The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

vulnerability alert CVE-2015-5589 CVE-2015-5590 CVE-2015-8838

PHP: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, pfSense, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 10/07/2015.
Revisions dates: 10/07/2015, 22/04/2016.
Identifiers: 69669, 69768, 69923, 69958, 69970, 69972, CVE-2015-5589, CVE-2015-5590, CVE-2015-8838, DSA-3344-1, FEDORA-2015-11581, openSUSE-SU-2015:1351-1, openSUSE-SU-2016:1167-1, openSUSE-SU-2016:1173-1, RHSA-2016:0457-01, SUSE-SU-2016:1145-1, SUSE-SU-2016:1166-1, USN-2758-1, USN-2952-1, USN-2952-2, VIGILANCE-VUL-17341.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An unknown vulnerability was announced in the functions escapeshell*. This may be related to an incomplete fix for CVE-2015-4642 mentioned in VIGILANCE-VUL-17113. [severity:2/4; 69768]

An attacker can generate a buffer overflow in Phar::convertToDat, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69958, CVE-2015-5589]

An attacker can generate a buffer overflow in phar_fix_filepath, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69923, CVE-2015-5590]

An attacker can force the usage of a freed memory area in spl_recursive_it_move_forward_ex(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69970]

An attacker can force the usage of a freed memory area in sqlite3SafetyCheckSickOrOk(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69972]

An attacker can act as a Man-in-the-Middle when the mysqlnd client asks for a TLS session, in order to read or alter exchanged data (idem VIGILANCE-VUL-16761 which has the identifier CVE-2015-3152 for MySQL, but CVE-2015-8838 for PHP). [severity:2/4; 69669, CVE-2015-8838]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-3119

MIT krb5: NULL pointer dereference via LDAP process_db_args

Synthesis of the vulnerability

An attacker, with permission to modify a principal entry, can force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Impacted products: Fedora, MIT krb5, openSUSE, openSUSE Leap.
Severity: 1/4.
Creation date: 23/03/2016.
Identifiers: CVE-2016-3119, FEDORA-2016-56840babc3, FEDORA-2016-ed99cb602e, openSUSE-SU-2016:0947-1, openSUSE-SU-2016:1072-1, VIGILANCE-VUL-19206.

Description of the vulnerability

The MIT krb5 product can use a LDAP KDB module.

However, if an argument is empty, the process_db_args() function of the src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c file does not check if a pointer is NULL, before using it.

An attacker, with permission to modify a principal entry, can therefore force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS Cisco, IOS XE Cisco, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, AIX, IRAD, Tivoli Workload Scheduler, Copssh, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, Pulse Secure SBR, Puppet, RHEL, Red Hat JBoss EAP, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Wind River Linux, VxWorks.
Severity: 2/4.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 046178, 046208, 1979498, 1979602, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, FEDORA-2016-2802690366, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, JSA10722, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2381

Perl: inconsistency of environment variables

Synthesis of the vulnerability

An attacker can create an environment with duplicates, in order to bypass the Taint Mechanism of Perl.
Impacted products: Debian, Fedora, openSUSE, Perl Core, Ubuntu.
Severity: 2/4.
Creation date: 01/03/2016.
Identifiers: CVE-2016-2381, DSA-3501-1, FEDORA-2016-1fb63e3bf3, FEDORA-2016-5d4fc5ecc9, openSUSE-SU-2016:0881-1, USN-2916-1, VIGILANCE-VUL-19062.

Description of the vulnerability

The Perl language can be used to access to environment variables, with to two methods:
  $ENV{"VAR"}
  getenv("VAR")

However, if the same variable is present several times in the environment:
 - %ENV returns the last one
 - getenv() returns the first one

The Taint feature of Perl, which marks untrusted data, is applied on the values of %ENV. So, if a program uses getenv(), it obtains the first value, which is not Tainted.

An attacker can therefore create an environment with duplicates, in order to bypass the Taint Mechanism of Perl.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS Cisco, IOS XE Cisco, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, IRAD, Copssh, Data ONTAP, OpenSSL, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, Wind River Linux, VxWorks.
Severity: 2/4.
Creation date: 01/03/2016.
Identifiers: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-2559 CVE-2016-2560 CVE-2016-2561

phpMyAdmin: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Fedora, openSUSE, openSUSE Leap, phpMyAdmin.
Severity: 2/4.
Creation date: 01/03/2016.
Identifiers: CERTFR-2016-AVI-077, CVE-2016-2559, CVE-2016-2560, CVE-2016-2561, CVE-2016-2562, FEDORA-2016-02ee5b4002, FEDORA-2016-65da02b95c, openSUSE-SU-2016:0663-1, openSUSE-SU-2016:0666-1, PMASA-2016-10, PMASA-2016-11, PMASA-2016-12, PMASA-2016-13, VIGILANCE-VUL-19050.

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can trigger a Cross Site Scripting in SQL Parser, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-2559, PMASA-2016-10]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-2560, PMASA-2016-11]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-2561, PMASA-2016-12]

An attacker can act as a Man-in-the-Middle on GitHub API, in order to read or write data in the session. [severity:2/4; CVE-2016-2562, PMASA-2016-13]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-2521 CVE-2016-2523 CVE-2016-2530

Wireshark 1: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark 1.
Impacted products: Debian, openSUSE, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Creation date: 29/02/2016.
Identifiers: bulletinapr2016, CERTFR-2016-AVI-074, CVE-2016-2521, CVE-2016-2523, CVE-2016-2530, CVE-2016-2531, CVE-2016-2532, DSA-3516-1, openSUSE-SU-2016:0660-1, openSUSE-SU-2016:0661-1, VIGILANCE-VUL-19043, wnpa-sec-2016-01, wnpa-sec-2016-03, wnpa-sec-2016-10, wnpa-sec-2016-11, wnpa-sec-2016-14, wnpa-sec-2016-15, wnpa-sec-2016-18.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark 1.

An attacker can use a DLL Hijacking vulnerability, in order to run code. [severity:2/4; CVE-2016-2521, wnpa-sec-2016-01]

An attacker can generate an infinite loop in DNP3, in order to trigger a denial of service. [severity:2/4; CVE-2016-2523, wnpa-sec-2016-03]

An attacker can send a malicious RSL packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-2530, CVE-2016-2531, wnpa-sec-2016-10]

An attacker can send a malicious LLRP packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-2532, wnpa-sec-2016-11]

An attacker can send a malicious GSM A-bis OML packet, in order to trigger a denial of service. [severity:2/4; wnpa-sec-2016-14]

An attacker can send a malicious ASN.1 BER packet, in order to trigger a denial of service. [severity:2/4; wnpa-sec-2016-15]

An attacker can send a malicious ASN.1 BER packet, in order to trigger a denial of service. [severity:2/4; wnpa-sec-2016-18]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2538

QEMU: information disclosure via NDIS Control Message

Synthesis of the vulnerability

An attacker in a guest system can read a memory fragment of NDIS Control Message of QEMU, in order to obtain sensitive information about the host system.
Impacted products: Fedora, openSUSE, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 22/02/2016.
Identifiers: CVE-2016-2538, FEDORA-2016-372bb57df0, FEDORA-2016-38b20aa50f, FEDORA-2016-bfaf6a133b, FEDORA-2016-f4504e9445, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, VIGILANCE-VUL-19002.

Description of the vulnerability

The QEMU product implements NDIS (Network Driver Interface Specification).

However, if an USB device sends a RNDIS (Remote NDIS) message with a field too large, an integer overflows in the hw/usb/dev-network.c file, and a memory area is returned to the user.

An attacker in a guest system can therefore read a memory fragment of NDIS Control Message of QEMU, in order to obtain sensitive information about the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-2271

Xen: denial of service via non canonical instruction pointer

Synthesis of the vulnerability

An attacker in a guest system can map code at non canonical virtual addresses, in order to trigger a fatal exception in Xen and then a denial of service against the guest.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 17/02/2016.
Identifiers: CERTFR-2016-AVI-133, CTX209443, CVE-2016-2271, DSA-3519-1, FEDORA-2016-e48f4bd14f, FEDORA-2016-f8121efdac, openSUSE-SU-2016:0995-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, VIGILANCE-VUL-18967, XSA-170.

Description of the vulnerability

The Xen product is an hypervisor targeting mainly x86 architectures. It can use the virtualization specific instruction set in 64 hosts.

In the case of a 64 bits guest system with hardware assisted virtualization, the instruction VMENTRY used to restart a virtual machine requires that the instruction pointer be canonical, i.e. the most significant bits which are not related to bits in physical addresses (the length of which is lower than 64 bits) are either all 0 or all 1. Otherwise, the processor trigger an exception, the handling of which by Xen will terminate the guest system. Instruction pointers are controlled by user processes if the guest system allow user processes to choose which virtual addresses they use, as with the mmap POSIX call.

An attacker in a guest system can therefore map code at non canonical virtual addresses, in order to trigger a fatal exception in Xen and then a denial of service against the guest.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2270

Xen: denial of service via cache inconsistencies

Synthesis of the vulnerability

A privileged attacker into a guest system can create 2 inconsistent mappings to the same memory area in Xen, in order to trigger an unmanaged exception and then a denial of service.
Impacted products: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 17/02/2016.
Identifiers: CVE-2016-2270, DSA-3519-1, FEDORA-2016-e48f4bd14f, FEDORA-2016-f8121efdac, openSUSE-SU-2016:0995-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, VIGILANCE-VUL-18966, XSA-154.

Description of the vulnerability

The Xen product is an hypervisor targeting mainly x86 architectures.

A guest system can map a memory area located in a device, like video ram, into a virtual address space. In such a case, the corresponding area of virtual memory is typically marked non cacheable by the physical processor. However, when a physical memory area is mapped into more than one virtual address space, the cachability bit may differ, as they are bound to the virtual addresses instead of physical ones. In such a case, the processor may raise an exception which is not handled by Xen, leading to whole host halt.

A privileged attacker into a guest system can therefore create 2 inconsistent mappings to the same memory area in Xen, in order to trigger an unmanaged exception and then a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: