The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Desktop

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-16866

systemd: out-of-bounds memory reading via Colon Log Messages

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 14/01/2019.
Revision date: 10/05/2019.
Identifiers: CVE-2018-16866, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28257.

Description of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12019

Enigmail: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 14/06/2018.
Revision date: 02/05/2019.
Identifiers: CVE-2018-12019, FEDORA-2018-a4bb79ea75, FEDORA-2018-fd67c19256, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, SUSE-SU-2018:2243-1, VIGILANCE-VUL-26424.

Description of the vulnerability

An attacker can create fake status messages in Enigmail, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 29174

OpenSSL: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Impacted products: OpenSSL, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 02/05/2019.
Identifiers: 1117951, 7739, openSUSE-SU-2019:1373-1, SUSE-SU-2019:1124-1, SUSE-SU-2019:1136-1, SUSE-SU-2019:1141-1, VIGILANCE-VUL-29174.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-0161

ovmf: buffer overflow via UsbBusDxe, UsbBusPei

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via UsbBusDxe, UsbBusPei of ovmf, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 02/05/2019.
Identifiers: CVE-2019-0161, openSUSE-SU-2019:1352-1, SUSE-SU-2019:1110-1, SUSE-SU-2019:1157-1, VIGILANCE-VUL-29170.

Description of the vulnerability

An attacker can trigger a buffer overflow via UsbBusDxe, UsbBusPei of ovmf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-10650

ImageMagick: out-of-bounds memory reading via WriteTIFFImage

Synthesis of the vulnerability

An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/04/2019.
Identifiers: CVE-2019-10650, DLA-1785-1, DSA-4436-1, openSUSE-SU-2019:1320-1, openSUSE-SU-2019:1331-1, SUSE-SU-2019:1033-1, SUSE-SU-2019:1033-2, VIGILANCE-VUL-29141.

Description of the vulnerability

An attacker can force a read at an invalid address via WriteTIFFImage() of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9500 CVE-2019-9503

Linux kernel: buffer overflow via brcmf_wowl_nd_results

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CVE-2019-9500, CVE-2019-9503, FEDORA-2019-1b986880ea, FEDORA-2019-1e8a4c6958, FEDORA-2019-8219efa9f6, FEDORA-2019-87d807d7cb, openSUSE-SU-2019:1404-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, VIGILANCE-VUL-29128, VU#166939.

Description of the vulnerability

An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-3882

Linux kernel: denial of service via vfio/type1 DMA Mappings

Synthesis of the vulnerability

An attacker can trigger a fatal error via vfio/type1 DMA Mappings of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/04/2019.
Identifiers: CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CVE-2019-3882, FEDORA-2019-65c6d11eba, FEDORA-2019-be9add5b77, openSUSE-SU-2019:1404-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, VIGILANCE-VUL-28934.

Description of the vulnerability

An attacker can trigger a fatal error via vfio/type1 DMA Mappings of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-8955

Tor: memory leak via KIST Cell Scheduler

Synthesis of the vulnerability

An attacker can create a memory leak via KIST Cell Scheduler of Tor, in order to trigger a denial of service.
Impacted products: openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 03/04/2019.
Identifiers: CVE-2019-8955, openSUSE-SU-2019:1107-1, VIGILANCE-VUL-28927.

Description of the vulnerability

An attacker can create a memory leak via KIST Cell Scheduler of Tor, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Desktop: