The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Desktop

vulnerability CVE-2018-5407

OpenSSL: information disclosure via ECC Scalar Multiplication

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, OpenBSD, OpenSSL, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: CVE-2018-5407, DLA-1586-1, DSA-4348-1, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, USN-3840-1, VIGILANCE-VUL-27760.

Description of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-5407

Intel processors: information disclosure via SMT/Hyper-Threading PortSmash

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, Windows (platform) ~ not comprehensive, OpenBSD, OpenSSL, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 05/11/2018.
Identifiers: CVE-2018-5407, DSA-4348-1, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, USN-3840-1, VIGILANCE-VUL-27667.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-0734

OpenSSL: information disclosure via DSA Signature Generation

Synthesis of the vulnerability

Impacted products: Debian, AIX, OpenSSL, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 30/10/2018.
Identifiers: CVE-2018-0734, DSA-4348-1, openSUSE-SU-2018:3890-1, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3863-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, USN-3840-1, VIGILANCE-VUL-27640.

Description of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-18710

Linux kernel: information disclosure via cdrom_ioctl_select_disc

Synthesis of the vulnerability

Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 29/10/2018.
Identifiers: CERTFR-2018-AVI-541, CERTFR-2018-AVI-579, CVE-2018-18710, FEDORA-2018-1621b2204a, FEDORA-2018-b68776e5b0, FEDORA-2018-f55c305488, openSUSE-SU-2018:3658-1, openSUSE-SU-2018:3817-1, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2018:3934-1, SUSE-SU-2018:4069-1, VIGILANCE-VUL-27637.

Description of the vulnerability

A local attacker can read a memory fragment via cdrom_ioctl_select_disc() of the Linux kernel, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-18690

Linux kernel: denial of service via XFS Attributes

Synthesis of the vulnerability

Impacted products: Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 29/10/2018.
Identifiers: CERTFR-2018-AVI-541, CVE-2018-18690, openSUSE-SU-2018:3817-1, SUSE-SU-2018:3689-1, SUSE-SU-2018:3773-1, VIGILANCE-VUL-27636.

Description of the vulnerability

An attacker can generate a fatal error via XFS Attributes of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-18661

LibTIFF: NULL pointer dereference via LZWDecode

Synthesis of the vulnerability

Impacted products: LibTIFF, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 29/10/2018.
Identifiers: 2819, CVE-2018-18661, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SSA:2018-316-01, SUSE-SU-2018:3879-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, VIGILANCE-VUL-27635.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LZWDecode of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-18386

Linux kernel: denial of service via EXTPROC/ICANON

Synthesis of the vulnerability

Impacted products: Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/10/2018.
Identifiers: CERTFR-2018-AVI-538, CERTFR-2018-AVI-541, CERTFR-2018-AVI-579, CVE-2018-18386, openSUSE-SU-2018:3658-1, openSUSE-SU-2018:3817-1, SUSE-SU-2018:3589-1, SUSE-SU-2018:3659-1, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2018:3934-1, SUSE-SU-2018:4069-1, VIGILANCE-VUL-27577.

Description of the vulnerability

An attacker can generate a fatal error via EXTPROC/ICANON of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-18445

Linux kernel: information disclosure via adjust_scalar_min_max_vals

Synthesis of the vulnerability

Impacted products: Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/10/2018.
Identifiers: 1798863, CERTFR-2018-AVI-579, CERTFR-2018-AVI-581, CERTFR-2018-AVI-583, CVE-2018-18445, openSUSE-SU-2018:3658-1, SUSE-SU-2018:3589-1, SUSE-SU-2018:3934-1, SUSE-SU-2018:4069-1, USN-3832-1, USN-3835-1, VIGILANCE-VUL-27569.

Description of the vulnerability

A local attacker can read a memory fragment via adjust_scalar_min_max_vals() of the Linux kernel, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-18024

ImageMagick: infinite loop via ReadBMPImage

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 17/10/2018.
Identifiers: CVE-2018-18024, openSUSE-SU-2018:3204-1, openSUSE-SU-2018:3225-1, openSUSE-SU-2018:3797-1, SUSE-SU-2018:3191-1, SUSE-SU-2018:3269-1, SUSE-SU-2018:3348-1, SUSE-SU-2018:3753-1, VIGILANCE-VUL-27553.

Description of the vulnerability

An attacker can generate an infinite loop via ReadBMPImage() of ImageMagick, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-18016

ImageMagick: memory leak via WritePCXImage

Synthesis of the vulnerability

Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 17/10/2018.
Identifiers: CVE-2018-18016, openSUSE-SU-2018:3225-1, openSUSE-SU-2018:3797-1, SUSE-SU-2018:3191-1, SUSE-SU-2018:3269-1, SUSE-SU-2018:3348-1, SUSE-SU-2018:3753-1, VIGILANCE-VUL-27552.

Description of the vulnerability

An attacker can create a memory leak via WritePCXImage() of ImageMagick, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Desktop: