CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file
https://notcve.org/view.php?id=CVE-2016-7166
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/09/08/15 http://www.openwall.com/lists/oss-security/2016/09/08/18 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92901 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362 https://bugzilla.redhat.com/show_bug.cgi?id=1347086 https://github.com/libarchiv • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
https://notcve.org/view.php?id=CVE-2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-5440 – mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5440
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 10.0.26 y 10.1.x en versiones anteriores a 10.1.15 permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: RBR. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1601.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://rhn.redhat.com/errata/RHSA-2016-1603.html http://rhn.redhat.com/errata/RHSA-2016-1604.html http://rhn.redhat.com/errata/RHSA-2016-1637.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.debian.org/security/2016/dsa-3624 •
CVE-2016-5444 – mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5444
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Server: Connection. • http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid •