The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

vulnerability CVE-2015-8935

PHP: data injection via header

Synthesis of the vulnerability

When an attacker can control the parameter of the PHP header() function, he can still alter HTML pages generated by the web server, in order for example to create a Cross Site Scripting.
Impacted products: openSUSE, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/08/2016.
Identifiers: 68978, CVE-2015-8935, openSUSE-SU-2016:1761-1, openSUSE-SU-2016:1922-1, SUSE-SU-2016:2013-1, SUSE-SU-2016:2080-1, USN-3045-1, VIGILANCE-VUL-20260.

Description of the vulnerability

The bulletin VIGILANCE-VUL-2928 describes a vulnerability allowing an attacker to use the character '\n' in the PHP header() function to inject HTTP headers, and to alter the content of the generated HTML document.

However, Internet Explorer also accepts the "\n[space]" or "\r\n[space]" sequence as a line separator. This attack variant is not detected by the solution for VIGILANCE-VUL-2928.

When an attacker can control the parameter of the PHP header() function, he can therefore still alter HTML pages generated by the web server, in order for example to create a Cross Site Scripting.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-6153

SQLite: database corruption using unsafe temporary folders

Synthesis of the vulnerability

An attacker can access to temporary files created by SQLite in order to read or change the content of a protected database.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SQLite.
Severity: 1/4.
Creation date: 04/07/2016.
Identifiers: CVE-2016-6153, DLA-543-1, FEDORA-2016-0138339b54, KL-001-2016-003, openSUSE-SU-2016:1932-1, openSUSE-SU-2016:2041-1, VIGILANCE-VUL-20018.

Description of the vulnerability

SQLite is an embedded database manager.

When the application does not specify where the library should create temporary files, SQLite uses an internally fixed list of candidate folders. However, the check for permissions of these folders is wrong, so the library can create temporary files as the ones used for transaction implementation, which will be readable or writable by unauthorized process.

An attacker can therefore access to temporary files created by SQLite in order to read or change the content of a protected database.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2099

Apache Xerces-C++: use after free via DTDScanner

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Impacted products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE.
Severity: 2/4.
Creation date: 10/05/2016.
Revision date: 28/06/2016.
Identifiers: CVE-2016-2099, DLA-467-1, DSA-3579-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, openSUSE-SU-2016:1744-1, openSUSE-SU-2016:1808-1, SOL04253390, VIGILANCE-VUL-19566, XERCESC-2066.

Description of the vulnerability

The Apache Xerces-C++ product calls DTDScanner from the XMLReader class, in order to analyze DTD data.

However, if an invalid character is encountered, an exception handler frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5699

Python: header tampering via urllib2, urllib

Synthesis of the vulnerability

An attacker can change the HTTP request created by urllib.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL.
Severity: 2/4.
Creation date: 17/06/2016.
Identifiers: bulletinjul2016, CVE-2016-5699, DLA-522-1, FEDORA-2016-34ca5273e9, FEDORA-2016-6c2b74bb96, FEDORA-2016-b046b56518, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, VIGILANCE-VUL-19925.

Description of the vulnerability

The urllib module of the Python library is an HTTP client.

However, the urllib module accepts HTTP headers at the end of the URL. The headers will be inserted before the ones added by urllib.

An attacker can therefore change the HTTP request created by urllib.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-0772

Python: TLS disabling in smtplib

Synthesis of the vulnerability

An attacker can make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL.
Severity: 1/4.
Creation date: 16/06/2016.
Identifiers: bulletinjul2016, CVE-2016-0772, DLA-522-1, FEDORA-2016-105b80d1be, FEDORA-2016-13be2ee499, FEDORA-2016-2869023091, FEDORA-2016-34ca5273e9, FEDORA-2016-5c52dcfe47, FEDORA-2016-6c2b74bb96, FEDORA-2016-a0853405eb, FEDORA-2016-aae6bb9433, FEDORA-2016-b046b56518, FEDORA-2016-e37f15a5f4, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, VIGILANCE-VUL-19915.

Description of the vulnerability

The Python library includes a SMTP client.

This library enables a TLS tunnel. However, it does not check the status code of the STARTTLS command and accept to continue the SMTP session in plain text. An attacker who can hijack the traffic can insert an error after the STARTTLS command to disable the encryption.

