The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

vulnerability note CVE-2015-2059

curl: information disclosure via libidn

Synthesis of the vulnerability

An attacker can retrieve a memory fragment from a process using libcurl, in order to get sensitive information.
Impacted products: cURL, Fedora, openSUSE.
Severity: 1/4.
Creation date: 02/07/2015.
Revision date: 07/07/2015.
Identifiers: CVE-2015-2059, FEDORA-2015-11562, FEDORA-2015-11621, openSUSE-SU-2015:1261-1, VIGILANCE-VUL-17294.

Description of the vulnerability

The URLs passed to libcurl functions may include non US-ASCII characters.

The handling of non US-ASCII characters in domain names is delegated to the libidn library. However, some functions from this library do not check whether the passed byte sequences are valid UTF-8 encoding. In the invalid case, the functions may include in the conversion output the content of the memory following the input buffer that should be an UTF-8 byte string. The result will be sent to a DNS server.

An attacker can therefore retrieve a memory fragment from a process using libcurl, in order to get sensitive information.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2015-3908

Ansible: uncomplete X.509 certificate validation

Synthesis of the vulnerability

An attacker can spoof an HTTP over TLS server used by Ansible, since it does not check whether the X.509 certificate match the server name requested at HTTP level.
Impacted products: Ansible Core, Fedora, openSUSE.
Severity: 1/4.
Creation date: 06/07/2015.
Identifiers: CVE-2015-3908, FEDORA-2015-10797, FEDORA-2015-10807, openSUSE-SU-2015:1280-1, VIGILANCE-VUL-17306.

Description of the vulnerability

An attacker can spoof an HTTP over TLS server used by Ansible, since it does not check whether the X.509 certificate match the server name requested at HTTP level.

The bulletin VIGILANCE-VUL-12182 provides additional details about this bug (for another product).

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2014-9645

busybox: bypass of modprobe filter

Synthesis of the vulnerability

A privileged attacker can add path separator to module names, in order to make modprobe of busybox load forbidden modules.
Impacted products: MBS, openSUSE.
Severity: 1/4.
Creation date: 18/06/2015.
Identifiers: 914660, CVE-2014-9645, MDVSA-2015:031, openSUSE-SU-2015:1083-1, VIGILANCE-VUL-17169.

Description of the vulnerability

The busybox product includes an implementation of many Unix system tools, including modprobe for kernel module loading.

Modprobe allows to black-list modules by names. However, the busybox implementation of modprobe does not suitably handles the path separatopr "/".

A privileged attacker can therefore add path separator to module names, in order to make modprobe of busybox load forbidden modules.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2015-4651 CVE-2015-4652

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, openSUSE, Wireshark.
Severity: 1/4.
Creation date: 18/06/2015.
Identifiers: CVE-2015-4651, CVE-2015-4652, DSA-3294-1, openSUSE-SU-2015:1215-1, VIGILANCE-VUL-17166, wnpa-sec-2015-19, wnpa-sec-2015-20.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send a ill formed GSM DTAP packet, in order to trigger a denial of service. [severity:1/4; wnpa-sec-2015-20]

An attacker can send a ill formed WCCP packet, in order to trigger a denial of service. [severity:1/4; wnpa-sec-2015-19]
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2015-3237

curl: information disclosure via SMB

Synthesis of the vulnerability

A attacker who controls a SMB server can read a memory fragment of the client process using curl, in order to obtain sensitive information.
Impacted products: cURL, Fedora, openSUSE, Puppet.
Severity: 1/4.
Creation date: 17/06/2015.
Identifiers: CVE-2015-3237, FEDORA-2015-10155, openSUSE-SU-2015:1135-1, VIGILANCE-VUL-17154.

Description of the vulnerability

The curl product includes an SMB/CIFS client library.

There is a SMB command for wich the server requests the client to send a server specified section of a data area (typically a file). However, the function smb_request_state() from the file "lib/smb.c" does not check whether the requested interval is valid before sending back the content of the corresponding memory area.

A attacker who controls a SMB server can therefore read a memory fragment of the client process using curl, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2015-3216

Redhat OpenSSL: denial of service via locking management

Synthesis of the vulnerability

An attacker can repeatedly connect to a TLS multithread server using the Redhat version of OpenSSL, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 16/06/2015.
Identifiers: 1225994, CVE-2015-3216, openSUSE-SU-2015:1139-1, RHSA-2015:1115-01, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1182-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, VIGILANCE-VUL-17147.

Description of the vulnerability

RedHat modified the upstream OpnSSL code for packaging. It includes a change about locking in multithread applications in the pseudo random number generator.

However, this locking is not suitably done and there are thread interleaving that will allow 2 threads entering in the same critical section, which will lead to the corruption of a pointer and then to a fatal exception of kind SIGSEGV.

An attacker can therefore repeatedly connect to a TLS multithread server using the Redhat version of OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability alert CVE-2015-0202 CVE-2015-0248 CVE-2015-0251

Apache Subversion: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, MBS, openSUSE.
Severity: 2/4.
Creation date: 31/03/2015.
Revision date: 12/06/2015.
Identifiers: CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, DSA-3231-1, FEDORA-2015-11795, MDVSA-2015:192, openSUSE-SU-2015:0672-1, VIGILANCE-VUL-16501.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An attacker can use numerous resources with FSFS, in order to trigger a denial of service. [severity:2/4; CVE-2015-0202]

An attacker can generate an assertion error in mod_dav_svn and svnserve, in order to trigger a denial of service. [severity:2/4; CVE-2015-0248]

An attacker can spoof the svn:author propertywith a specially chosen sequence of WebDAV commands for the version 1 of the protocol implemented by the Apache module mod_dav_svn. [severity:1/4; CVE-2015-0251]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2015-4164

Xen: unreachable memory reading via iret

Synthesis of the vulnerability

An attacker who controls the guest kernel can use a "return from interrupt handler" under Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 12/06/2015.
Identifiers: CERTFR-2015-AVI-255, CTX201145, CVE-2015-4164, DSA-3286-1, FEDORA-2015-10001, FEDORA-2015-9965, FEDORA-2015-9978, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, SUSE-SU-2015:1206-1, VIGILANCE-VUL-17119, XSA-136.

Description of the vulnerability

The machine instruction IRET is privileged, and so any attempt to use it is translated to a call to the hypervisor Xen.

However, the function compat_iret() which emulates this instruction, goes though a loop in the reverse way. This leads to about 2^33 pages faults, the processing of which will make the host server hang.

An attacker who controls the guest kernel can therefore use a "return from interrupt handler" under Xen, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2015-4163

Xen: NULL pointer dereference via the permission table

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in Xen by using a wrong permission table, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 12/06/2015.
Identifiers: CERTFR-2015-AVI-255, CTX201145, CVE-2015-4163, DSA-3286-1, FEDORA-2015-10001, FEDORA-2015-9965, FEDORA-2015-9978, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, VIGILANCE-VUL-17116, XSA-134.

Description of the vulnerability

The use of some functions of Xen is controlled by a permission table.

When a guest system calls a so protected function, the function must control the version of the used table. However, this check is not done for the function GNTTABOP_swap_grant_ref. When the table is not defined or defined with a version other than 2, this function may dereference a NULL pointer, which leads to an error fatal to the whole host.

An attacker who controls the guest kernel can therefore force a NULL pointer to be dereferenced in Xen by using a wrong permission table, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability bulletin CVE-2015-4105

Xen: denial of service via disk exhaustion by logging

Synthesis of the vulnerability

An attacker that have administrator privileges in a guest system can trigger logging of an excessive amount af bus access via Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 1/4.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-242, CERTFR-2015-AVI-255, CTX201145, CVE-2015-4105, DSA-3284-1, DSA-3286-1, FEDORA-2015-9456, FEDORA-2015-9466, FEDORA-2015-9965, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, USN-2630-1, VIGILANCE-VUL-17053, XSA-130.

Description of the vulnerability

The Xen product may be configured to attribute some PCI address ranges to a guest system.

When a bus access is recognized as invalid by Xen, this access may be logged. However, no limit is defined for the amount of log space. So a guest system may exhaust the free space of the host disk.

An attacker that have administrator privileges in a guest system can therefore trigger logging of an excessive amount of bus access via Xen, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: