The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Etch

vulnerability bulletin CVE-2017-5754

Intel Processors: memory reading via Meltdown

Synthesis of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/01/2018.
Revision date: 05/01/2018.
Identifiers: 2016636, 519675, ADV180002, CERTFR-2018-ALE-001, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-014, CERTFR-2018-AVI-017, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-077, CERTFR-2018-AVI-079, CERTFR-2018-AVI-114, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-208, CERTFR-2018-AVI-225, cisco-sa-20180104-cpusidechannel, cpuapr2019, CTX231390, CTX231399, CTX234679, CVE-2017-5754, DLA-1232-1, DLA-1349-1, DSA-2018-049, DSA-4078-1, DSA-4082-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, FG-IR-18-002, FreeBSD-SA-18:03.speculative_execution, HT208331, HT208334, HT208394, HT208465, JSA10842, JSA10873, K91229003, MBGSA-1801, Meltdown, N1022433, nas8N1022433, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:1623-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0464-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, SA161, SB10226, spectre_meltdown_advisory, SSA-168644, SSA:2018-016-01, SSA:2018-037-01, STORM-2018-001, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:2528-1, Synology-SA-18:01, USN-3516-1, USN-3522-1, USN-3522-2, USN-3522-3, USN-3522-4, USN-3523-1, USN-3523-2, USN-3523-3, USN-3524-1, USN-3524-2, USN-3525-1, USN-3540-1, USN-3540-2, USN-3541-1, USN-3541-2, USN-3583-1, USN-3583-2, USN-3597-1, USN-3597-2, VIGILANCE-VUL-24933, VMSA-2018-0007, VN-2018-001, VN-2018-002, VU#584653, XSA-254.

Description of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14884 CVE-2018-5712

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/01/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-007, CVE-2018-14884, CVE-2018-5712, DLA-1251-1, FEDORA-2018-c4e9207c31, FEDORA-2018-d034538627, openSUSE-SU-2018:0248-1, openSUSE-SU-2018:0318-1, RHSA-2018:1296-01, SSA:2018-034-01, SSA:2018-136-02, SUSE-SU-2018:0806-1, USN-3566-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-24947.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18017

Linux kernel: use after free via tcpmss_mangle_packet

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcpmss_mangle_packet() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2018.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-104, CERTFR-2018-AVI-119, CERTFR-2018-AVI-161, CERTFR-2018-AVI-196, CERTFR-2018-AVI-197, CERTFR-2018-AVI-228, CERTFR-2018-AVI-259, CVE-2017-18017, DLA-1369-1, DSA-4187-1, openSUSE-SU-2018:0408-1, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1130-01, RHSA-2018:1170-01, RHSA-2018:1319-01, RHSA-2018:1737-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0555-1, SUSE-SU-2018:0660-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0841-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:0986-1, USN-3583-1, USN-3583-2, VIGILANCE-VUL-24940.

Description of the vulnerability

An attacker can force the usage of a freed memory area via tcpmss_mangle_packet() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000476

ImageMagick: infinite loop

Synthesis of the vulnerability

An attacker can generate an infinite loop of ImageMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/01/2018.
Identifiers: CVE-2017-1000476, DLA-1229-1, DLA-1785-1, openSUSE-SU-2018:0092-1, openSUSE-SU-2018:1205-1, USN-3681-1, VIGILANCE-VUL-24939.

Description of the vulnerability

An attacker can generate an infinite loop of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-1000445

ImageMagick: NULL pointer dereference via MagickCore

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via MagickCore of ImageMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/01/2018.
Identifiers: CVE-2017-1000445, DLA-1229-1, DLA-1785-1, openSUSE-SU-2018:0092-1, USN-3681-1, VIGILANCE-VUL-24938.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via MagickCore of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000456

Poppler: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: bulletinjan2019, CVE-2017-1000456, DLA-1228-1, DSA-4097-1, FEDORA-2018-048468d7a8, FEDORA-2018-20ba39cba9, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3517-1, VIGILANCE-VUL-24937.

Description of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18013

LibTIFF: NULL pointer dereference via TIFFPrintDirectory

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFPrintDirectory() of LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: 2770, bulletinjan2019, bulletinoct2018, CVE-2017-18013, DLA-1259-1, DLA-1260-1, DSA-4100-1, openSUSE-SU-2018:1834-1, openSUSE-SU-2018:1956-1, SUSE-SU-2018:1472-1, SUSE-SU-2018:1826-1, SUSE-SU-2018:1889-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-24920.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFPrintDirectory() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-17975

Linux kernel: use after free via usbtv_probe

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via usbtv_probe of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-196, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-17975, DSA-4188-1, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3656-1, USN-3657-1, VIGILANCE-VUL-24916.

Description of the vulnerability

An attacker can force the usage of a freed memory area via usbtv_probe of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17997

Wireshark: NULL pointer dereference via MRDISC

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via MRDISC of Wireshark, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Wireshark.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 02/01/2018.
Identifiers: 14299, CVE-2017-17997, DLA-1634-1, openSUSE-SU-2018:0090-1, VIGILANCE-VUL-24915.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via MRDISC of Wireshark, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17914

ImageMagick: infinite loop via ReadOnePNGImage

Synthesis of the vulnerability

An attacker can generate an infinite loop via ReadOnePNGImage() of ImageMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: CVE-2017-17914, DLA-1227-1, DLA-1785-1, openSUSE-SU-2018:0396-1, USN-3681-1, VIGILANCE-VUL-24912.

Description of the vulnerability

An attacker can generate an infinite loop via ReadOnePNGImage() of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Etch: