The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: AsyncOS, Cisco Content SMA, Cisco Prime Access Registrar, Secure ACS, Cisco CUCM, Cisco IP Phone, Debian, Fedora, FileZilla Server, Data ONTAP, Snap Creator Framework, OpenSSL, openSUSE, openSUSE Leap, SSL protocol, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2016.
Identifiers: 9010102, cisco-sa-20160927-openssl, CVE-2016-2183, CVE-2016-6329, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SWEET32, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2180

OpenSSL: out-of-bounds memory reading via TS_OBJ_print_bio

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: AsyncOS, Cisco Content SMA, Cisco Prime Access Registrar, Secure ACS, Cisco CUCM, Cisco IP Phone, Debian, Fedora, FileZilla Server, FreeBSD, OpenSSL, openSUSE, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/08/2016.
Identifiers: 1359615, cisco-sa-20160927-openssl, CVE-2016-2180, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-a555159613, FreeBSD-SA-16:26.openssl, openSUSE-SU-2016:2391-1, RHSA-2016:1940-01, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20286.

Description of the vulnerability

The OpenSSL product implements the RFC 3161 Public Key Infrastructure Time-Stamp Protocol.

However, the TS_OBJ_print_bio() function tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-8935

PHP: data injection via header

Synthesis of the vulnerability

When an attacker can control the parameter of the PHP header() function, he can still alter HTML pages generated by the web server, in order for example to create a Cross Site Scripting.
Impacted products: openSUSE, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/08/2016.
Identifiers: 68978, CVE-2015-8935, openSUSE-SU-2016:1761-1, openSUSE-SU-2016:1922-1, SUSE-SU-2016:2013-1, SUSE-SU-2016:2080-1, USN-3045-1, VIGILANCE-VUL-20260.

Description of the vulnerability

The bulletin VIGILANCE-VUL-2928 describes a vulnerability allowing an attacker to use the character '\n' in the PHP header() function to inject HTTP headers, and to alter the content of the generated HTML document.

However, Internet Explorer also accepts the "\n[space]" or "\r\n[space]" sequence as a line separator. This attack variant is not detected by the solution for VIGILANCE-VUL-2928.

When an attacker can control the parameter of the PHP header() function, he can therefore still alter HTML pages generated by the web server, in order for example to create a Cross Site Scripting.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-9862

FreeBSD: memory corruption via bsdiff

Synthesis of the vulnerability

An attacker can generate a memory corruption via bsdiff of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: FreeBSD, openSUSE, openSUSE Leap.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CVE-2014-9862, FreeBSD-SA-16:25.bspatch, openSUSE-SU-2016:1977-1, VIGILANCE-VUL-20211.

Description of the vulnerability

The FreeBSD product offers a bspatch tool using bsdiff to generate a file from a difference file.

However, if the difference file contains a number too large, data are written in the heap memory of the process.

An attacker can therefore generate a memory corruption via bsdiff of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-6261 CVE-2016-6262 CVE-2016-6263

libidn: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libidn.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CVE-2016-6261, CVE-2016-6262, CVE-2016-6263, DLA-582-1, DSA-3658-1, FEDORA-2016-42514bee97, FEDORA-2016-610fe5f5f8, openSUSE-SU-2016:1924-1, openSUSE-SU-2016:2135-1, SSA:2016-210-01, USN-3068-1, VIGILANCE-VUL-20199.

Description of the vulnerability

Several vulnerabilities were announced in libidn.

An attacker can force a read at an invalid address via idna_to_ascii_4i, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-6261]

An attacker can force a read at an invalid address via Zero Byte, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-6262]

An attacker can trigger a fatal error via UTF-8, in order to trigger a denial of service. [severity:2/4; CVE-2016-6263]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-6232

KDE Frameworks: directory traversal via kf5-karchive

Synthesis of the vulnerability

An attacker can traverse directories via kf5-karchive of KDE Frameworks, in order to create a file outside the service root path.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CVE-2016-6232, DLA-570-1, DSA-3643-1, FEDORA-2016-4701636a74, FEDORA-2016-cef912e3a4, openSUSE-SU-2016:1884-1, openSUSE-SU-2016:2223-1, USN-3042-1, VIGILANCE-VUL-20197.

