The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability alert CVE-2014-0150

Qemu: integer overflow of virtio_net_handle_mac

Synthesis of the vulnerability

An attacker can generate an integer overflow in the virtio_net_handle_mac() function of Qemu, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 16/04/2014.
Identifiers: CVE-2014-0150, DSA-2909-1, DSA-2910-1, FEDORA-2014-15503, FEDORA-2014-15521, FEDORA-2014-5825, MDVSA-2014:220, MDVSA-2015:061, RHSA-2014:0420-01, RHSA-2014:0421-01, RHSA-2014:0434-01, RHSA-2014:0435-01, SUSE-SU-2014:0816-1, USN-2182-1, VIGILANCE-VUL-14606.

Description of the vulnerability

The hw/net/virtio-net.c de Qemu implements network features.

The virtio_net_handle_mac() function, which is reachable via VIRTIO_NET_CTRL_MAC, processes the table of MAC (Ethernet) addresses associated to IP multicast addresses. However, if the number of entries in the MAC table is too large, an addition overflows, and data are copied in a short memory area.

An attacker can therefore generate an integer overflow in the virtio_net_handle_mac() function of Qemu, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2014-2894

Qemu: memory corruption via IDE SMART

Synthesis of the vulnerability

An attacker, located in a guest system, can generate a memory corruption via IDE SMART of Qemu, in order to trigger a denial of service on the host, and possibly to execute code.
Impacted products: Debian, Fedora, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 16/04/2014.
Identifiers: CERTFR-2014-AVI-452, CVE-2014-2894, DSA-2932-1, DSA-2933-1, FEDORA-2014-5825, RHSA-2014:0704-01, RHSA-2014:0743-01, RHSA-2014:0744-01, RHSA-2014:0888-01, SUSE-SU-2014:0816-1, USN-2182-1, VIGILANCE-VUL-14605.

Description of the vulnerability

The hw/ide/core.c file of Qemu implements the support of IDE hard drives.

The cmd_smart() function manages the IDE SMART command. However, in "extended self test" mode, it writes 4 bytes before the beginning of an array.

An attacker, located in a guest system, can therefore generate a memory corruption via IDE SMART of Qemu, in order to trigger a denial of service on the host, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

vulnerability announce CVE-2014-0384 CVE-2014-2419 CVE-2014-2430

MySQL: several vulnerabilities of April 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL were announced in April 2014.
Impacted products: Debian, Fedora, MBS, MySQL Community, MySQL Enterprise, Percona Server, XtraDB Cluster, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 16/04/2014.
Identifiers: CERTFR-2014-AVI-188, cpuapr2014, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2434, CVE-2014-2435, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440, CVE-2014-2442, CVE-2014-2444, CVE-2014-2450, CVE-2014-2451, DSA-2919-1, FEDORA-2014-5369, FEDORA-2014-5393, FEDORA-2014-5396, FEDORA-2014-5409, FEDORA-2014-6120, MDVSA-2014:102, MDVSA-2015:091, RHSA-2014:0522-01, RHSA-2014:0536-01, RHSA-2014:0537-01, RHSA-2014:0702-01, SSA:2014-152-01, SUSE-SU-2014:0769-1, USN-2170-1, VIGILANCE-VUL-14602.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability of InnoDB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-2444]

An attacker can use a vulnerability of RBR, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-2436]

An attacker can use a vulnerability of Client, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-2440]

An attacker can use a vulnerability of DML, in order to trigger a denial of service. [severity:2/4; CVE-2014-2434]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2014-2435]

An attacker can use a vulnerability of MyISAM, in order to trigger a denial of service. [severity:2/4; CVE-2014-2442]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2014-2450]

An attacker can use a vulnerability of Partition, in order to trigger a denial of service. [severity:2/4; CVE-2014-2419]

An attacker can use a vulnerability of XML, in order to trigger a denial of service. [severity:2/4; CVE-2014-0384]

An attacker can use a vulnerability of Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2014-2430]

An attacker can use a vulnerability of Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2014-2451]

An attacker can use a vulnerability of Replication, in order to trigger a denial of service. [severity:2/4; CVE-2014-2438]

An attacker can use a vulnerability of Federated, in order to trigger a denial of service. [severity:1/4; CVE-2014-2432]

An attacker can use a vulnerability of Options, in order to trigger a denial of service. [severity:1/4; CVE-2014-2431]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

Oracle Java: multiple vulnerabilities of April 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, ECC, Fedora, HP-UX, AIX, Tivoli System Automation, WebSphere MQ, Junos Space, Domino, Notes, MBS, ePO, NetIQ Sentinel, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter, VMware vSphere.
Severity: 3/4.
Creation date: 16/04/2014.
Identifiers: 1680562, 1681114, 7014224, BID-64493, c04398922, c04398943, CERTFR-2014-AVI-185, CERTFR-2014-AVI-382, CERTFR-2014-AVI-480, cpuapr2014, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, DSA-2912-1, DSA-2923-1, ESA-2014-044, FEDORA-2014-5277, FEDORA-2014-5280, FEDORA-2014-5290, FEDORA-2014-5336, HPSBUX03091, HPSBUX03092, JSA10659, MDVSA-2014:100, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0406-01, RHSA-2014:0407-01, RHSA-2014:0408-01, RHSA-2014:0412-01, RHSA-2014:0413-02, RHSA-2014:0414-01, RHSA-2014:0486-01, RHSA-2014:0508-01, RHSA-2014:0509-01, RHSA-2014:0675-01, RHSA-2014:0685-01, RHSA-2014:0982-01, SB10072, SSRT101667, SSRT101668, SUSE-SU-2014:0639-1, SUSE-SU-2014:0728-1, SUSE-SU-2014:0728-2, SUSE-SU-2014:0728-3, SUSE-SU-2014:0733-1, SUSE-SU-2014:0733-2, USN-2187-1, USN-2191-1, VIGILANCE-VUL-14599, VMSA-2014-0008, VU#650142, ZDI-14-102, ZDI-14-103, ZDI-14-104, ZDI-14-105, ZDI-14-114.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0429]

An attacker can use a vulnerability of Libraries ScriptEngineManager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0457, ZDI-14-105]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0456, ZDI-14-114]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2421, ZDI-14-102]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2410]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2397]

An attacker can use a vulnerability of Libraries permuteArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0432, ZDI-14-104]

An attacker can use a vulnerability of Libraries DropArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0455, ZDI-14-103]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0461]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0448]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2428]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2412]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0451]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0458]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0452]

An attacker can use a vulnerability of JAXB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2414]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2402]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0446]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0454]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2427]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2422]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2014-2409]

An attacker can use a vulnerability of JNDI, in order to obtain or alter information. [severity:2/4; CVE-2014-0460]

An attacker can create a malicious image, to dereference a NULL pointer in the png_do_expand_palette() function of libpng, in order to trigger a denial of service. (VIGILANCE-VUL-13989). [severity:2/4; BID-64493, CVE-2013-6954, VU#650142]

An attacker can use a vulnerability of AWT, in order to obtain information. [severity:2/4; CVE-2013-6629]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2014-0449]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2014-2403]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2014-2401]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0463]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0464]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2014-0459]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-2413]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-0453]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:1/4; CVE-2014-2398]

A local attacker can create a symbolic link named /tmp/unpack.log, in order to alter the pointed file, with privileges of unpack200 (VIGILANCE-VUL-14196). [severity:1/4; CVE-2014-1876]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-2420]
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2014-2338

strongSwan: bypassing authentication via IKEv2

Synthesis of the vulnerability

An attacker can regenerate keys of strongSwan with IKEv2, in order to bypass the authentication.
Impacted products: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 14/04/2014.
Identifiers: CERTFR-2014-AVI-189, CVE-2014-2338, DSA-2903-1, FEDORA-2014-5231, FEDORA-2014-5238, openSUSE-SU-2014:0697-1, openSUSE-SU-2014:0700-1, SUSE-SU-2014:0529-1, VIGILANCE-VUL-14594.

Description of the vulnerability

The strongSwan product is used to establish a VPN IPsec tunnel with a Linux system.

The rekeying operation generates new keys during a Security Association. However, if an attacker performs a rekeying during the IKEv2 initialization phase, strongSwan automatically skips to the established state, without checking the authentication.

An attacker can therefore regenerate keys of strongSwan with IKEv2, in order to bypass the authentication.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2014-2851

Linux kernel: use after free via ping_init_sock

Synthesis of the vulnerability

A local attacker can use a freed memory area via ping_init_sock() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 11/04/2014.
Identifiers: CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-333, CERTFR-2014-AVI-388, CVE-2014-2851, DSA-2926-1, FEDORA-2014-5235, FEDORA-2014-5609, MDVSA-2014:124, openSUSE-SU-2014:0840-1, openSUSE-SU-2014:0856-1, openSUSE-SU-2014:1246-1, RHSA-2014:0557-01, RHSA-2014:0786-01, RHSA-2014:0981-01, RHSA-2014:1101-01, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2014:1105-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2226-1, USN-2227-1, USN-2228-1, USN-2260-1, VIGILANCE-VUL-14580.

Description of the vulnerability

When a local user creates an ICMP socket, the ping_init_sock() function of the net/ipv4/ping.c file is called.

However, the counter of number of groups is never decremented. When this counter overflows, a memory area is freed, and then used.

A local attacker can therefore use a freed memory area via ping_init_sock() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2014-0077

Linux kernel: buffer overflow of vhost-net handle_rx

Synthesis of the vulnerability

An attacker, privileged in a guest system, can generate a buffer overflow in the handle_rx() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 09/04/2014.
Identifiers: 1064440, CERTFR-2014-AVI-219, CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-388, CVE-2014-0077, FEDORA-2014-4675, FEDORA-2014-4849, MDVSA-2014:124, openSUSE-SU-2014:0840-1, openSUSE-SU-2014:0856-1, openSUSE-SU-2014:1246-1, RHSA-2014:0475-01, RHSA-2014:0593-01, RHSA-2014:0629-01, RHSA-2014:0634-01, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2014:1105-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2226-1, USN-2227-1, USN-2228-1, USN-2260-1, VIGILANCE-VUL-14559.

Description of the vulnerability

The vhost-net driver implements network features in a virtualized environment.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the get_rx_bufs() function of the drivers/vhost/net.c file.

An attacker, privileged in a guest system, can therefore generate a buffer overflow in the handle_rx() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-0055

Linux kernel: denial of service via vhost-net get_rx_bufs

Synthesis of the vulnerability

An attacker, located in a guest system, can generate a network error in vhost-net of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 09/04/2014.
Identifiers: 1062577, CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-256, CERTFR-2014-AVI-388, CVE-2014-0055, FEDORA-2014-4675, FEDORA-2014-4849, openSUSE-SU-2014:0840-1, openSUSE-SU-2014:0856-1, openSUSE-SU-2014:1246-1, RHSA-2014:0328-01, RHSA-2014:0339-01, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2014:1105-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2228-1, USN-2235-1, USN-2236-1, VIGILANCE-VUL-14558.

Description of the vulnerability

The vhost-net driver implements network features in a virtualized environment.

The get_rx_bufs() function of the drivers/vhost/net.c file calls the vhost_get_vq_desc() function. However, if an error occurs in this function, get_rx_bufs() does not detect it, and then a fatal error occurs.

An attacker, located in a guest system, can therefore generate a network error in vhost-net of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2014-0155

Linux kernel: denial of service via KVM ioapic_service

Synthesis of the vulnerability

An attacker, located in a KVM guest, can use the KVM I/O APIC of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 08/04/2014.
Identifiers: CERTFR-2014-AVI-256, CERTFR-2014-AVI-373, CVE-2014-0155, FEDORA-2014-5235, FEDORA-2014-5609, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2239-1, USN-2241-1, USN-2336-1, USN-2337-1, VIGILANCE-VUL-14535.

Description of the vulnerability

The virt/kvm/ioapic.c file of the Linux kernel implements the I/O APIC (Advanced Programmable Interrupt Controller) for KVM.

However, the ioapic_service() function does not correctly initialize a state, which leads to a BUG_ON in ioapic_deliver().

An attacker, located in a KVM guest, can therefore use the KVM I/O APIC of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2014-2706

Linux kernel: NULL pointer dereference via mac80211

Synthesis of the vulnerability

An attacker can dereference a NULL pointer in the mac80211 module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 02/04/2014.
Identifiers: CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-333, CERTFR-2014-AVI-388, CVE-2014-2706, MDVSA-2014:124, openSUSE-SU-2014:1246-1, RHSA-2014:0557-01, RHSA-2014:0981-01, RHSA-2014:1023-01, RHSA-2014:1101-01, SUSE-SU-2014:1105-1, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2227-1, USN-2228-1, VIGILANCE-VUL-14510.

Description of the vulnerability

The mac80211 driver implements the support of WiFi frames.

However, when it exits a sleeping pause, it does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in the mac80211 module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: