The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

computer vulnerability alert CVE-2016-2099

Apache Xerces-C++: use after free via DTDScanner

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Impacted products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE.
Severity: 2/4.
Creation date: 10/05/2016.
Revision date: 28/06/2016.
Identifiers: CVE-2016-2099, DLA-467-1, DSA-3579-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, openSUSE-SU-2016:1744-1, openSUSE-SU-2016:1808-1, SOL04253390, VIGILANCE-VUL-19566, XERCESC-2066.

Description of the vulnerability

The Apache Xerces-C++ product calls DTDScanner from the XMLReader class, in order to analyze DTD data.

However, if an invalid character is encountered, an exception handler frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-0772

Python: TLS disabling in smtplib

Synthesis of the vulnerability

An attacker can make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python.
Severity: 1/4.
Creation date: 16/06/2016.
Identifiers: bulletinjul2016, CVE-2016-0772, DLA-522-1, FEDORA-2016-105b80d1be, FEDORA-2016-13be2ee499, FEDORA-2016-2869023091, FEDORA-2016-34ca5273e9, FEDORA-2016-5c52dcfe47, FEDORA-2016-6c2b74bb96, FEDORA-2016-a0853405eb, FEDORA-2016-aae6bb9433, FEDORA-2016-b046b56518, FEDORA-2016-e37f15a5f4, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, VIGILANCE-VUL-19915.

Description of the vulnerability

The Python library includes a SMTP client.

This library enables a TLS tunnel. However, it does not check the status code of the STARTTLS command and accept to continue the SMTP session in plain text. An attacker who can hijack the traffic can insert an error after the STARTTLS command to disable the encryption.

An attacker can therefore make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-5108

VLC: buffer overflow via DecodeAdpcmImaQT

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via QuickTime of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE, openSUSE Leap, VLC.
Severity: 1/4.
Creation date: 27/05/2016.
Identifiers: CERTFR-2016-AVI-190, CVE-2016-5108, DSA-3598-1, openSUSE-SU-2016:1651-1, openSUSE-SU-2016:1652-1, VIGILANCE-VUL-19718.

Description of the vulnerability

The VLC product can play QuickTime files.

The routine DecodeAdpcmImaQT fills the buffer p_buffer with data from the user provided file. However, the index into the buffer is computed from file data, without bound check.

An attacker can therefore trigger a buffer overflow via QuickTime of VLC, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2013-7456 CVE-2016-4343 CVE-2016-5093

PHP 5: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.
Impacted products: Mac OS X, Debian, Fedora, openSUSE, openSUSE Leap, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 26/05/2016.
Identifiers: 71331, 72114, 72135, 72227, 72241, CERTFR-2016-AVI-195, CVE-2013-7456, CVE-2016-4343, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, DLA-499-1, DLA-533-1, DSA-3602-1, FEDORA-2016-65f1ffdc0c, FEDORA-2016-6b1938566f, HT206903, openSUSE-SU-2016:1553-1, openSUSE-SU-2016:1688-1, SSA:2016-148-03, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-3030-1, VIGILANCE-VUL-19712.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

An attacker can generate an integer overflow via fread, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72114, CVE-2016-5096]

An attacker can generate an integer overflow via php_html_entities, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72135, CVE-2016-5094]

An attacker can force a read at an invalid address via imagescale, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72227, CVE-2013-7456]

An attacker can force a read at an invalid address via get_icu_value_internal, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72241, CVE-2016-5093]

An attacker can force a read at an invalid address via phar_make_dirstream(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 71331, CVE-2016-4343]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-5097 CVE-2016-5098 CVE-2016-5099

phpMyAdmin: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, phpMyAdmin.
Severity: 1/4.
Creation date: 26/05/2016.
Identifiers: CERTFR-2016-AVI-181, CVE-2016-5097, CVE-2016-5098, CVE-2016-5099, DSA-3627-1, FEDORA-2016-55261b6815, FEDORA-2016-cd05bd994a, openSUSE-SU-2016:1434-1, openSUSE-SU-2016:1556-1, PMASA-2016-14, PMASA-2016-15, PMASA-2016-16, VIGILANCE-VUL-19707.

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can obtain sensitive information exposed in URL request parameters. [severity:1/4; CVE-2016-5097, PMASA-2016-14]

An attacker can trigger an error in order get information about the filesystem outside the Web server tree. [severity:1/4; CVE-2016-5098, PMASA-2016-15]

An attacker can trigger the insertion of special HTML characters into a page via a specially crafted URL. [severity:1/4; CVE-2016-5099, PMASA-2016-16]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7558 CVE-2016-4348

librsvg: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of librsvg.
Impacted products: Debian, openSUSE, openSUSE Leap.
Severity: 2/4.
Creation date: 18/05/2016.
Identifiers: CVE-2015-7558, CVE-2016-4347-REJECT, CVE-2016-4348, DLA-477-1, DSA-3584-1, openSUSE-SU-2016:1333-1, VIGILANCE-VUL-19646.

Description of the vulnerability

Several vulnerabilities were announced in librsvg.

An attacker can trigger a fatal error in SVG Circular Definitions, in order to trigger a denial of service. [severity:2/4; CVE-2015-7558, CVE-2016-4347-REJECT]

An attacker can trigger a fatal error in SVG Circular Definitions, in order to trigger a denial of service. [severity:2/4; CVE-2016-4348]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-4574 CVE-2016-4579

KSBA: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of KSBA.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 17/05/2016.
Identifiers: CVE-2016-4574, CVE-2016-4579, DLA-470-1, FEDORA-2016-28a56c76c1, FEDORA-2016-fd26f713e7, openSUSE-SU-2016:1370-1, openSUSE-SU-2016:1525-1, USN-2982-1, VIGILANCE-VUL-19626.

Description of the vulnerability

Several vulnerabilities were announced in KSBA.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4574]

An attacker can force a read at an invalid address in _ksba_ber_parse_tl(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-4579]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-3697

Docker: privilege escalation via Numeric UID

Synthesis of the vulnerability

A local attacker can in some cases use an uid on Docker, in order to escalate his privileges.
Impacted products: Docker Engine, Fedora, openSUSE, RHEL.
Severity: 2/4.
Creation date: 13/05/2016.
Identifiers: 1329450, CVE-2016-3697, FEDORA-2016-6a0d540088, openSUSE-SU-2016:1417-1, RHSA-2016:1034-01, VIGILANCE-VUL-19615.

Description of the vulnerability

The Docker product can be installed on a system with a numeric user id. For example, if /etc/passwd contains :
  1000::0:0:::/bin/bash
  user::1000:1000:::/bin/bash

However, permission checks are performed on user with the uid 1000, but the access is granted with user named "1000".

A local attacker can therefore in some cases use an uid on Docker, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-4483

libxml2: out-of-bounds memory reading via xmlBufAttrSerializeTxtContent

Synthesis of the vulnerability

An attacker can force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, libxml2, openSUSE, openSUSE Leap, Splunk Enterprise, SLES, Ubuntu.
Severity: 2/4.
Creation date: 04/05/2016.
Identifiers: CVE-2016-4483, DLA-503-1, DSA-3593-1, HT206902, HT206903, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, SPL-11944, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, USN-2994-1, VIGILANCE-VUL-19514.

Description of the vulnerability

The xmllint tool of libxml2 has the option "--recover" to try to decode a malformed XML document.

However, the xmlBufAttrSerializeTxtContent() function of the xmlsave.c file tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-3705

libxml2: infinite loop of xmlParserEntityCheck

Synthesis of the vulnerability

An attacker can generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, libxml2, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Ubuntu.
Severity: 2/4.
Creation date: 03/05/2016.
Identifiers: 765207, CVE-2016-3705, DLA-503-1, DSA-3593-1, openSUSE-SU-2016:1446-1, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SOL54225343, SPL-11944, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, USN-2994-1, VIGILANCE-VUL-19513.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, a malformed document triggers an infinite recursion in the xmlParserEntityCheck(), xmlParseEntityValue() and xmlParseAttValueComplex() functions, which depletes the stack.

An attacker can therefore generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: