CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file
https://notcve.org/view.php?id=CVE-2016-7166
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/09/08/15 http://www.openwall.com/lists/oss-security/2016/09/08/18 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92901 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362 https://bugzilla.redhat.com/show_bug.cgi?id=1347086 https://github.com/libarchiv • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-5404 – ipa: Insufficient privileges check in certificate revocation
https://notcve.org/view.php?id=CVE-2016-5404
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. El comando cert_revoke en FreeIPA no realiza comprobaciones para el permiso "certificado de revocación", lo que permite a usuarios remotos autenticados revocar certificados arbitrarios aprovechando el permiso "certificado de recuperación". An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. • http://rhn.redhat.com/errata/RHSA-2016-1797.html http://www.openwall.com/lists/oss-security/2016/08/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92525 https://fedorahosted.org/freeipa/ticket/6232 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4 https://lists.fedorap • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVE-2016-5264 – Mozilla: Use-after-free when applying SVG effects (MFSA 2016-79)
https://notcve.org/view.php?id=CVE-2016-5264
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. Vulnerabilidad de uso después de liberación de memoria en la función nsNodeUtils::NativeAnonymousChildListChange en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria dinámica) a través de un elemento SVG que no se maneja correctamente durante el efecto de la aplicación. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-79.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-416: Use After Free •
CVE-2016-5258 – Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)
https://notcve.org/view.php?id=CVE-2016-5258
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. Vulnerabilidad de uso después de liberación de memoria en el hilo de toma WebRTC en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar código arbitrario aprovechando operaciones incorrectas gratuitas en objetos DTLS durante la desconexión de una sesión WebRTC. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-72.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-416: Use After Free •