The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus SUSE Linux Enterprise Server

vulnerability announce CVE-2015-5288 CVE-2015-5289

PostgreSQL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PostgreSQL.
Impacted products: Clearswift Email Gateway, Debian, Fedora, openSUSE, PostgreSQL, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 08/10/2015.
Identifiers: CERTFR-2015-AVI-433, CVE-2015-5288, CVE-2015-5289, DSA-3374-1, DSA-3475-1, FEDORA-2015-6d2a957a87, openSUSE-SU-2015:1907-1, openSUSE-SU-2015:1919-1, RHSA-2015:2077-01, RHSA-2015:2078-01, RHSA-2015:2081-01, RHSA-2015:2083-01, SUSE-SU-2016:0677-1, USN-2772-1, VIGILANCE-VUL-18062.

Description of the vulnerability

Several vulnerabilities were announced in PostgreSQL.

An attacker can trigger a fatal error when json/jsonb data are analyzed, in order to trigger a denial of service. [severity:2/4; CVE-2015-5289]

An attacker can read a memory fragment via the crypt() function, in order to obtain sensitive information. [severity:1/4; CVE-2015-5288]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-7613

Linux kernel: privilege escalation via IPC

Synthesis of the vulnerability

A local attacker can manipulate IPC on the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, McAfee NSP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 02/10/2015.
Identifiers: CERTFR-2015-AVI-419, CERTFR-2015-AVI-430, CERTFR-2015-AVI-498, CVE-2015-7613, DSA-3372-1, FEDORA-2015-d7e074ba30, FEDORA-2015-dcc260f2f2, RHSA-2015:2152-02, RHSA-2015:2411-01, RHSA-2015:2587-01, RHSA-2015:2636-01, SB10146, SOL90230486, SUSE-SU-2015:1727-1, SUSE-SU-2015:2084-1, SUSE-SU-2015:2085-1, SUSE-SU-2015:2086-1, SUSE-SU-2015:2087-1, SUSE-SU-2015:2089-1, SUSE-SU-2015:2090-1, SUSE-SU-2015:2091-1, USN-2761-1, USN-2762-1, USN-2763-1, USN-2764-1, USN-2765-1, USN-2792-1, USN-2796-1, VIGILANCE-VUL-18021.

Description of the vulnerability

The shmget() system call creates a shared memory segment with IPC_CREAT, so two processes can communicate via IPC.

The newque() function of the ipc/msg.c function of the Linux kernel creates this segment. However, it calls ipc_addid() too soon, so the uid associated to the segment is incorrect.

A local attacker can therefore manipulate IPC on the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-7803

PHP: NULL pointer dereference via phar_get_fp_offset

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in the phar_get_fp_offset() function of PHP, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/10/2015.
Identifiers: 69720, CVE-2015-7803, DSA-3380-1, FEDORA-2015-366f3dd73f, FEDORA-2015-b24a52fc97, openSUSE-SU-2016:0251-1, openSUSE-SU-2016:0366-1, RHSA-2016:0457-01, SUSE-SU-2016:1145-1, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2786-1, VIGILANCE-VUL-18020.

Description of the vulnerability

The phar extension can be installed on PHP.

However, when the phar_get_fp_offset() function processes a special ZIP archive, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in the phar_get_fp_offset() function of PHP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-1303 CVE-2015-1304

Google Chrome: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 25/09/2015.
Identifiers: CERTFR-2015-AVI-409, CVE-2015-1303, CVE-2015-1304, DSA-3376-1, openSUSE-SU-2015:1719-1, openSUSE-SU-2015:1867-1, openSUSE-SU-2015:1872-1, openSUSE-SU-2015:1873-1, openSUSE-SU-2015:1876-1, openSUSE-SU-2015:1877-1, openSUSE-SU-2015:1887-1, RHSA-2015:1841-01, USN-2757-1, VIGILANCE-VUL-17983.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can use DOM, in order to run JavaScript code in the context of another web site. [severity:2/4; CVE-2015-1303]

An attacker can use V8, in order to run JavaScript code in the context of another web site. [severity:2/4; CVE-2015-1304]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-7311

Xen: write on readonly disks via libxl

Synthesis of the vulnerability

An attacker, who is administrator in a guest system, configured with qemu-xen and libxl, can write to disk images of the host system, even if they are configured as read-only.
Impacted products: Debian, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Creation date: 22/09/2015.
Identifiers: CERTFR-2015-AVI-406, CVE-2015-7311, DSA-3414-1, openSUSE-SU-2015:1964-1, openSUSE-SU-2015:2003-1, openSUSE-SU-2015:2249-1, openSUSE-SU-2015:2250-1, openSUSE-SU-2016:0124-1, SUSE-SU-2015:1853-1, SUSE-SU-2015:1894-1, SUSE-SU-2015:1908-1, VIGILANCE-VUL-17952, XSA-142.

Description of the vulnerability

The Xen product can be configured with qemu-xen (instead of qemu-xen-traditional), and can use tools linked to libxl.

However, with this configuration, a disk cannot be mounted as read-only, but libxl does not indicate it.

An attacker, who is administrator in a guest system, configured with qemu-xen and libxl, can therefore write to disk images of the host system, even if they are configured as read-only.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-7295

QEMU: denial of service via virtio-net

Synthesis of the vulnerability

An attacker on the local network can send large packets, which are not supported by the virtio-net driver of Qemu, in order to trigger a denial of service.
Impacted products: Debian, Fedora, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/09/2015.
Identifiers: CVE-2015-7295, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2015-d8510319c0, FEDORA-2015-fca1900745, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1785-1, USN-2828-1, VIGILANCE-VUL-17931.

Description of the vulnerability

The Qemu product offers the virtio-net (Virtual Network Device) support.

However, when large packets are received through tuntap/macvtap interfaces, and when the guest system does not support it, resources allocated are never freed.

An attacker on the local network can therefore send large packets, which are not supported by the virtio-net driver of Qemu, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-5279

QEMU: buffer overflow of ne2000_receive

Synthesis of the vulnerability

An attacker privileged in a guest system can generate a buffer overflow in ne2000_receive of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, oVirt, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 15/09/2015.
Identifiers: CVE-2015-5279, DSA-3361-1, DSA-3362-1, FEDORA-2015-015aec3bf2, FEDORA-2015-16368, FEDORA-2015-16369, FEDORA-2015-efc1d7ba5e, RHSA-2015:1896-01, RHSA-2015:1924-01, RHSA-2015:1925-01, RHSA-2015:2065-01, SOL63519101, SUSE-SU-2015:1782-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1785-1, USN-2745-1, VIGILANCE-VUL-17896.

Description of the vulnerability

The QEMU product implements a NE2000 network device.

However, if the size of data is greater than NE2000_MEM_SIZE(49152), an overflow occurs.

An attacker privileged in a guest system can therefore generate a buffer overflow in ne2000_receive of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5278

QEMU: infinite loop of ne2000_receive

Synthesis of the vulnerability

An attacker privileged in a guest system can generate an infinite loop in ne2000_receive() of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 15/09/2015.
Identifiers: CVE-2015-5278, DSA-3361-1, DSA-3362-1, FEDORA-2015-015aec3bf2, FEDORA-2015-16368, FEDORA-2015-16369, FEDORA-2015-efc1d7ba5e, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, SUSE-SU-2015:1782-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1445-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1745-1, SUSE-SU-2016:1785-1, USN-2745-1, VIGILANCE-VUL-17895.

Description of the vulnerability

The QEMU product implements a NE2000 network device.

However, when more than NE2000_MEM_SIZE(49152) bytes are received, an infinite loop occurs in the ne2000_receive() function.

An attacker privileged in a guest system can therefore generate an infinite loop in ne2000_receive() of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-6937

Linux kernel: NULL pointer dereference via net/rds/connection.c

Synthesis of the vulnerability

A local attacker can force a NULL pointer to be dereferenced in net/rds/connection.c of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 15/09/2015.
Identifiers: CERTFR-2015-AVI-435, CERTFR-2015-AVI-436, CERTFR-2015-AVI-508, CERTFR-2015-AVI-563, CERTFR-2016-AVI-050, CVE-2015-6937, DSA-3364-1, FEDORA-2015-16440, FEDORA-2015-16441, openSUSE-SU-2015:2232-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:2649-1, SUSE-SU-2015:1727-1, SUSE-SU-2015:2108-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0354-1, SUSE-SU-2016:2074-1, USN-2773-1, USN-2774-1, USN-2775-1, USN-2776-1, USN-2777-1, USN-2778-1, USN-2779-1, VIGILANCE-VUL-17886.

Description of the vulnerability

The Linux kernel implements RDS (Reliable Datagram Sockets).

However, if the socket is not bound before sending a message, the net/rds/connection.c file does not check if the "trans" (transport) pointer is NULL, before using it.

A local attacker can therefore force a NULL pointer to be dereferenced in net/rds/connection.c of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-6908

OpenLDAP: denial of service via ber_get_next

Synthesis of the vulnerability

An attacker can send a malicious LDAP packet, to force an assertion error in the ber_get_next() function of OpenLDAP, in order to trigger a denial of service.
Impacted products: Debian, OpenLDAP, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/09/2015.
Identifiers: CERTFR-2015-AVI-388, CVE-2015-6908, DSA-3356-1, ITS#8240, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, RHSA-2015:1840-01, SUSE-SU-2016:0224-1, USN-2742-1, VIGILANCE-VUL-17868.

Description of the vulnerability

The LDAP protocol uses the ASN.1 format, with a BER encoding.

The ber_get_next() function of the libraries/liblber/io.c file of OpenLDAP browses data, and decodes a BER record. However, when the pointer is outside the data area, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore send a malicious LDAP packet, to force an assertion error in the ber_get_next() function of OpenLDAP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus SUSE Linux Enterprise Server: