The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus SUSE Linux Enterprise Desktop

vulnerability alert CVE-2016-7117

Linux kernel: use after free via recvmmsg

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via an application using recvmmsg() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Creation date: 05/10/2016.
Identifiers: CERTFR-2016-AVI-378, CERTFR-2017-AVI-034, CERTFR-2017-AVI-054, CERTFR-2017-AVI-060, CERTFR-2017-AVI-131, CERTFR-2017-AVI-162, CERTFR-2017-AVI-282, CVE-2016-7117, DSA-3659-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0458-1, RHSA-2016:2962-01, RHSA-2017:0031-01, RHSA-2017:0036-01, RHSA-2017:0065-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, RHSA-2017:0196-01, RHSA-2017:0215-01, RHSA-2017:0216-01, RHSA-2017:0217-01, RHSA-2017:0270-01, SUSE-SU-2016:2976-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:0575-1, SUSE-SU-2017:1102-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3126-1, USN-3126-2, VIGILANCE-VUL-20771.

Description of the vulnerability

The recvmmsg() system call is used to receive several messages on a socket:
  recvmmsg(sockfd, msgvec, vlen, flags, timeout);

However, when an error occurs, while there are less received messages than requested in the vlen parameter, the __sys_recvmmsg() function writes in a freed memory area.

An attacker can therefore force the usage of a freed memory area via an application using recvmmsg() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-7777

Xen: information disclosure via HVM CR0.TS/EM

Synthesis of the vulnerability

An attacker can use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 04/10/2016.
Identifiers: CERTFR-2016-AVI-328, CTX217363, CVE-2016-7777, DLA-699-1, DSA-3729-1, FEDORA-2016-4c407cd849, FEDORA-2016-689f240960, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-20762, XSA-190.

Description of the vulnerability

The Xen product can manage x86 HVM guest systems.

However, an attacker can raise a Device Not Available Exception while CR0.EM or CR0.TS are set, which can be used to read a register of another task on the same VM.

An attacker can therefore use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-7797

Pacemaker: denial of service via pacemaker_remote

Synthesis of the vulnerability

An attacker can connect to the pacemaker_remote port of Pacemaker, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Pacemaker, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 03/10/2016.
Identifiers: 5269, CVE-2016-7797, openSUSE-SU-2016:2965-1, openSUSE-SU-2016:3101-1, RHSA-2016:2578-02, SUSE-SU-2016:2869-1, USN-3462-1, VIGILANCE-VUL-20747.

Description of the vulnerability

The Pacemaker product offers a pacemaker_remote service (3121/tcp).

However, a connection on this port stops the active corosync session.

An attacker can therefore connect to the pacemaker_remote port of Pacemaker, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-5177 CVE-2016-5178

Google Chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/09/2016.
Identifiers: CERTFR-2016-AVI-324, CVE-2016-5177, CVE-2016-5178, DSA-3683-1, FEDORA-2016-2e50862950, FEDORA-2016-d61c4f72da, openSUSE-SU-2016:2429-1, openSUSE-SU-2016:2432-1, RHSA-2016:2007-01, USN-3091-1, VIGILANCE-VUL-20741.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via the JavaScript interpreter V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5177]

An attacker can generate several memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5178]

An unknown vulnerability was announced. [severity:3/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-4997

Linux kernel: memory corruption via IP6T_SO_SET_REPLACE

Synthesis of the vulnerability

An attacker can generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 29/09/2016.
Revision date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-220, CERTFR-2016-AVI-267, CERTFR-2017-AVI-034, CERTFR-2017-AVI-282, CVE-2016-4997, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1798-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2017:1140-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1709-1, SUSE-SU-2016:1710-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2018-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, SUSE-SU-2016:3069-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3016-1, USN-3016-2, USN-3016-3, USN-3016-4, USN-3017-1, USN-3017-2, USN-3017-3, USN-3018-1, USN-3018-2, USN-3019-1, USN-3020-1, USN-3338-1, USN-3338-2, VIGILANCE-VUL-20735.

Description of the vulnerability

The Linux kernel offers the ip6_tables or ip_tables module.

However, the IP6T_SO_SET_REPLACE or IPT_SO_SET_REPLACE option of setsockopt() does not correctly check offsets, which leads to a memory corruption.

An attacker can therefore generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-5325 CVE-2016-7099

Node.js: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node.js.
Impacted products: Fedora, IRAD, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 26/09/2016.
Revision date: 28/09/2016.
Identifiers: 1992681, 1993777, CVE-2016-5325, CVE-2016-7099, FEDORA-2016-861b8c46b7, openSUSE-SU-2016:2496-1, RHSA-2017:0002-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, VIGILANCE-VUL-20694.

Description of the vulnerability

Several vulnerabilities were announced in Node.js.

An attacker can tamper with the handling of X.509 certificate for TLS. [severity:3/4; CVE-2016-7099]

On MS-Windows platforms, an attacker can tamper with the process of cryptographic modules loading by OpenSSL to inject an arbitrary DLL into the server process. [severity:1/4]

An attacker can inject data into HTTP response headers to fake responses. [severity:1/4; CVE-2016-5325]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-2776

ISC BIND: assertion error via buffer.c

Synthesis of the vulnerability

An attacker can force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, JUNOS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 28/09/2016.
Identifiers: AA-01419, bulletinoct2016, c05321107, CERTFR-2017-AVI-111, CVE-2016-2776, DLA-645-1, DSA-3680-1, FEDORA-2016-2d9825f7c1, FEDORA-2016-3af8b344f1, FEDORA-2016-cbef6c8619, FEDORA-2016-cca77daf70, FreeBSD-SA-16:28.bind, JSA10785, K18829561, openSUSE-SU-2016:2406-1, RHSA-2016:1944-01, RHSA-2016:1945-01, RHSA-2016:2099-01, SOL18829561, SSA:2016-271-01, SUSE-SU-2016:2399-1, SUSE-SU-2016:2401-1, SUSE-SU-2016:2405-1, USN-3088-1, VIGILANCE-VUL-20707.

Description of the vulnerability

The ISC BIND product build replies to DNS queries in the dns_message_render*() functions of the lib/dns/message.c file.

However, the DNS_MESSAGE_HEADERLEN header size is not used to check the free space in the response to build. An assertion error thus occurs in the buffer.c file, because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-7052

OpenSSL 1.0.2i: NULL pointer dereference via CRL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Fedora, FreeBSD, AIX, DB2 UDB, Tivoli Storage Manager, Tivoli Workload Scheduler, Copssh, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, ePO, Meinberg NTP Server, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Base SAS Software, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, WindRiver Linux.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, VIGILANCE-VUL-20701.

Description of the vulnerability

The OpenSSL version 1.0.2i product fixed a bug in CRL management.

However, this fix does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-7161

QEMU: buffer overflow via xlnx.xps-ethernetlite

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via xlnx.xps-ethernetlite of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 23/09/2016.
Identifiers: CVE-2016-7161, DLA-652-1, DLA-653-1, FEDORA-2016-4c407cd849, FEDORA-2016-689f240960, FEDORA-2016-a56fb613a8, openSUSE-SU-2016:3103-1, openSUSE-SU-2016:3237-1, SUSE-SU-2016:2902-1, SUSE-SU-2016:2936-1, SUSE-SU-2016:2988-1, USN-3125-1, VIGILANCE-VUL-20690.

Description of the vulnerability

The QEMU product manages Xilinx Ethernet Lite MAC network devices.

However, if the size of NetClientState data is greater than the size of the storage array, an overflow occurs in the receive callback of xlnx.xps-ethernetlite in the hw/net/xilinx_ethlite.c file.

An attacker, inside a guest system, can therefore generate a buffer overflow via xlnx.xps-ethernetlite of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Mac OS X, Arkoon FAST360, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, AIX, DB2 UDB, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee Email Gateway, ePO, MySQL Community, MySQL Enterprise, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Percona Server, XtraDB Cluster, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, VxWorks.
Severity: 3/4.
Creation date: 22/09/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2000544, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, bulletinoct2016, CERTFR-2016-AVI-320, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2017, cpujan2018, cpujul2017, cpuoct2017, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-16-050, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HT207423, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2016:2802-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA132, SA40312, SB10171, SB10215, SOL54211024, SOL90492697, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, STORM-2016-005, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20678.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can create a memory over consumption via an OCSP request, in order to trigger a denial of service. [severity:3/4; CVE-2016-6304]

An attacker can make a process block itself via SSL_peek, in order to trigger a denial of service. [severity:2/4; CVE-2016-6305]

An attacker can generate a buffer overflow via MDC2_Update, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-6303]

An attacker can generate a read only buffer overflow, in order to trigger a denial of service. [severity:1/4; CVE-2016-6302]

An attacker can generate a read only buffer overflow via the parsing of an X.509 certificate, in order to trigger a denial of service. [severity:1/4; CVE-2016-6306]

An attacker can make the server allocates a large amount of memory to process TLS packets. [severity:1/4; CVE-2016-6307]

An attacker can make the server allocates a large amount of memory to process DTLS packets. [severity:1/4; CVE-2016-6308]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus SUSE Linux Enterprise Desktop: