The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Micro Focus SUSE Linux Enterprise Server

computer vulnerability bulletin CVE-2017-12193

Linux kernel: NULL pointer dereference via assoc_array_apply_edit

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, VIGILANCE-VUL-24308.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-2923 CVE-2017-2924

FreeXL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FreeXL.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 18/09/2017.
Identifiers: CVE-2017-2923, CVE-2017-2924, DLA-1098-1, DSA-3976-1, FEDORA-2017-6679a0a2e1, FEDORA-2017-b7e6e4cfc1, openSUSE-SU-2017:2537-1, openSUSE-SU-2017:2539-1, VIGILANCE-VUL-23848.

Description of the vulnerability

Several vulnerabilities were announced in FreeXL.

An attacker can generate a buffer overflow via read_biff_next_record(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-2923]

An attacker can generate a buffer overflow via read_legacy_biff(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-2924]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-0781 CVE-2017-0782 CVE-2017-0783

Bluetooth Drivers: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 2/4.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CERTFR-2017-AVI-400, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, SUSE-SU-2017:2956-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, VIGILANCE-VUL-23818, VU#240311.

Description of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers:
 - Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
 - Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
 - Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
 - Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
 - Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
 - iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10

This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

PostgreSQL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PostgreSQL.
Impacted products: Debian, Fedora, openSUSE Leap, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 10/08/2017.
Identifiers: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548, DLA-1051-1, DSA-3935-1, DSA-3936-1, FEDORA-2017-9148fe36b9, FEDORA-2017-d9cac37bd8, FEDORA-2017-f9e66916ec, openSUSE-SU-2017:2306-1, openSUSE-SU-2017:2391-1, openSUSE-SU-2017:2392-1, RHSA-2017:2677-01, RHSA-2017:2678-01, RHSA-2017:2728-01, RHSA-2017:2860-01, SUSE-SU-2017:2236-1, SUSE-SU-2017:2258-1, SUSE-SU-2017:2355-1, SUSE-SU-2017:2356-1, USN-3390-1, VIGILANCE-VUL-23493.

Description of the vulnerability

Several vulnerabilities were announced in PostgreSQL.

An attacker can bypass security features via Libpq Empty Passwords, in order to escalate his privileges. [severity:2/4; CVE-2017-7546]

An attacker can bypass security features via pg_user_mappings.umoptions, in order to obtain sensitive information. [severity:2/4; CVE-2017-7547]

An attacker can bypass security features via lo_put(), in order to escalate his privileges. [severity:2/4; CVE-2017-7548]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-7541

Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.

Description of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-11142 CVE-2017-11143 CVE-2017-11144

PHP: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 05/07/2017.
Identifiers: 73807, 74145, 74651, 74819, CERTFR-2017-AVI-204, CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11146-REJECT, DLA-1034-1, DSA-4080-1, DSA-4081-1, FEDORA-2017-5ade380ab2, FEDORA-2017-b674dc22ad, FEDORA-2017-b8bb4b86e2, openSUSE-SU-2017:2337-1, openSUSE-SU-2017:2366-1, SUSE-SU-2017:2303-1, USN-3382-1, USN-3382-2, VIGILANCE-VUL-23133.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a memory corruption via an ill formed X.509 certificate, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 74651, CVE-2017-11144]

An attacker can read a memory fragment via php_parse_date(), in order to obtain sensitive information. [severity:1/4; 74819, CVE-2017-11145, CVE-2017-11146-REJECT]

An attacker can trigger server overload with POST requests over 2Mb. [severity:1/4; 73807, CVE-2017-11142]

An attacker can trigger a wrong memory free which leads to a fatal exception. [severity:2/4; 74145, CVE-2017-11143]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5203 CVE-2016-5204 CVE-2016-5205

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Identifiers: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-1000367 CVE-2017-1000368

sudo: privilege escalation via the parsing of /proc/pid/stat

Synthesis of the vulnerability

A local attacker can tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Impacted products: Debian, Fedora, Junos Space, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, Sudo, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, InterScan Messaging Security Suite, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 30/05/2017.
Revision date: 15/06/2017.
Identifiers: 1117723, CERTFR-2017-AVI-238, CERTFR-2017-AVI-365, CVE-2017-1000367, CVE-2017-1000368, DLA-1011-1, DLA-970-1, DSA-3867-1, FEDORA-2017-54580efa82, FEDORA-2017-8b250ebe97, FEDORA-2017-facd994774, JSA10824, JSA10826, openSUSE-SU-2017:1455-1, openSUSE-SU-2017:1697-1, RHSA-2017:1381-01, RHSA-2017:1382-01, RHSA-2017:1574-01, SB10205, SSA:2017-150-01, SUSE-SU-2017:1446-1, SUSE-SU-2017:1450-1, SUSE-SU-2017:1626-1, SUSE-SU-2017:1627-1, SUSE-SU-2017:1778-1, Synology-SA-17:19, USN-3304-1, VIGILANCE-VUL-22865.

Description of the vulnerability

The sudo product looks for its controlling tty.

Fot that, it reads the file /proc/pid/stat. However, the parsing of this file is wrong. An attacker can tamper with the program path to make sudo write into any file with root privileges.

A local attacker can therefore tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-1000380

Linux kernel: information disclosure via snd_timer_user_read

Synthesis of the vulnerability

A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-440, CVE-2017-1000380, DLA-1099-1, DSA-3981-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, RHSA-2017:3295-01, RHSA-2017:3315-01, RHSA-2017:3322-01, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22954.

Description of the vulnerability

In the Linux kernel, the ALSA subsystem manages sound devices.

However, the function snd_timer_user_read does not initialize a memory area before returning it to the user in an ioctl call.

A local attacker can therefore read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-9524

QEMU: denial of service against the Network Block Device server

Synthesis of the vulnerability

An attacker can start NBD connexions to QEMU, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/06/2017.
Identifiers: CVE-2017-9524, DSA-3920-1, DSA-3925-1, FEDORA-2017-b7f1197c23, openSUSE-SU-2017:2941-1, RHSA-2017:1681-01, SUSE-SU-2017:2936-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22953.

Description of the vulnerability

QEMU includes a "Network Block Device" server, which emulates a kind a remote raw disk.

However, when the NBS signalling is aborted at connexion time, a data structure becomes invalid, which leads to the use of an invalid pointer and a fatal exception.

An attacker can therefore start NBD connexions to QEMU, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Micro Focus SUSE Linux Enterprise Server: