Red Hat says: Red Hat does not provide technical details about this vulnerability, which means that it is still possible to find and exploit the vulnerability. Red Hat recommends that all customers take action to help protect against this vulnerability. Critical Red Hat Enterprise Linux 7 v2 releases and Red Hat Enterprise Linux 6 v2.6.32 releases contain a vulnerability in Oracle VM VirtualBox that can be exploited to create a Denial of Service condition. An attacker can create a malicious virtual machine that suspends processes when they interact with Oracle VM VirtualBox. Critical CVE-2016-3672 Red Hat Enterprise Linux 7 v2 and v3, Red Hat Enterprise Linux 6 v2.6.32, Red Hat Enterprise Linux 6 v2.6.18, Red Hat Enterprise Linux 5 v5.7.8, Red Hat Enterprise Linux 5 v5.6.11, Red Hat Enterprise Linux 5 v5.5.17, Red Hat Enterprise Linux 5 v5.4.14, Red Hat Enterprise Linux 5 v5.3.10, Red Hat Enterprise Linux 5 v5.0.5, Red Hat Enterprise Linux 5 v4.14.15, Red Hat Enterprise Linux 4 v4.14.8, Red Hat Enterprise Linux 4 v4.9.8, Red Hat Enterprise Linux 4 v4.7.4, Red Hat Enterprise Linux 4 v4.6.7, Red Hat Enterprise Linux 4 v4.5.5, Red Hat Enterprise Linux 4 v

Critical Red Hat Enterprise Linux 7 v3 Releases and Earlier

Red Hat Enterprise Linux 7 v3 releases and earlier are not affected by this vulnerability.

Critical Vulnerability in Red Hat Enterprise Linux 6

"Red Hat says: Red Hat does not provide technical details about this vulnerability, which means that it is still possible to find and exploit the vulnerability."
So, Red Hat doesn't want to share any information about the vulnerability. But they do say "it is still possible to find and exploit the vulnerability." And they recommend taking action (which includes installing the fix) to help protect against this vulnerability.

Technical Details

Critical: CVE-2016-3672 Red Hat Enterprise Linux 7 v2, Red Hat Enterprise Linux 6 v2.6.32, Red Hat Enterprise Linux 6 v2.6.18, Red Hat Enterprise Linux 5 v5.7.8, Red Hat Enterprise Linux 5 v5.6.11, Red Hat Enterprise Linux 5 v5.4.14, Red Hat Enterprise Linux 5 v5.3.10, Red Hat Enterprise Linux 5 v5.0.5,
Lesser: CVE-2017-5558
Red Hat also recommends these actions as part of its response to this vulnerability:
Update your system with the latest available packages and security errata from the RHSA profile page
Disabling Oracle VM VirtualBox service

Important Apache Tomcat Servlet CVEs

CVE-2014-0227 Apache Tomcat
A vulnerability in Apache Tomcat allows an attacker to cause a denial-of-service condition.
CVE-2014-0245 Apache Tomcat
A vulnerability in Apache Tomcat allows an attacker to bypass authentication and access restricted resources.
CVE-2016-0763 Apache Tomcat
A vulnerability in Apache Tomcat allows an attacker to remotely read system memory, including the realm's password hash that is used for authentication.
Never miss another blog post! Subscribe now!

How to find affected version?

Red Hat Enterprise Linux 5 v5.7.8 and Red Hat Enterprise Linux 5 v5.6.11, Red Hat Enterprise Linux 5 v5.4.14, Red Hat Enterprise Linux 5 v5.3.10, Red Hat Enterprise Linux 5 v5.0.5, and Red Hat Enterprise Linux 4 v4.9.8 are vulnerable to CVE-2016-3672 (Denial of Service).

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References