The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

computer vulnerability bulletin CVE-2014-1695

OTRS Help Desk: Cross Site Scripting of Mail

Synthesis of the vulnerability

An attacker can send an email to trigger a Cross Site Scripting in OTRS Help Desk, in order to execute JavaScript code in the context of the web site.
Impacted products: MBS, openSUSE, OTRS Help Desk.
Severity: 2/4.
Creation date: 25/02/2014.
Revision date: 27/04/2015.
Identifiers: BID-65844, CVE-2014-1695, MDVSA-2014:054, openSUSE-SU-2014:0360-1, OSA-2014-03, VIGILANCE-VUL-14308.

Description of the vulnerability

The OTRS Help Desk product offers a web service.

However, it does not filter data received by email before inserting them in generated HTML documents.

An attacker can therefore send an email to trigger a Cross Site Scripting in OTRS Help Desk, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (free trial)

vulnerability bulletin CVE-2015-2756

Xen: denial of service via PCI Command Register

Synthesis of the vulnerability

An attacker, located in an x86 HVM guest with a PCI device in PassThrough, can alter the PCI Command Register of Xen, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, Unix (platform).
Severity: 1/4.
Creation date: 31/03/2015.
Identifiers: CERTFR-2015-AVI-130, CVE-2015-2756, DSA-3259-1, FEDORA-2015-5208, FEDORA-2015-5402, openSUSE-SU-2015:0732-1, VIGILANCE-VUL-16503, XSA-126.

Description of the vulnerability

The x86 PCI Command Register contains the Memory-decode and I/O-decode bits.

However, if these bits are disabled for a PCI Express device, an MMIO or input/output port access triggers a Unsupported Request response, which generates a fatal error.

An attacker, located in an x86 HVM guest with a PCI device in PassThrough, can therefore alter the PCI Command Register of Xen, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability announce CVE-2015-2752

Xen: denial of service via XEN_DOMCTL_memory_mapping

Synthesis of the vulnerability

An attacker, located in an x86 HVM guest with a PCI device in PassThrough, can use XEN_DOMCTL_memory_mapping() on Xen, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 1/4.
Creation date: 31/03/2015.
Identifiers: CERTFR-2015-AVI-130, CVE-2015-2752, FEDORA-2015-5208, FEDORA-2015-5402, openSUSE-SU-2015:0732-1, SUSE-SU-2015:0923-1, VIGILANCE-VUL-16502, XSA-125.

Description of the vulnerability

The XEN_DOMCTL_memory_mapping() hypercalls associates a machine input/output address to an HVM address.

However, this hypercall is not preemptible (interruptible if it is waiting).

An attacker, located in an x86 HVM guest with a PCI device in PassThrough, can therefore use XEN_DOMCTL_memory_mapping() on Xen, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2014-9709

libgd, PHP: unreachable memory reading via gd_gif_in.c

Synthesis of the vulnerability

An attacker can force a read at an invalid address in gd_gif_in.c of libgd or PHP, in order to trigger a denial of service.
Impacted products: Debian, MBS, openSUSE, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 24/03/2015.
Identifiers: 68601, CVE-2014-9709, DSA-3215-1, MDVSA-2015:153, openSUSE-SU-2015:0637-1, openSUSE-SU-2015:0644-1, SSA:2015-111-10, SUSE-SU-2015:0868-1, VIGILANCE-VUL-16449.

Description of the vulnerability

The libgd library is used to process images. It is used by PHP.

However, if a GIF image is malformed, the gd_gif_in.c file tries to read a memory area which is not reachable, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in gd_gif_in.c of libgd or PHP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2015-0294

GnuTLS: incoherence of signature algorithms

Synthesis of the vulnerability

An attacker can use an incoherent X.509 certificate with an application linked with GnuTLS, in order to weaken the security level.
Impacted products: Debian, openSUSE, Ubuntu, Unix (platform).
Severity: 1/4.
Creation date: 24/03/2015.
Identifiers: CVE-2015-0294, DSA-3191-1, openSUSE-SU-2015:0622-1, USN-2540-1, VIGILANCE-VUL-16448.

Description of the vulnerability

An X.509 certificate indicates several signature algorithms.

However, GnuTLS does not check if the "signatureAlgorithm.algorithm" and "tbsCertificate.signature.algorithm" are the same.

An attacker can therefore use an incoherent X.509 certificate with an application linked with GnuTLS, in order to weaken the security level.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2015-0295

Qt: denial of service via BMP

Synthesis of the vulnerability

An attacker can invite the user of a Qt application to use a malicious BMP image, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE, Slackware, Unix (platform).
Severity: 2/4.
Creation date: 24/03/2015.
Identifiers: CVE-2015-0295, FEDORA-2015-2886, FEDORA-2015-2895, FEDORA-2015-2897, FEDORA-2015-2901, FEDORA-2015-6925, openSUSE-SU-2015:0573-1, SSA:2015-111-13, VIGILANCE-VUL-16446.

Description of the vulnerability

The Qt product supports images in BMP format.

However, if the color mask is invalid, the read_dib_body() function performs a division by zero.

An attacker can therefore invite the user of a Qt application to use a malicious BMP image, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability announce CVE-2015-2305

Henry Spencer regex, PHP, MySQL: buffer overflow of regcomp

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MySQL Community, MySQL Enterprise, openSUSE, Percona Server, XtraDB Cluster, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform).
Severity: 2/4.
Creation date: 18/03/2015.
Identifiers: CERTFR-2015-AVI-187, CVE-2015-2305, DSA-3195-1, FEDORA-2015-4216, FEDORA-2015-4236, openSUSE-SU-2015:0644-1, SSA:2015-111-10, SUSE-SU-2015:0868-1, USN-2572-1, VIGILANCE-VUL-16412.

Description of the vulnerability

The Henry Spencer regex library implements the support of regular expressions. It is used by PHP and MySQL.

The regcomp() function generates a data structure representing a regular expression.

However, if the size of data is greater than the size of the storage array, an overflow occurs in regcomp().

An attacker can therefore generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2015-1802 CVE-2015-1803 CVE-2015-1804

libXfont: three vulnerabilities of BDF

Synthesis of the vulnerability

An attacker can use several vulnerabilities of BDF of libXfont.
Impacted products: Debian, Fedora, MBS, OpenBSD, openSUSE, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform), XOrg Bundle.
Severity: 2/4.
Creation date: 17/03/2015.
Identifiers: bulletinapr2015, CERTFR-2015-AVI-169, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804, DSA-3194-1, FEDORA-2015-4230, MDVSA-2015:145, MDVSA-2015:145-1, openSUSE-SU-2015:0614-1, SUSE-SU-2015:0674-1, SUSE-SU-2015:0702-1, USN-2536-1, VIGILANCE-VUL-16405.

Description of the vulnerability

Several vulnerabilities were announced in libXfont.

An attacker can generate an integer overflow in bdfReadProperties, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-1802]

An attacker can force a read at an invalid address in bdfReadCharacters, in order to trigger a denial of service. [severity:1/4; CVE-2015-1803]

An attacker can generate an integer overflow in bdfReadCharacters, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-1804]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-8173

Linux kernel: NULL pointer dereference via pmd_none_or_trans_huge_or_clear_bad

Synthesis of the vulnerability

A local attacker can force a NULL pointer to be dereferenced in the pmd_none_or_trans_huge_or_clear_bad() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE, RHEL.
Severity: 1/4.
Creation date: 17/03/2015.
Identifiers: CVE-2014-8173, openSUSE-SU-2015:0714-1, RHSA-2015:0694-01, VIGILANCE-VUL-16398.

Description of the vulnerability

The madvise() system call is used by developers to indicate to the kernel how to manage the memory.

The MADV_WILLNEED parameter indicates that the program will soon need to access to the memory. However, the Page Middle Directory pmd_none_or_trans_huge_or_clear_bad() function does not check if a pointer is NULL, before using it.

A local attacker can therefore force a NULL pointer to be dereferenced in the pmd_none_or_trans_huge_or_clear_bad() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2015-2152

Xen: privilege escalation via VGA Backend

Synthesis of the vulnerability

A local attacker can use the VGA Backend of Xen, in order to access to a guest system.
Impacted products: Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 12/03/2015.
Identifiers: CERTFR-2015-AVI-113, CVE-2015-2152, FEDORA-2015-3721, FEDORA-2015-3944, openSUSE-SU-2015:0732-1, SUSE-SU-2015:0613-1, VIGILANCE-VUL-16384, XSA-119.

Description of the vulnerability

When an HVM x86 qemu guest instantiate an emulated VGA device, a backend is started for SDL or VNC.

However, this backend is started even when the configuration does not indicate "sdl=1" nor "vnc=1". The impact then depends on the qemu-xen compilation method:
 - if qemu-xen is compiled with SDL: a SDL window is opened with $DISPLAY
 - else: a VNC server listens on localhost

A local attacker can therefore use the VGA Backend of Xen, in order to access to a guest system.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: