernel是一款开源的操作系统。
Linux kernel fsnotify实现中存在竞争条件漏洞,允许本地攻击者利用漏洞提交特制的请求,进行拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1468283
Impacted products
| Name | Linux Kernel >3.14-rc1,<4.12 |
|---|
{
"bids": {
"bid": {
"bidNumber": "100123"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-7533"
}
},
"description": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux kernel fsnotify\u5b9e\u73b0\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"discovererName": "Fan Wu and Shixiong Zhao",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-27462",
"openTime": "2017-09-19",
"patchDescription": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux kernel fsnotify\u5b9e\u73b0\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-27462\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Kernel \u003e3.14-rc1\uff0c\u003c4.12"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283",
"serverity": "\u4e2d",
"submitTime": "2017-08-07",
"title": "Linux kernel\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-27462\uff09"
}
FKIE_CVE-2017-7533
Vulnerability from fkie_nvd - Published: 2017-08-05 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2017/08/03/2 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2017/dsa-3927 | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2017/dsa-3945 | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/06/27/7 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/06/28/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2019/06/28/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/100123 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1039075 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2473 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2585 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2669 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2770 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2869 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1468283 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://patchwork.kernel.org/patch/9755753/ | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://patchwork.kernel.org/patch/9755757/ | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://source.android.com/security/bulletin/2017-12-01 | Third Party Advisory | |
| secalert@redhat.com | https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/08/03/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3927 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3945 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/06/27/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/06/28/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/06/28/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100123 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039075 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2473 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2585 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2669 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2770 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2869 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1468283 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://patchwork.kernel.org/patch/9755753/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://patchwork.kernel.org/patch/9755757/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.android.com/security/bulletin/2017-12-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92869CCB-E9ED-4079-8754-0E8BFFC7A607",
"versionEndExcluding": "3.16.47",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226BE74E-0154-4F65-B5DC-E4C7AA03D270",
"versionEndExcluding": "3.18.64",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13528C00-9A5F-4D0D-9BA4-FE4613F5C0AE",
"versionEndExcluding": "4.4.80",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26275761-EE66-4513-A2C7-DEB0432414CB",
"versionEndExcluding": "4.9.41",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17029DFF-1DBB-4776-BC98-7B7D48008881",
"versionEndExcluding": "4.12.5",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
},
{
"lang": "es",
"value": "Una condici\u00f3n de carrera en la implementaci\u00f3n de fsnotify en el kernel de Linux hasta la versi\u00f3n 4.12.4, permite a los usuarios locales alcanzar privilegios o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una aplicaci\u00f3n creada que aprovecha la ejecuci\u00f3n simult\u00e1nea de las funciones inotify_handle_event y vfs_rename."
}
],
"id": "CVE-2017-7533",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T16:29:00.180",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-7533
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7533",
"description": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"id": "GSD-2017-7533",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7533.html",
"https://www.debian.org/security/2017/dsa-3945",
"https://www.debian.org/security/2017/dsa-3927",
"https://access.redhat.com/errata/RHSA-2017:2869",
"https://access.redhat.com/errata/RHSA-2017:2770",
"https://access.redhat.com/errata/RHSA-2017:2669",
"https://access.redhat.com/errata/RHSA-2017:2585",
"https://access.redhat.com/errata/RHSA-2017:2473",
"https://ubuntu.com/security/CVE-2017-7533",
"https://alas.aws.amazon.com/cve/html/CVE-2017-7533.html",
"https://linux.oracle.com/cve/CVE-2017-7533.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7533"
],
"details": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"id": "GSD-2017-7533",
"modified": "2023-12-13T01:21:07.171392Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.12.4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel through 4.12.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "race condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "http://openwall.com/lists/oss-security/2017/08/03/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"name": "http://www.debian.org/security/2017/dsa-3927",
"refsource": "MISC",
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"name": "http://www.debian.org/security/2017/dsa-3945",
"refsource": "MISC",
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/06/27/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/06/28/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/06/28/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "http://www.securityfocus.com/bid/100123",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/100123"
},
{
"name": "http://www.securitytracker.com/id/1039075",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1039075"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2473",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2585",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2770",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2869",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"name": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "https://patchwork.kernel.org/patch/9755753/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"name": "https://patchwork.kernel.org/patch/9755757/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"name": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.18.64",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.16.47",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.80",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.41",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.12.5",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7533"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchwork.kernel.org/patch/9755757/",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755757/"
},
{
"name": "https://patchwork.kernel.org/patch/9755753/",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.kernel.org/patch/9755753/"
},
{
"name": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"name": "http://openwall.com/lists/oss-security/2017/08/03/2",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "1039075",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039075"
},
{
"name": "100123",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100123"
},
{
"name": "DSA-3945",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name": "DSA-3927",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "RHSA-2017:2869",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"name": "RHSA-2017:2770",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2585",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"name": "RHSA-2017:2473",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-06-21T15:57Z",
"publishedDate": "2017-08-05T16:29Z"
}
}
}
GHSA-679H-84CH-2WH9
Vulnerability from github – Published: 2022-05-14 03:53 – Updated: 2025-04-20 03:42
VLAI?
Details
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Severity ?
7.0 (High)
{
"affected": [],
"aliases": [
"CVE-2017-7533"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-05T16:29:00Z",
"severity": "HIGH"
},
"details": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"id": "GHSA-679h-84ch-2wh9",
"modified": "2025-04-20T03:42:05Z",
"published": "2022-05-14T03:53:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7533"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-7533"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"type": "WEB",
"url": "https://patchwork.kernel.org/patch/9755753"
},
{
"type": "WEB",
"url": "https://patchwork.kernel.org/patch/9755757"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100123"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039075"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…