CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b http://rhn.redhat.com/errata/RHSA-2016-2670.html http://rhn.redhat.com/errata/RHSA-2016-2671.html http://rhn.redhat.com/errata/RHSA-2016-2704.html http://rhn.redhat.com/errata/RHSA-2016-2705.html http://rhn.redhat.com/errata/RHSA-2016-2706.html http://rhn.redhat.com/errata/RHSA-2017-0083.html http://rhn.redhat.com/errata/RHSA-2017-0309.html http://rhn.redhat.com/errata/RHSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2015-5229 – glibc: calloc may return non-zero memory
https://notcve.org/view.php?id=CVE-2015-5229
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. La función calloc en el paquete glibc en Red Hat Enterprise Linux (RHEL) 6.7 y 7.2 no inicializa adecuadamente áreas de memoria, lo que podría permitir a atacantes dependientes de contexto provocar una denegación de servicio (colgado o caída) a través de vectores no especificados. It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. • http://rhn.redhat.com/errata/RHSA-2016-0176.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/84172 https://bugzilla.redhat.com/show_bug.cgi?id=1246713 https://bugzilla.redhat.com/show_bug.cgi?id=1256285 https://bugzilla.redhat.com/show_bug.cgi?id=1293976 https://kc.mcafee.com/corporate/index?page=content&id=SB10150 https://access.redhat.com/security/cve/CVE-2015-5229 • CWE-17: DEPRECATED: Code •
CVE-2016-2047 – mysql: ssl-validate-cert incorrect hostname check
https://notcve.org/view.php?id=CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." La función ssl_verify_server_cert en sql-common/client.c en MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10; Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores; y Percona Server no verifica correctamente que el nombre de host del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o en el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middlesuplantar servidores SSL a través de una cadena "/CN=" en un campo en un certificado, según lo demostrado por "/OU=/CN=bar.com/CN=foo.com". It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http: • CWE-254: 7PK - Security Features CWE-295: Improper Certificate Validation •
CVE-2016-0600 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0600
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores no conocidos relacionados con InnoDB. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http: •
CVE-2016-0504 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0504
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2016-0503. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81077 http://www.securitytracker.com/id/1034708 http://www.ubuntu.com/usn/USN-2881-1 https://access.redhat.com/security/cve/CVE-2016-0504 https://bugzilla.redhat.com/show_bug.cgi •