An attacker can therefore make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-4470

Linux kernel: use after free via key_reject_and_link

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via key_reject_and_link of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 16/06/2016.
Identifiers: CERTFR-2016-AVI-267, CERTFR-2016-AVI-278, CVE-2016-4470, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1798-1, openSUSE-SU-2016:2144-1, RHSA-2016:1532-02, RHSA-2016:1539-01, RHSA-2016:1541-03, RHSA-2016:1657-01, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2018-1, SUSE-SU-2016:2105-1, USN-3049-1, USN-3050-1, USN-3051-1, USN-3052-1, USN-3053-1, USN-3054-1, USN-3055-1, USN-3056-1, USN-3057-1, VIGILANCE-VUL-19912.

Description of the vulnerability

The Linux kernel can manage cryptographic keys.

However, when the registration of a key fails, an uninitialized variable is used, which lead to early freeing a of a memory area which will be reused.

An attacker can therefore force the usage of a freed memory area via key_reject_and_link of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5314 CVE-2016-5315 CVE-2016-5316

LibTIFF: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libtiff.
Impacted products: LibTIFF, openSUSE, RHEL.
Severity: 2/4.
Creation date: 15/06/2016.
Identifiers: CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5875, openSUSE-SU-2016:1889-1, RHSA-2016:1546-01, RHSA-2016:1547-01, VIGILANCE-VUL-19905.

Description of the vulnerability

Several vulnerabilities were announced in libtiff.

An attacker can generate a buffer overflow via PixarLogDecode, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5314, CVE-2016-5875]

An attacker can force a read at an invalid address in setByteArray, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-5315]

An attacker can force a read at an invalid address via PixarLogCleanup, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5316]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5317]

An attacker can force a division by 0, in order to deny service. [severity:1/4; CVE-2016-5323]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:1/4; CVE-2016-5321]

An attacker can force a read at an invalid address, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-5322]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5320]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-5636

Python: buffer overflow via zipimporter

Synthesis of the vulnerability

An attacker can generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python.
Severity: 2/4.
Creation date: 13/06/2016.
Identifiers: bulletinjul2016, CVE-2016-5636, DLA-522-1, FEDORA-2016-308f78b2f4, FEDORA-2016-32e5a8c3a8, FEDORA-2016-9932f852c7, FEDORA-2016-d3a529aad6, FEDORA-2016-e63a732c9d, FEDORA-2016-eff21665e7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, VIGILANCE-VUL-19873.

Description of the vulnerability

The Python product includes a module to manage Zip archive.

A Zip entry includes a flag "compressed ?" and size of the file entry, before and after compression. However, when an entry states "compressed" and one of the data size is -1, an integer overflow occurs, which leads to a heap based buffer overflow when the content of the archive entry is read.

An attacker can therefore generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-1583

Linux kernel: memory corruption via eCryptfs

Synthesis of the vulnerability

An attacker can generate a memory corruption via eCryptfs of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/06/2016.
Revision date: 13/06/2016.
Identifiers: 836, CERTFR-2016-AVI-199, CERTFR-2016-AVI-267, CVE-2016-1583, DLA-516-1, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, SUSE-SU-2016:1596-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2105-1, USN-2996-1, USN-2997-1, USN-2998-1, USN-2999-1, USN-3000-1, USN-3001-1, USN-3002-1, USN-3003-1, USN-3004-1, USN-3005-1, USN-3006-1, USN-3007-1, USN-3008-1, VIGILANCE-VUL-19861.

Description of the vulnerability

The Linux kernel implements eCryptfs, to encrypt user data.

However, the mmap() system call is performed on a low level filesystem not supporting it, which corrupts the memory.

An attacker can therefore generate a memory corruption via eCryptfs of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-2834

Mozilla NSS: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Debian, NSS, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 08/06/2016.
Identifiers: 1206283, 1221620, 1241034, 1241037, CERTFR-2016-AVI-193, CVE-2016-2834, DLA-527-1, MFSA-2016-61, openSUSE-SU-2016:1552-1, openSUSE-SU-2016:1557-1, SUSE-SU-2016:1691-1, SUSE-SU-2016:1799-1, SUSE-SU-2016:2061-1, USN-3029-1, VIGILANCE-VUL-19835.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: