Security Bulletins

Red Hat Product Security strives to provide the most actionable information to help you make appropriate risk-based decisions. There are vulnerabilities that may require more contextual information to help in the decision-making process, so specialized Security Bulletins are created to offer the best experience and information possible. Here you will fix these bulletins which aggregate information, diagnostic tools, and updates in one easy to understand interface. In addition, when new product releases are made available that have security fixes included, these Security Bulletins will highlight those fixes to assist in decisions about upgrading to newer versions.

A full list of all CVEs affecting Red Hat Products can be found in our CVE Database.

Browse Red Hat CVES
Topic Impact Status Public Date Sort ascending
Kernel slab corruption in the inotify subsystem of the linux Linux kernel - CVE-2017-7533 Important Resolved
Stack Guard Page Circumvention Affecting Multiple Packages Important Resolved
sudo: Privilege escalation via improper get_process_ttyname() parsing Important Resolved
Samba - Loading shared modules from any path in the system leading to Remote Code Execution. - CVE-2017-7494 Important Resolved
openstack-glance API v1 copy_from() has SSRF flaw - CVE-2017-7200 Moderate Resolved
Local kernel privilege escalation in the HDLC TTY line discipline implementation - CVE-2017-2636 Important Resolved
Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - CVE-2017-6074 Important Resolved
On-entry container attack - CVE-2016-9962 Important Resolved
Kernel Local Privilege Escalation "Dirty COW" - CVE-2016-5195 Important Resolved
systemd - Denial of Service Vulnerability Moderate Resolved
HTTPoxy - CGI "HTTP_PROXY" variable name clash Important Resolved
Shared challenge ack vulnerability - CVE-2016-5696 Important Resolved
Director - Default root password set in Overcloud images - CVE-2016-4474 Important Resolved
ImageTragick - ImageMagick Filtering Vulnerability - CVE-2016-3714 Important Resolved
Badlock Security flaw in Samba - CVE-2016-2118 Important Resolved
DROWN - Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800) Important Resolved
glibc stack-based buffer overflow in getaddrinfo (CVE-2015-7547) Critical Resolved
Use after free vulnerability in Linux kernel keychain management (CVE-2016-0728) Important Resolved
Apache commons-collections: Remote code execution during deserialisation (CVE 2015-7501) Critical Resolved
Ghost vulnerability Critical Resolved