The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus SUSE Linux Enterprise Server

vulnerability CVE-2016-7056

OpenSSL: ECDSA signature not computed in constant time

Synthesis of the vulnerability

An attacker can monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Android OS, OpenBSD, OpenSSL, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 11/01/2017.
Identifiers: CVE-2016-7056, DLA-814-1, DSA-3773-1, HT207615, K32743437, openSUSE-SU-2017:0409-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, openSUSE-SU-2018:0458-1, SUSE-SU-2018:0112-1, USN-3181-1, VIGILANCE-VUL-21550.

Description of the vulnerability

An attacker can therefore monitor a process performing a ECDSA signature with OpenSSL, in order to potentially obtain information about the secret key.

This vulnerability is the same than the one described in VIGILANCE-VUL-19820, but this time it is about the elliptic curve based variant of DSA.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-9587

Ansible Core: code execution

Synthesis of the vulnerability

An attacker can tamper with managed host state information returned to Ansible, in order to run arbitrary shell commands on an host managed by Ansible and on the Ansible host.
Impacted products: Ansible Core, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 10/01/2017.
Revision date: 11/01/2017.
Identifiers: CT-2017-0109, CVE-2016-9527-ERROR, CVE-2016-9587, FEDORA-2017-3f40aa3d64, FEDORA-2017-418398ce60, FEDORA-2017-c2129c77ca, FEDORA-2017-cb88734094, openSUSE-SU-2017:2976-1, openSUSE-SU-2017:2978-1, VIGILANCE-VUL-21538.

Description of the vulnerability

Ansible is a tool for centralized administration.

It receives information from managed hosts about their state via JSON messages, in which 2 fields are specially handled; one of them "ansible_python_interpreter", is the name a program. However, Ansible does not rightly filter the content of these special fields. An attacker who controls a connection to the manager Ansible can therefore run arbitrary shell commands on the Ansible host and on any managed host.

An attacker can therefore tamper with managed host state information returned to Ansible, in order to run arbitrary shell commands on an host managed by Ansible and on the Ansible host.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-5193 CVE-2017-5194 CVE-2017-5195

irssi: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of irssi.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/01/2017.
Identifiers: bulletinjul2017, CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, DLA-1217-1, FEDORA-2017-7f9e997585, FEDORA-2017-d2e7217e2a, openSUSE-SU-2017:0093-1, openSUSE-SU-2017:0094-1, SSA:2017-011-03, USN-3184-1, VIGILANCE-VUL-21532.

Description of the vulnerability

Several vulnerabilities were announced in irssi.

An attacker can force a NULL pointer to be dereferenced via nickcmp(), in order to trigger a denial of service. [severity:2/4; CVE-2017-5193]

An attacker can force a read at an invalid address via Incomplete Control Codes, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5194]

An attacker can force a read at an invalid address via Incomplete Character Sequences, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5195]

An attacker can trigger a fatal error via Invalid Nick Message, in order to trigger a denial of service. [severity:2/4; CVE-2017-5196]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-8745

Apache Tomcat: information disclosure via sendfile

Synthesis of the vulnerability

An attacker can use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Impacted products: Tomcat, Debian, Fedora, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle OIT, Solaris, Tuxedo, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 12/12/2016.
Revision date: 05/01/2017.
Identifiers: bulletinjan2017, cpuapr2018, cpuoct2017, CVE-2016-8745, DLA-779-1, DSA-3754-1, DSA-3755-1, FEDORA-2017-19c5440abe, FEDORA-2017-376ae2b92c, openSUSE-SU-2017:1292-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21355.

Description of the vulnerability

The Apache Tomcat product includes an HTTP server.

It may use the sendfile() function from the operating system to send the content of a file without reading it itself. However, an attacker can trigger an error in the response processing, in such a a way that the client receive the respond of another client, including response headers and notably the session identifier.

An attacker can therefore use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9941 CVE-2016-9942

LibVNCServer: two vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in LibVNCServer.
Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 04/01/2017.
Identifiers: CVE-2016-9941, CVE-2016-9942, DLA-777-1, DSA-3753-1, FEDORA-2017-0e08170fd3, FEDORA-2017-6125002d79, FEDORA-2017-dd5d2381e4, openSUSE-SU-2018:0851-1, SUSE-SU-2017:0104-1, SUSE-SU-2018:0830-1, USN-3171-1, VIGILANCE-VUL-21507.

Description of the vulnerability

Several vulnerabilities were announced in LibVNCServer.

An attacker can generate a buffer overflow via FramebufferUpdate, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9941]

An attacker can generate a buffer overflow via FramebufferUpdate Ultra, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9942]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-7915

Linux kernel: out-of-bounds memory reading via hid_input_field

Synthesis of the vulnerability

An attacker can force a read at an invalid address via hid_input_field() on the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 02/01/2017.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CVE-2016-7915, DLA-772-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, VIGILANCE-VUL-21492.

Description of the vulnerability

The Linux kernel has a hid/hid-core.c driver for Logitech DJ.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via hid_input_field() on the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9810

GStreamer Plugin: out-of-bounds memory reading via FLIC

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 29/12/2016.
Identifiers: CVE-2016-9810, openSUSE-SU-2017:0071-1, openSUSE-SU-2017:0141-1, openSUSE-SU-2017:0151-1, openSUSE-SU-2017:0160-1, openSUSE-SU-2017:0298-1, openSUSE-SU-2017:0847-1, RHSA-2017:2060-01, SUSE-SU-2016:3288-1, SUSE-SU-2016:3303-1, SUSE-SU-2017:0210-1, SUSE-SU-2017:0225-1, SUSE-SU-2017:0237-1, VIGILANCE-VUL-21477.

Description of the vulnerability

The GStreamer Plugin product offers a web service.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-10028

QEMU: buffer overflow via virtio-gpu-3d

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-10028, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1774-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21428.

Description of the vulnerability

The Qemu product manages commands exported to guest userspace process.

However, for the command VIRTIO_GPU_CMD_GET_CAPSET, QEMU accepts a nul buffer size for the command response data. In this cas, an overflow occurs.

An attacker, inside a guest system, can therefore generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-10013

Xen: privilege escalation via SYSCALL

Synthesis of the vulnerability

An attacker can trigger a debug trap on a SYSCALL instruction in a guest system managed by Xen, in order to get guest operating system privileges on non Linux systems.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CERTFR-2016-AVI-424, CTX222565, CVE-2016-10013, DLA-783-1, DSA-3847-1, FEDORA-2016-92e3ea2d1b, FEDORA-2016-bc02bff7f5, openSUSE-SU-2017:0005-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3207-1, SUSE-SU-2016:3208-1, SUSE-SU-2016:3221-1, SUSE-SU-2016:3241-1, SUSE-SU-2017:0718-1, VIGILANCE-VUL-21423, XSA-204.

Description of the vulnerability

Processing the interrupts, exceptions and traps is part of the job of the hypervisor Xen.

A user program like a debugger in a guest system can define the conditions that trigger debug traps. However, Xen wrongly handles one of these traps when it applies to a SYSCALL instruction, which triggers a privilege transition as part of the processing of system calls.

An attacker can therefore trigger a debug trap on a SYSCALL instruction in a guest system managed by Xen, in order to get guest operating system privileges on non Linux systems.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-9932

Xen: information disclosure via CMPXCHG8B

Synthesis of the vulnerability

A local attacker, inside a guest system, can use an instruction CMPXCHG8B, in order to fetch some bytes of Xen' stack, on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 14/12/2016.
Identifiers: CERTFR-2016-AVI-418, CERTFR-2016-AVI-428, CTX219378, CVE-2016-9932, DLA-964-1, DSA-3847-1, FEDORA-2016-1b868c23a9, FEDORA-2016-bcbae0781f, openSUSE-SU-2017:0005-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3207-1, SUSE-SU-2016:3208-1, SUSE-SU-2016:3221-1, SUSE-SU-2016:3241-1, SUSE-SU-2017:0718-1, VIGILANCE-VUL-21386, XSA-200.

Description of the vulnerability

The Xen product can emulate x86 instructions.

Some instructions may be modified with an operand size prefix that states the length of the memory access. Thus prefix should not be taken into account for the instruction CMPXCHG8B. However, some parts of the hypervisor do use it.

A local attacker, inside a guest system, can therefore use an instruction CMPXCHG8B, in order to fetch some bytes of Xen' stack, on the host system.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus SUSE Linux Enterprise Server: