Vulnerabilities

 307 via 307 paths

Dependencies

 117

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 oracle:7
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 3
  • 102
  • 182
  • 20
Status
  • 307
  • 0
  • 0

critical severity

Out-of-bounds Write

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.67.0-4.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Remediation

Upgrade Oracle:7 nss to version 0:3.67.0-4.el7_9 or higher.
This issue was patched in ELSA-2021-4904.

References

Out-of-bounds Write vulnerability report

critical severity

Out-of-bounds Write

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.67.0-4.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.67.0-4.el7_9 or higher.
This issue was patched in ELSA-2021-4904.

References

Out-of-bounds Write vulnerability report

critical severity

Out-of-bounds Write

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.67.0-4.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.67.0-4.el7_9 or higher.
This issue was patched in ELSA-2021-4904.

References

Out-of-bounds Write vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-54.0.5.el7_7.2

Detailed paths

  • Introduced through: openjdk@12 curl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Remediation

Upgrade Oracle:7 curl to version 0:7.29.0-54.0.5.el7_7.2 or higher.
This issue was patched in ELSA-2020-5562.

References

Out-of-bounds Write vulnerability report

high severity

Exposure of Resource to Wrong Sphere

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Exposure of Resource to Wrong Sphere vulnerability report

high severity

Improper Encoding or Escaping of Output

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Improper Encoding or Escaping of Output vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Buffer Overflow

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-325.0.3.ksplice1.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Oracle:7 glibc to version 2:2.17-325.0.3.ksplice1.el7_9 or higher.
This issue was patched in ELSA-2022-9421.

References

Buffer Overflow vulnerability report

high severity

Buffer Overflow

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-325.0.3.ksplice1.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Oracle:7 glibc to version 2:2.17-325.0.3.ksplice1.el7_9 or higher.
This issue was patched in ELSA-2022-9421.

References

Buffer Overflow vulnerability report

high severity

Buffer Overflow

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-325.0.3.ksplice1.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Oracle:7 glibc-common to version 2:2.17-325.0.3.ksplice1.el7_9 or higher.
This issue was patched in ELSA-2022-9421.

References

Buffer Overflow vulnerability report

high severity

Buffer Overflow

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-325.0.3.ksplice1.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Oracle:7 glibc-common to version 2:2.17-325.0.3.ksplice1.el7_9 or higher.
This issue was patched in ELSA-2022-9421.

References

Buffer Overflow vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-54.0.5.el7_7.2

Detailed paths

  • Introduced through: openjdk@12 libcurl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcurl package and not the libcurl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Remediation

Upgrade Oracle:7 libcurl to version 0:7.29.0-54.0.5.el7_7.2 or higher.
This issue was patched in ELSA-2020-5562.

References

Out-of-bounds Write vulnerability report

high severity

CVE-2024-56171

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.5.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.5.el7_9.6 or higher.
This issue was patched in ELSA-2025-2673.

References

CVE-2024-56171 vulnerability report

high severity

CVE-2024-56171

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.5.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.5.el7_9.6 or higher.
This issue was patched in ELSA-2025-2673.

References

CVE-2024-56171 vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Integer Overflow or Wraparound vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Out-of-Bounds vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Out-of-bounds Write vulnerability report

high severity

CVE-2025-6965

  • Vulnerable module: sqlite
  • Introduced through: sqlite@3.7.17-8.el7
  • Fixed in: 0:3.7.17-8.0.1.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 sqlite@3.7.17-8.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite package and not the sqlite package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Remediation

Upgrade Oracle:7 sqlite to version 0:3.7.17-8.0.1.el7_9.1 or higher.
This issue was patched in ELSA-2025-12349.

References

CVE-2025-6965 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: freetype
  • Introduced through: freetype@2.8-12.el7_6.1
  • Fixed in: 0:2.8-14.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 freetype@2.8-12.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Oracle:7 freetype to version 0:2.8-14.el7_9.1 or higher.
This issue was patched in ELSA-2020-4907.

References

Out-of-bounds Write vulnerability report

high severity

Expired Pointer Dereference

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Expired Pointer Dereference vulnerability report

high severity

Out-of-bounds Read

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Out-of-bounds Read vulnerability report

high severity

Expired Pointer Dereference

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Expired Pointer Dereference vulnerability report

high severity

Out-of-bounds Read

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Out-of-bounds Read vulnerability report

high severity

Improper Validation of Integrity Check Value

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-55.0.7.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-55.0.7.el7_9 or higher.
This issue was patched in ELSA-2024-8788.

References

Improper Validation of Integrity Check Value vulnerability report

high severity

SQL Injection

  • Vulnerable module: cyrus-sasl-lib
  • Introduced through: cyrus-sasl-lib@2.1.26-23.el7
  • Fixed in: 0:2.1.26-24.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 cyrus-sasl-lib@2.1.26-23.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cyrus-sasl-lib package and not the cyrus-sasl-lib package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Remediation

Upgrade Oracle:7 cyrus-sasl-lib to version 0:2.1.26-24.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-0666.

References

SQL Injection vulnerability report

high severity

Incorrect Calculation

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Incorrect Calculation vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-14.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-14.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-1069.

References

Integer Overflow or Wraparound vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: gzip
  • Introduced through: gzip@1.5-10.el7
  • Fixed in: 0:1.5-11.el7_9

Detailed paths

  • Introduced through: openjdk@12 gzip@1.5-10.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Oracle:7 gzip to version 0:1.5-11.el7_9 or higher.
This issue was patched in ELSA-2022-2191.

References

Improper Input Validation vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-55.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-55.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-8640.

References

Integer Overflow or Wraparound vulnerability report

high severity

CVE-2023-0767

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.79.0-5.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Remediation

Upgrade Oracle:7 nss to version 0:3.79.0-5.el7_9 or higher.
This issue was patched in ELSA-2023-1332.

References

CVE-2023-0767 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-8.0.1.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.44.0-8.0.1.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-8.0.1.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.44.0-8.0.1.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

CVE-2023-0767

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.79.0-5.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.79.0-5.el7_9 or higher.
This issue was patched in ELSA-2023-1332.

References

CVE-2023-0767 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

CVE-2023-0767

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.79.0-5.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.79.0-5.el7_9 or higher.
This issue was patched in ELSA-2023-1332.

References

CVE-2023-0767 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.44.0-4.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.44.0-4.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-bounds Write vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: sqlite
  • Introduced through: sqlite@3.7.17-8.el7
  • Fixed in: 0:3.7.17-8.el7_7.1

Detailed paths

  • Introduced through: openjdk@12 sqlite@3.7.17-8.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite package and not the sqlite package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Oracle:7 sqlite to version 0:3.7.17-8.el7_7.1 or higher.
This issue was patched in ELSA-2020-0227.

References

Out-of-bounds Write vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: xz-libs
  • Introduced through: xz-libs@5.2.2-1.el7
  • Fixed in: 0:5.2.2-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 xz-libs@5.2.2-1.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream xz-libs package and not the xz-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Oracle:7 xz-libs to version 0:5.2.2-2.el7_9 or higher.
This issue was patched in ELSA-2022-5052.

References

Improper Input Validation vulnerability report

high severity

CVE-2016-9840

  • Vulnerable module: zlib
  • Introduced through: zlib@1.2.7-18.el7
  • Fixed in: 0:1.2.7-21.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 zlib@1.2.7-18.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Remediation

Upgrade Oracle:7 zlib to version 0:1.2.7-21.0.1.el7_9 or higher.
This issue was patched in ELSA-2025-8314.

References

CVE-2016-9840 vulnerability report

high severity

Use After Free

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-15.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-15.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-6834.

References

Use After Free vulnerability report

high severity

CVE-2025-27363

  • Vulnerable module: freetype
  • Introduced through: freetype@2.8-12.el7_6.1
  • Fixed in: 0:2.8-14.0.1.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 freetype@2.8-12.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Remediation

Upgrade Oracle:7 freetype to version 0:2.8-14.0.1.el7_9.1 or higher.
This issue was patched in ELSA-2025-3395.

References

CVE-2025-27363 vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-12.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-12.0.1.el7 or higher.
This issue was patched in ELSA-2022-9227.

References

Integer Overflow or Wraparound vulnerability report

high severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.9.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.9.el7_9.6 or higher.
This issue was patched in ELSA-2025-13464.

References

Use After Free vulnerability report

high severity

Use After Free

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.9.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.9.el7_9.6 or higher.
This issue was patched in ELSA-2025-13464.

References

Use After Free vulnerability report

high severity

CVE-2025-24928

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.5.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.5.el7_9.6 or higher.
This issue was patched in ELSA-2025-2673.

References

CVE-2025-24928 vulnerability report

high severity

CVE-2025-24928

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.5.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.5.el7_9.6 or higher.
This issue was patched in ELSA-2025-2673.

References

CVE-2025-24928 vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-12.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-12.0.1.el7 or higher.
This issue was patched in ELSA-2022-9227.

References

Integer Overflow or Wraparound vulnerability report

high severity

Incorrect Conversion between Numeric Types

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-4.el7_6
  • Fixed in: 0:2.56.1-9.el7_9

Detailed paths

  • Introduced through: openjdk@12 glib2@2.56.1-4.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2 package and not the glib2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Remediation

Upgrade Oracle:7 glib2 to version 0:2.56.1-9.el7_9 or higher.
This issue was patched in ELSA-2021-2147.

References

Incorrect Conversion between Numeric Types vulnerability report

high severity

Uncontrolled Recursion

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-50.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-50.0.1.el7 or higher.
This issue was patched in ELSA-2021-9294.

References

Uncontrolled Recursion vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Out-of-bounds Write vulnerability report

high severity

Unchecked Return Value

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Unchecked Return Value vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Out-of-bounds Write vulnerability report

high severity

Unchecked Return Value

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.7.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.7.el7_9.6 or higher.
This issue was patched in ELSA-2025-12240.

References

Unchecked Return Value vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-8.0.1.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.44.0-8.0.1.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-8.0.1.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.44.0-8.0.1.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-7.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.44.0-7.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Out-of-Bounds

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.44.0-4.el7_7

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.44.0-4.el7_7 or higher.
This issue was patched in ELSA-2019-4190.

References

Out-of-Bounds vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Improper Input Validation vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Integer Overflow or Wraparound vulnerability report

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 10:1.0.2k-22.el7_9_fips

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade Oracle:7 openssl-libs to version 10:1.0.2k-22.el7_9_fips or higher.
This issue was patched in ELSA-2021-9528.

References

Integer Overflow or Wraparound vulnerability report

high severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 1:1.0.2k-24.0.3.el7_9

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Remediation

Upgrade Oracle:7 openssl-libs to version 1:1.0.2k-24.0.3.el7_9 or higher.
This issue was patched in ELSA-2022-9224.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

high severity

Memory Leak

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Memory Leak vulnerability report

high severity

Numeric Errors

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Numeric Errors vulnerability report

high severity

Numeric Errors

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Numeric Errors vulnerability report

high severity

Out-of-bounds Read

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Out-of-bounds Read vulnerability report

high severity

Resource Management Errors

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Resource Management Errors vulnerability report

high severity

Resource Management Errors

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Resource Management Errors vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-93.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-93.0.1.el7_9 or higher.
This issue was patched in ELSA-2023-3555.

References

Improper Input Validation vulnerability report

high severity

Improper Input Validation

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-93.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-93.0.1.el7_9 or higher.
This issue was patched in ELSA-2023-3555.

References

Improper Input Validation vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: zlib
  • Introduced through: zlib@1.2.7-18.el7
  • Fixed in: 0:1.2.7-20.el7_9

Detailed paths

  • Introduced through: openjdk@12 zlib@1.2.7-18.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Remediation

Upgrade Oracle:7 zlib to version 0:1.2.7-20.el7_9 or higher.
This issue was patched in ELSA-2022-2213.

References

Out-of-bounds Write vulnerability report

high severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 1:1.0.2k-26.el7_9

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Remediation

Upgrade Oracle:7 openssl-libs to version 1:1.0.2k-26.el7_9 or higher.
This issue was patched in ELSA-2023-1335.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report

high severity

Information Exposure

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.5 or higher.
This issue was patched in ELSA-2016-3556.

References

Information Exposure vulnerability report

high severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 1:1.0.2k-21.ksplice1.el7_9

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Remediation

Upgrade Oracle:7 openssl-libs to version 1:1.0.2k-21.ksplice1.el7_9 or higher.
This issue was patched in ELSA-2021-9121.

References

NULL Pointer Dereference vulnerability report

high severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 10:1.0.2k-22.el7_9_fips

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade Oracle:7 openssl-libs to version 10:1.0.2k-22.el7_9_fips or higher.
This issue was patched in ELSA-2021-9528.

References

NULL Pointer Dereference vulnerability report

high severity

Out-of-bounds Read

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Out-of-bounds Read vulnerability report

high severity

Information Exposure

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.7 or higher.
This issue was patched in ELSA-2016-3621.

References

Information Exposure vulnerability report

high severity

CVE-2023-40217

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-94.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-94.0.1.el7_9 or higher.
This issue was patched in ELSA-2023-6885.

References

CVE-2023-40217 vulnerability report

high severity

CVE-2023-40217

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-94.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-94.0.1.el7_9 or higher.
This issue was patched in ELSA-2023-6885.

References

CVE-2023-40217 vulnerability report

high severity

CVE-2024-2961

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-2961 vulnerability report

high severity

CVE-2024-33599

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.9.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-326.0.9.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33599 vulnerability report

high severity

CVE-2024-33600

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33600 vulnerability report

high severity

CVE-2024-33601

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33601 vulnerability report

high severity

CVE-2024-33602

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.9.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-326.0.9.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33602 vulnerability report

high severity

CVE-2024-2961

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-2961 vulnerability report

high severity

CVE-2024-33599

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33599 vulnerability report

high severity

CVE-2024-33600

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.6.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-326.0.6.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33600 vulnerability report

high severity

CVE-2024-33601

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.9.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-326.0.9.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33601 vulnerability report

high severity

CVE-2024-33602

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-326.0.9.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-326.0.9.el7_9.3 or higher.
This issue was patched in ELSA-2024-3588.

References

CVE-2024-33602 vulnerability report

high severity

ELSA-2016-3523

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-51.ksplice1.el7_2.4

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-51.ksplice1.el7_2.4 or higher.
This issue was patched in ELSA-2016-3523.

References

ELSA-2016-3523 vulnerability report

high severity

ELSA-2018-4077

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.2k-12.0.1.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.2k-12.0.1.ksplice1.el7 or higher.
This issue was patched in ELSA-2018-4077.

References

ELSA-2018-4077 vulnerability report

high severity

ELSA-2018-4253

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.2k-12.0.3.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.2k-12.0.3.ksplice1.el7 or higher.
This issue was patched in ELSA-2018-4253.

References

ELSA-2018-4253 vulnerability report

high severity

ELSA-2018-4267

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.2k-16.0.1.ksplice1.el7 or higher.
This issue was patched in ELSA-2018-4267.

References

ELSA-2018-4267 vulnerability report

high severity

ELSA-2019-4581

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.2k-16.0.1.ksplice1.el7_6.1 or higher.
This issue was patched in ELSA-2019-4581.

References

ELSA-2019-4581 vulnerability report

medium severity

Incorrect Default Permissions

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-4.el7_6
  • Fixed in: 0:2.56.1-7.el7

Detailed paths

  • Introduced through: openjdk@12 glib2@2.56.1-4.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2 package and not the glib2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Remediation

Upgrade Oracle:7 glib2 to version 0:2.56.1-7.el7 or higher.
This issue was patched in ELSA-2020-3978.

References

Incorrect Default Permissions vulnerability report

medium severity

Out-of-Bounds

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.3.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.3.el7_9.6 or higher.
This issue was patched in ELSA-2021-3810.

References

Out-of-Bounds vulnerability report

medium severity

Out-of-Bounds

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.3.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.3.el7_9.6 or higher.
This issue was patched in ELSA-2021-3810.

References

Out-of-Bounds vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Input Validation vulnerability report

medium severity

Buffer Overflow

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Buffer Overflow vulnerability report

medium severity

Buffer Overflow

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Buffer Overflow vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: zlib
  • Introduced through: zlib@1.2.7-18.el7
  • Fixed in: 0:1.2.7-21.el7_9

Detailed paths

  • Introduced through: openjdk@12 zlib@1.2.7-18.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Remediation

Upgrade Oracle:7 zlib to version 0:1.2.7-21.el7_9 or higher.
This issue was patched in ELSA-2023-1095.

References

Out-of-bounds Write vulnerability report

medium severity

CVE-2024-37371

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-55.0.3.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-55.0.3.el7_9 or higher.
This issue was patched in ELSA-2024-5076.

References

CVE-2024-37371 vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.3-12.0.1.el7_6.3
  • Fixed in: 0:1.8.0-3.el7

Detailed paths

  • Introduced through: openjdk@12 libssh2@1.4.3-12.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Remediation

Upgrade Oracle:7 libssh2 to version 0:1.8.0-3.el7 or higher.
This issue was patched in ELSA-2019-2136.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.3-12.0.1.el7_6.3
  • Fixed in: 0:1.8.0-3.el7

Detailed paths

  • Introduced through: openjdk@12 libssh2@1.4.3-12.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Remediation

Upgrade Oracle:7 libssh2 to version 0:1.8.0-3.el7 or higher.
This issue was patched in ELSA-2019-2136.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Directory Traversal

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

Directory Traversal vulnerability report

medium severity

Directory Traversal

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

Directory Traversal vulnerability report

medium severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Use After Free vulnerability report

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.3-12.0.1.el7_6.3
  • Fixed in: 0:1.8.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 libssh2@1.4.3-12.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Remediation

Upgrade Oracle:7 libssh2 to version 0:1.8.0-4.el7 or higher.
This issue was patched in ELSA-2020-3915.

References

Integer Overflow or Wraparound vulnerability report

medium severity

Missing Authorization

  • Vulnerable module: bash
  • Introduced through: bash@4.2.46-31.el7
  • Fixed in: 0:4.2.46-34.el7

Detailed paths

  • Introduced through: openjdk@12 bash@4.2.46-31.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Remediation

Upgrade Oracle:7 bash to version 0:4.2.46-34.el7 or higher.
This issue was patched in ELSA-2020-1113.

References

Missing Authorization vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-59.0.1.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 curl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Remediation

Upgrade Oracle:7 curl to version 0:7.29.0-59.0.1.el7_9.1 or higher.
This issue was patched in ELSA-2020-5002.

References

Arbitrary Code Injection vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.42.9-13.el7
  • Fixed in: 0:1.45.4-3.0.7.el7

Detailed paths

  • Introduced through: openjdk@12 libcom_err@1.42.9-13.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcom_err package and not the libcom_err package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Remediation

Upgrade Oracle:7 libcom_err to version 0:1.45.4-3.0.7.el7 or higher.
This issue was patched in ELSA-2024-12730.

References

Out-of-bounds Read vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-59.0.1.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 libcurl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcurl package and not the libcurl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Remediation

Upgrade Oracle:7 libcurl to version 0:7.29.0-59.0.1.el7_9.1 or higher.
This issue was patched in ELSA-2020-5002.

References

Arbitrary Code Injection vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-12.el7

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-12.el7 or higher.
This issue was patched in ELSA-2020-3952.

References

Out-of-bounds Read vulnerability report

medium severity

XML External Entity (XXE) Injection

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-12.el7

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-12.el7 or higher.
This issue was patched in ELSA-2020-3952.

References

XML External Entity (XXE) Injection vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.2.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-322.0.2.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Write vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.2.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-322.0.2.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Write vulnerability report

medium severity

CVE-2024-37370

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-55.0.3.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-55.0.3.el7_9 or higher.
This issue was patched in ELSA-2024-5076.

References

CVE-2024-37370 vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.42.9-13.el7
  • Fixed in: 0:1.42.9-19.el7

Detailed paths

  • Introduced through: openjdk@12 libcom_err@1.42.9-13.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcom_err package and not the libcom_err package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Oracle:7 libcom_err to version 0:1.42.9-19.el7 or higher.
This issue was patched in ELSA-2020-4011.

References

Out-of-bounds Write vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.3-12.0.1.el7_6.3
  • Fixed in: 0:1.8.0-4.el7_9.1

Detailed paths

  • Introduced through: openjdk@12 libssh2@1.4.3-12.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

Remediation

Upgrade Oracle:7 libssh2 to version 0:1.8.0-4.el7_9.1 or higher.
This issue was patched in ELSA-2023-5615.

References

Out-of-bounds Write vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Memory Leak

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Memory Leak vulnerability report

medium severity

Memory Leak

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Memory Leak vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

NULL Pointer Dereference vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.11.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.11.el7_9.6 or higher.
This issue was patched in ELSA-2025-13789.

References

Out-of-bounds Read vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Memory Leak

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Memory Leak vulnerability report

medium severity

Memory Leak

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.5

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.5 or higher.
This issue was patched in ELSA-2020-3996.

References

Memory Leak vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

NULL Pointer Dereference vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.11.el7_9.6

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.11.el7_9.6 or higher.
This issue was patched in ELSA-2025-13789.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-7.el7_9 or higher.
This issue was patched in ELSA-2021-1384.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-7.el7_9 or higher.
This issue was patched in ELSA-2021-1384.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-7.el7_9 or higher.
This issue was patched in ELSA-2021-1384.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Out-of-bounds Read vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-23.el7_9

Detailed paths

  • Introduced through: openjdk@12 openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

Remediation

Upgrade Oracle:7 openldap to version 0:2.4.44-23.el7_9 or higher.
This issue was patched in ELSA-2021-1389.

References

NULL Pointer Dereference vulnerability report

medium severity

Reachable Assertion

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-25.el7_9

Detailed paths

  • Introduced through: openjdk@12 openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Oracle:7 openldap to version 0:2.4.44-25.el7_9 or higher.
This issue was patched in ELSA-2022-0621.

References

Reachable Assertion vulnerability report

medium severity

Reachable Assertion

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-25.el7_9

Detailed paths

  • Introduced through: openjdk@12 openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Oracle:7 openldap to version 0:2.4.44-25.el7_9 or higher.
This issue was patched in ELSA-2022-0621.

References

Reachable Assertion vulnerability report

medium severity

Uncontrolled Recursion

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-22.el7

Detailed paths

  • Introduced through: openjdk@12 openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Remediation

Upgrade Oracle:7 openldap to version 0:2.4.44-22.el7 or higher.
This issue was patched in ELSA-2020-4041.

References

Uncontrolled Recursion vulnerability report

medium severity

CVE-2019-16056

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-88.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-88.0.1.el7 or higher.
This issue was patched in ELSA-2020-1131.

References

CVE-2019-16056 vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-90.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-90.0.1.el7 or higher.
This issue was patched in ELSA-2020-5009.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Missing Initialization of Resource

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

Missing Initialization of Resource vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

NULL Pointer Dereference vulnerability report

medium severity

CVE-2019-16056

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-88.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-88.0.1.el7 or higher.
This issue was patched in ELSA-2020-1131.

References

CVE-2019-16056 vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-90.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-90.0.1.el7 or higher.
This issue was patched in ELSA-2020-5009.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Missing Initialization of Resource

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

Missing Initialization of Resource vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

NULL Pointer Dereference vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 10:1.0.2k-23.0.1.el7_9_fips

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Remediation

Upgrade Oracle:7 openssl-libs to version 10:1.0.2k-23.0.1.el7_9_fips or higher.
This issue was patched in ELSA-2022-9023.

References

Out-of-bounds Read vulnerability report

medium severity

CVE-2019-14866

  • Vulnerable module: cpio
  • Introduced through: cpio@2.11-27.el7
  • Fixed in: 0:2.11-28.el7

Detailed paths

  • Introduced through: openjdk@12 cpio@2.11-27.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cpio package and not the cpio package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Remediation

Upgrade Oracle:7 cpio to version 0:2.11-28.el7 or higher.
This issue was patched in ELSA-2020-3908.

References

CVE-2019-14866 vulnerability report

medium severity

Out-of-Bounds

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.el7_3
  • Fixed in: 0:2.1.0-11.el7

Detailed paths

  • Introduced through: openjdk@12 expat@2.1.0-10.el7_3

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Remediation

Upgrade Oracle:7 expat to version 0:2.1.0-11.el7 or higher.
This issue was patched in ELSA-2020-1011.

References

Out-of-Bounds vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Arbitrary Code Injection vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Arbitrary Code Injection vulnerability report

medium severity

Missing Authorization

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-4.el7_6
  • Fixed in: 0:2.56.1-7.el7

Detailed paths

  • Introduced through: openjdk@12 glib2@2.56.1-4.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2 package and not the glib2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

Remediation

Upgrade Oracle:7 glib2 to version 0:2.56.1-7.el7 or higher.
This issue was patched in ELSA-2020-3978.

References

Missing Authorization vulnerability report

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm
  • Introduced through: rpm@4.11.3-35.el7
  • Fixed in: 0:4.11.3-48.el7_9

Detailed paths

  • Introduced through: openjdk@12 rpm@4.11.3-35.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream rpm package and not the rpm package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Oracle:7 rpm to version 0:4.11.3-48.el7_9 or higher.
This issue was patched in ELSA-2021-4785.

References

Insufficient Verification of Data Authenticity vulnerability report

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.11.3-35.el7
  • Fixed in: 0:4.11.3-48.el7_9

Detailed paths

  • Introduced through: openjdk@12 rpm-build-libs@4.11.3-35.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream rpm-build-libs package and not the rpm-build-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Oracle:7 rpm-build-libs to version 0:4.11.3-48.el7_9 or higher.
This issue was patched in ELSA-2021-4785.

References

Insufficient Verification of Data Authenticity vulnerability report

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.11.3-35.el7
  • Fixed in: 0:4.11.3-48.el7_9

Detailed paths

  • Introduced through: openjdk@12 rpm-libs@4.11.3-35.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream rpm-libs package and not the rpm-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Oracle:7 rpm-libs to version 0:4.11.3-48.el7_9 or higher.
This issue was patched in ELSA-2021-4785.

References

Insufficient Verification of Data Authenticity vulnerability report

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm-python
  • Introduced through: rpm-python@4.11.3-35.el7
  • Fixed in: 0:4.11.3-48.el7_9

Detailed paths

  • Introduced through: openjdk@12 rpm-python@4.11.3-35.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream rpm-python package and not the rpm-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Oracle:7 rpm-python to version 0:4.11.3-48.el7_9 or higher.
This issue was patched in ELSA-2021-4785.

References

Insufficient Verification of Data Authenticity vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.42.9-13.el7
  • Fixed in: 0:1.42.9-19.el7

Detailed paths

  • Introduced through: openjdk@12 libcom_err@1.42.9-13.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcom_err package and not the libcom_err package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Oracle:7 libcom_err to version 0:1.42.9-19.el7 or higher.
This issue was patched in ELSA-2020-4011.

References

Out-of-bounds Write vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-51.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-51.0.1.el7_9 or higher.
This issue was patched in ELSA-2021-4788.

References

NULL Pointer Dereference vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Authentication vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Arbitrary Code Injection vulnerability report

medium severity

Arbitrary Code Injection

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-92.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-92.0.1.el7_9 or higher.
This issue was patched in ELSA-2022-5235.

References

Arbitrary Code Injection vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: libgcc
  • Introduced through: libgcc@4.8.5-36.0.1.el7_6.2
  • Fixed in: 0:4.8.5-45.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 libgcc@4.8.5-36.0.1.el7_6.2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcc package and not the libgcc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Remediation

Upgrade Oracle:7 libgcc to version 0:4.8.5-45.0.1.el7_9 or higher.
This issue was patched in ELSA-2025-1601.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: libstdc++
  • Introduced through: libstdc++@4.8.5-36.0.1.el7_6.2
  • Fixed in: 0:4.8.5-45.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 libstdc++@4.8.5-36.0.1.el7_6.2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libstdc++ package and not the libstdc++ package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Remediation

Upgrade Oracle:7 libstdc++ to version 0:4.8.5-45.0.1.el7_9 or higher.
This issue was patched in ELSA-2025-1601.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

CRLF Injection

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

CRLF Injection vulnerability report

medium severity

CRLF Injection

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

CRLF Injection vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-89.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-89.0.1.el7 or higher.
This issue was patched in ELSA-2020-3911.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

CRLF Injection

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

CRLF Injection vulnerability report

medium severity

CRLF Injection

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-86.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-86.0.1.el7 or higher.
This issue was patched in ELSA-2019-2030.

References

CRLF Injection vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-89.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-89.0.1.el7 or higher.
This issue was patched in ELSA-2020-3911.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.2.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-322.0.2.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Read vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.2.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-322.0.2.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Read vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.21.0-1.el7

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nspr to version 0:4.21.0-1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-5.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.44.0-5.0.1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-5.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.44.0-5.0.1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

CVE-2018-12404

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.44.0-3.el7

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.44.0-3.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

CVE-2018-12404 vulnerability report

medium severity

Information Exposure

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 1:1.0.2k-19.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Remediation

Upgrade Oracle:7 openssl-libs to version 1:1.0.2k-19.0.1.el7 or higher.
This issue was patched in ELSA-2019-2304.

References

Information Exposure vulnerability report

medium severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 1:1.0.2k-19.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Remediation

Upgrade Oracle:7 openssl-libs to version 1:1.0.2k-19.0.1.el7 or higher.
This issue was patched in ELSA-2019-2304.

References

Use of a Broken or Risky Cryptographic Algorithm vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.2.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-322.0.2.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Write vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-322.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-322.0.1.el7_9 or higher.
This issue was patched in ELSA-2021-0348.

References

Out-of-bounds Write vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-292.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-292.0.1.el7 or higher.
This issue was patched in ELSA-2019-2118.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-292.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-292.0.1.el7 or higher.
This issue was patched in ELSA-2019-2118.

References

Improper Input Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

CVE-2020-6829

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

CVE-2020-6829 vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Improper Certificate Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: python
  • Introduced through: python@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-88.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python package and not the python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

Remediation

Upgrade Oracle:7 python to version 0:2.7.5-88.0.1.el7 or higher.
This issue was patched in ELSA-2020-1131.

References

Improper Input Validation vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-80.0.1.el7_6
  • Fixed in: 0:2.7.5-88.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 python-libs@2.7.5-80.0.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

Remediation

Upgrade Oracle:7 python-libs to version 0:2.7.5-88.0.1.el7 or higher.
This issue was patched in ELSA-2020-1131.

References

Improper Input Validation vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.21.0-1.el7

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nspr to version 0:4.21.0-1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-5.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.44.0-5.0.1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.44.0-5.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.44.0-5.0.1.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.44.0-4.el7

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.44.0-4.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.44.0-3.el7

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.44.0-3.el7 or higher.
This issue was patched in ELSA-2019-2237.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nspr
  • Introduced through: nspr@4.19.0-1.el7_5
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: openjdk@12 nspr@4.19.0-1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nspr package and not the nspr package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nspr to version 0:4.25.0-2.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss
  • Introduced through: nss@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss package and not the nss package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn package and not the nss-softokn package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss-softokn to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.36.0-5.0.1.el7_5
  • Fixed in: 0:3.53.1-6.0.1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-softokn-freebl@3.36.0-5.0.1.el7_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-softokn-freebl package and not the nss-softokn-freebl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss-softokn-freebl to version 0:3.53.1-6.0.1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-sysinit@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-sysinit package and not the nss-sysinit package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.36.0-7.1.el7_6
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-tools@3.36.0-7.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-tools package and not the nss-tools package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.36.0-1.1.el7_6
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: openjdk@12 nss-util@3.36.0-1.1.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream nss-util package and not the nss-util package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Remediation

Upgrade Oracle:7 nss-util to version 0:3.53.1-1.el7_9 or higher.
This issue was patched in ELSA-2020-4076.

References

Information Exposure vulnerability report

medium severity

Improper Authentication

  • Vulnerable module: shared-mime-info
  • Introduced through: shared-mime-info@1.8-4.el7
  • Fixed in: 0:1.8-5.el7

Detailed paths

  • Introduced through: openjdk@12 shared-mime-info@1.8-4.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream shared-mime-info package and not the shared-mime-info package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

Remediation

Upgrade Oracle:7 shared-mime-info to version 0:1.8-5.el7 or higher.
This issue was patched in ELSA-2020-1021.

References

Improper Authentication vulnerability report

medium severity

Resource Management Errors

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Remediation

Upgrade Oracle:7 libxml2 to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Resource Management Errors vulnerability report

medium severity

Resource Management Errors

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.0.1.el7_2.3
  • Fixed in: 0:2.9.1-6.0.1.el7.4

Detailed paths

  • Introduced through: openjdk@12 libxml2-python@2.9.1-6.0.1.el7_2.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2-python package and not the libxml2-python package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Remediation

Upgrade Oracle:7 libxml2-python to version 0:2.9.1-6.0.1.el7.4 or higher.
This issue was patched in ELSA-2020-1190.

References

Resource Management Errors vulnerability report

medium severity

CVE-2025-4802

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-326.0.11.ksplice1.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Upgrade Oracle:7 glibc to version 2:2.17-326.0.11.ksplice1.el7_9.3 or higher.
This issue was patched in ELSA-2025-20596.

References

CVE-2025-4802 vulnerability report

medium severity

ELSA-2019-4753

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-292.0.1.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 glibc to version 2:2.17-292.0.1.ksplice1.el7 or higher.
This issue was patched in ELSA-2019-4753.

References

ELSA-2019-4753 vulnerability report

medium severity

CVE-2025-4802

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-326.0.11.ksplice1.el7_9.3

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Upgrade Oracle:7 glibc-common to version 2:2.17-326.0.11.ksplice1.el7_9.3 or higher.
This issue was patched in ELSA-2025-20596.

References

CVE-2025-4802 vulnerability report

medium severity

ELSA-2019-4753

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 2:2.17-292.0.1.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 glibc-common to version 2:2.17-292.0.1.ksplice1.el7 or higher.
This issue was patched in ELSA-2019-4753.

References

ELSA-2019-4753 vulnerability report

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-37.el7_6
  • Fixed in: 0:1.15.1-55.0.9.el7_9

Detailed paths

  • Introduced through: openjdk@12 krb5-libs@1.15.1-37.el7_6

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Remediation

Upgrade Oracle:7 krb5-libs to version 0:1.15.1-55.0.9.el7_9 or higher.
This issue was patched in ELSA-2025-1352.

References

Integer Overflow or Wraparound vulnerability report

medium severity

ELSA-2017-3518

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.1e-60.ksplice1.el7_3.1

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.1e-60.ksplice1.el7_3.1 or higher.
This issue was patched in ELSA-2017-3518.

References

ELSA-2017-3518 vulnerability report

medium severity

ELSA-2019-4754

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-16.0.1.el7_6.1
  • Fixed in: 2:1.0.2k-19.0.1.ksplice1.el7

Detailed paths

  • Introduced through: openjdk@12 openssl-libs@1:1.0.2k-16.0.1.el7_6.1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Oracle:7 openssl-libs to version 2:1.0.2k-19.0.1.ksplice1.el7 or higher.
This issue was patched in ELSA-2019-4754.

References

ELSA-2019-4754 vulnerability report

low severity

Double Free

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Double Free vulnerability report

low severity

Improper Input Validation

  • Vulnerable module: libpng
  • Introduced through: libpng@2:1.5.13-7.el7_2
  • Fixed in: 2:1.5.13-8.el7

Detailed paths

  • Introduced through: openjdk@12 libpng@2:1.5.13-7.el7_2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng package and not the libpng package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

Remediation

Upgrade Oracle:7 libpng to version 2:1.5.13-8.el7 or higher.
This issue was patched in ELSA-2020-3901.

References

Improper Input Validation vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-54.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 curl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

Remediation

Upgrade Oracle:7 curl to version 0:7.29.0-54.0.1.el7 or higher.
This issue was patched in ELSA-2019-2181.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-54.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 libcurl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcurl package and not the libcurl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

Remediation

Upgrade Oracle:7 libcurl to version 0:7.29.0-54.0.1.el7 or higher.
This issue was patched in ELSA-2019-2181.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Write

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-57.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 curl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Remediation

Upgrade Oracle:7 curl to version 0:7.29.0-57.0.1.el7 or higher.
This issue was patched in ELSA-2020-1020.

References

Out-of-bounds Write vulnerability report

low severity

Out-of-bounds Write

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-57.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 libcurl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcurl package and not the libcurl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Remediation

Upgrade Oracle:7 libcurl to version 0:7.29.0-57.0.1.el7 or higher.
This issue was patched in ELSA-2020-1020.

References

Out-of-bounds Write vulnerability report

low severity

Out-of-Bounds

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-Bounds vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: file-libs
  • Introduced through: file-libs@5.11-35.el7
  • Fixed in: 0:5.11-36.el7

Detailed paths

  • Introduced through: openjdk@12 file-libs@5.11-35.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream file-libs package and not the file-libs package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Remediation

Upgrade Oracle:7 file-libs to version 0:5.11-36.el7 or higher.
This issue was patched in ELSA-2020-1022.

References

Out-of-bounds Read vulnerability report

low severity

Use After Free

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-59.0.3.el7_9.2

Detailed paths

  • Introduced through: openjdk@12 curl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Remediation

Upgrade Oracle:7 curl to version 0:7.29.0-59.0.3.el7_9.2 or higher.
This issue was patched in ELSA-2023-7743.

References

Use After Free vulnerability report

low severity

Use After Free

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-51.0.1.el7_6.3
  • Fixed in: 0:7.29.0-59.0.3.el7_9.2

Detailed paths

  • Introduced through: openjdk@12 libcurl@7.29.0-51.0.1.el7_6.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcurl package and not the libcurl package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Remediation

Upgrade Oracle:7 libcurl to version 0:7.29.0-59.0.3.el7_9.2 or higher.
This issue was patched in ELSA-2023-7743.

References

Use After Free vulnerability report

low severity

Divide By Zero

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Divide By Zero vulnerability report

low severity

Out-of-Bounds

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-Bounds vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Read

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Read vulnerability report

low severity

Out-of-bounds Write

  • Vulnerable module: elfutils-libelf
  • Introduced through: elfutils-libelf@0.172-2.el7
  • Fixed in: 0:0.176-2.el7

Detailed paths

  • Introduced through: openjdk@12 elfutils-libelf@0.172-2.el7

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils-libelf package and not the elfutils-libelf package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

Remediation

Upgrade Oracle:7 elfutils-libelf to version 0:0.176-2.el7 or higher.
This issue was patched in ELSA-2019-2197.

References

Out-of-bounds Write vulnerability report

low severity

Improper Initialization

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-317.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Remediation

Upgrade Oracle:7 glibc to version 0:2.17-317.0.1.el7 or higher.
This issue was patched in ELSA-2020-3861.

References

Improper Initialization vulnerability report

low severity

Improper Initialization

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-260.0.17.el7_6.6
  • Fixed in: 0:2.17-317.0.1.el7

Detailed paths

  • Introduced through: openjdk@12 glibc-common@2.17-260.0.17.el7_6.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Remediation

Upgrade Oracle:7 glibc-common to version 0:2.17-317.0.1.el7 or higher.
This issue was patched in ELSA-2020-3861.

References

Improper Initialization vulnerability report