Description of the vulnerability

The KDE Frameworks product offers kf5-karchive to extract tar archives.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories via kf5-karchive of KDE Frameworks, in order to create a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-5399

PHP: memory corruption via bzread

Synthesis of the vulnerability

An attacker can generate a memory corruption via bzread() of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 21/07/2016.
Identifiers: 72613, CVE-2016-5399, DLA-628-1, DSA-3631-1, openSUSE-SU-2016:2071-1, SUSE-SU-2016:2080-1, SUSE-SU-2016:2328-1, USN-3045-1, VIGILANCE-VUL-20186.

Description of the vulnerability

The PHP product offers a bzip2 module.

However, the bzread() function can write past the end of data.

An attacker can therefore generate a memory corruption via bzread() of PHP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2119

Samba: disabling signature

Synthesis of the vulnerability

An attacker can make a connection request with inconsistent fields related to user identity to Samba, in order to spoof user identity and so get its access rights.
Impacted products: Fedora, openSUSE, RHEL, Samba, Slackware.
Severity: 2/4.
Creation date: 07/07/2016.
Identifiers: CERTFR-2016-AVI-226, CVE-2016-2119, FEDORA-2016-0acec022f4, FEDORA-2016-48b53757a9, openSUSE-SU-2016:1830-1, RHSA-2016:1486-01, RHSA-2016:1487-01, SSA:2016-189-01, VIGILANCE-VUL-20042.

Description of the vulnerability

The Samba product manages shared folders and printers. It can also act as a domain controller.

Recent versions of the protocol require client connection signing for client authentication. However, an attacker can submit a connection request as a standard user in some request fields and state that he is a guest in another field. The net result is that the signature requirement is disabled for this connection.

An attacker can therefore make a connection request with inconsistent fields related to user identity to Samba, in order to spoof user identity and so get its access rights.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-6153

SQLite: database corruption using unsafe temporary folders

Synthesis of the vulnerability

An attacker can access to temporary files created by SQLite in order to read or change the content of a protected database.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SQLite.
Severity: 1/4.
Creation date: 04/07/2016.
Identifiers: CVE-2016-6153, DLA-543-1, FEDORA-2016-0138339b54, KL-001-2016-003, openSUSE-SU-2016:1932-1, openSUSE-SU-2016:2041-1, VIGILANCE-VUL-20018.

Description of the vulnerability

SQLite is an embedded database manager.

When the application does not specify where the library should create temporary files, SQLite uses an internally fixed list of candidate folders. However, the check for permissions of these folders is wrong, so the library can create temporary files as the ones used for transaction implementation, which will be readable or writable by unauthorized process.

An attacker can therefore access to temporary files created by SQLite in order to read or change the content of a protected database.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-4463

Apache Xerces-C: denial of service via a deeply nested DTD

Synthesis of the vulnerability

An attacker can submit an XML document including a deeply nested DTD to Apache Xerces-C, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, Notes, openSUSE, openSUSE Leap, Shibboleth SP.
Severity: 2/4.
Creation date: 30/06/2016.
Identifiers: 1983969, 1984073, 1987066, 1990410, CVE-2016-4463, DLA-535-1, DSA-3610-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, openSUSE-SU-2016:1808-1, openSUSE-SU-2016:2232-1, SOL70191975, VIGILANCE-VUL-20001.

Description of the vulnerability

The Apache Xerces-C XML parser handles Document Type Definition, including the internal part in an XML document.

DTDs are recursively parsed. However, Xerces does not limit the depth of the element definitions in the DTD. So a very deeply nested DTD can make the parser stack grow until its limit. This overflow kills the application process.

An attacker can therefore submit an XML document including a deeply nested DTD to Apache Xerces-C, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: