The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux

computer vulnerability bulletin CVE-2014-9907

ImageMagick: denial of service via DDS

Synthesis of the vulnerability

An attacker can generate a fatal error via DDS of ImageMagick, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/09/2017.
Identifiers: CVE-2014-9907, DLA-731-1, DLA-731-2, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2016:2671-1, openSUSE-SU-2016:2770-1, openSUSE-SU-2016:3091-1, SUSE-SU-2016:2964-1, VIGILANCE-VUL-23878.

Description of the vulnerability

An attacker can generate a fatal error via DDS of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0250

FreeRDP: buffer overflow via Width/Height

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Width/Height of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Impacted products: MBS, openSUSE, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/08/2017.
Identifiers: CVE-2014-0250, MDVSA-2015:171, openSUSE-SU-2014:0862-1, USN-3380-1, VIGILANCE-VUL-23464.

Description of the vulnerability

An attacker can generate a buffer overflow via Width/Height of FreeRDP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-3677

shim: memory corruption via MOK Lists

Synthesis of the vulnerability

An attacker can generate a memory corruption via MOK Lists of shim, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/07/2017.
Identifiers: CVE-2014-3677, FEDORA-2014-14058, FEDORA-2014-14059, openSUSE-SU-2017:1967-1, RHSA-2014:1801-01, SUSE-SU-2014:1619-1, VIGILANCE-VUL-23373.

Description of the vulnerability

An attacker can generate a memory corruption via MOK Lists of shim, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-3676

shim: buffer overflow via DHCPv6 TFTP IPv6 Addresses

Synthesis of the vulnerability

An attacker can generate a buffer overflow via DHCPv6 TFTP IPv6 Addresses of shim, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 27/07/2017.
Identifiers: CVE-2014-3676, FEDORA-2014-14058, FEDORA-2014-14059, openSUSE-SU-2017:1967-1, RHSA-2014:1801-01, SUSE-SU-2014:1619-1, VIGILANCE-VUL-23372.

Description of the vulnerability

An attacker can generate a buffer overflow via DHCPv6 TFTP IPv6 Addresses of shim, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-9638 CVE-2014-9639

vorbis-tools: two vulnerabilities via oggenc

Synthesis of the vulnerability

An attacker can use several vulnerabilities via oggenc of vorbis-tools.
Impacted products: Debian, Fedora, openSUSE.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/07/2017.
Identifiers: CVE-2014-9638, CVE-2014-9639, DLA-1010-1, FEDORA-2015-2330, FEDORA-2015-2335, openSUSE-SU-2015:0522-1, VIGILANCE-VUL-23124.

Description of the vulnerability

An attacker can use several vulnerabilities via oggenc of vorbis-tools.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-9640

vorbis-tools: out-of-bounds memory reading via oggenc

Synthesis of the vulnerability

An attacker can force a read at an invalid address via oggenc of vorbis-tools, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, MBS, openSUSE.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: CVE-2014-9640, DLA-1010-1, FEDORA-2015-1191, FEDORA-2015-1253, MDVSA-2015:037, openSUSE-SU-2015:0231-1, VIGILANCE-VUL-23121.

Description of the vulnerability

An attacker can force a read at an invalid address via oggenc of vorbis-tools, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-1000370

Linux kernel: memory corruption via PIE Binary Offset2lib Bypass

Synthesis of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Junos Space, Linux, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2017.
Revision date: 29/06/2017.
Identifiers: CERTFR-2017-AVI-365, CVE-2017-1000370, DSA-3981-1, JSA10824, JSA10826, VIGILANCE-VUL-23010.

Description of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1000379

Linux kernel: memory corruption via AMD64 PIE Executable

Synthesis of the vulnerability

An attacker can generate a memory corruption via AMD64 PIE Executable on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Junos Space, Linux, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2017.
Revisions dates: 20/06/2017, 29/06/2017.
Identifiers: CERTFR-2017-AVI-365, CVE-2017-1000379, JSA10824, JSA10826, JSA10917, VIGILANCE-VUL-23015.

Description of the vulnerability

An attacker can generate a memory corruption via AMD64 PIE Executable on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1000371

Linux kernel: memory corruption via PIE Binary Offset2lib RLIM_INFINITY Bypass

Synthesis of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib RLIM_INFINITY Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Junos Space, Linux, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 20/06/2017.
Revisions dates: 20/06/2017, 29/06/2017.
Identifiers: CERTFR-2017-AVI-365, CVE-2017-1000371, DSA-3981-1, JSA10824, JSA10826, VIGILANCE-VUL-23011.

Description of the vulnerability

An attacker can generate a memory corruption via PIE Binary Offset2lib RLIM_INFINITY Bypass on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1000365

Linux kernel: memory corruption via Stack Size Restriction

Synthesis of the vulnerability

An attacker can generate a memory corruption via Stack Size Restriction on the Linux kernel, which can be exploited for example by /bin/su on Debian, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2017.
Revision date: 20/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-247, CERTFR-2017-AVI-250, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CERTFR-2017-AVI-365, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-1000365, DLA-1099-1, DSA-3927-1, JSA10824, JSA10826, K15412203, openSUSE-SU-2017:1825-1, SSA:2017-177-01, SSA:2017-180-01, SSA:2017-181-02, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3377-1, USN-3377-2, USN-3378-1, USN-3378-2, USN-3381-1, USN-3381-2, USN-3392-1, USN-3392-2, VIGILANCE-VUL-23012.

Description of the vulnerability

An attacker can generate a memory corruption via Stack Size Restriction on the Linux kernel, which can be exploited for example by /bin/su on Debian, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux: