The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

computer vulnerability announce CVE-2017-1000456

Poppler: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: bulletinjan2019, CVE-2017-1000456, DLA-1228-1, DSA-4097-1, FEDORA-2018-048468d7a8, FEDORA-2018-20ba39cba9, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3517-1, VIGILANCE-VUL-24937.

Description of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1000409

glibc: buffer overflow via LD_LIBRARY_PATH

Synthesis of the vulnerability

An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000409, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24925.

Description of the vulnerability

An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-1000408

glibc: memory leak via LD_HWCAP_MASK

Synthesis of the vulnerability

An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000408, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24924.

Description of the vulnerability

An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-7409

unixODBC: buffer overflow via unicode_to_ansi_copy

Synthesis of the vulnerability

An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: bulletinoct2018, CVE-2018-7409, FEDORA-2018-9565c0bc9a, openSUSE-SU-2018:1845-1, SUSE-SU-2018:1832-1, VIGILANCE-VUL-24923.

Description of the vulnerability

An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18013

LibTIFF: NULL pointer dereference via TIFFPrintDirectory

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFPrintDirectory() of LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: 2770, bulletinjan2019, bulletinoct2018, CVE-2017-18013, DLA-1259-1, DLA-1260-1, DSA-4100-1, openSUSE-SU-2018:1834-1, openSUSE-SU-2018:1956-1, SUSE-SU-2018:1472-1, SUSE-SU-2018:1826-1, SUSE-SU-2018:1889-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-24920.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFPrintDirectory() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-17975

Linux kernel: use after free via usbtv_probe

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via usbtv_probe of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-196, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-17975, DSA-4188-1, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3656-1, USN-3657-1, VIGILANCE-VUL-24916.

Description of the vulnerability

An attacker can force the usage of a freed memory area via usbtv_probe of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-17942

LibTIFF: out-of-bounds memory reading via PackBitsEncode

Synthesis of the vulnerability

An attacker can force a read at an invalid address via PackBitsEncode() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/12/2017.
Identifiers: 2767, bulletinoct2018, CVE-2017-17942, openSUSE-SU-2018:2880-1, SUSE-SU-2018:2676-1, SUSE-SU-2018:2836-1, SUSE-SU-2018:3879-1, VIGILANCE-VUL-24906.

Description of the vulnerability

An attacker can force a read at an invalid address via PackBitsEncode() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000499

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-17864

Linux kernel: information disclosure via states_equal

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via states_equal of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-017, CERTFR-2018-AVI-049, CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-196, CVE-2017-17864, DSA-4073-1, FEDORA-2018-22d5fa8a90, FEDORA-2018-884a105c04, FEDORA-2018-8ed5eff2c0, openSUSE-SU-2018:0408-1, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0986-1, USN-3523-1, USN-3523-2, USN-3523-3, USN-3541-1, USN-3541-2, VIGILANCE-VUL-24884.

Description of the vulnerability

An attacker can bypass access restrictions to data via states_equal of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17862

Linux kernel: denial of service via kernel/bpf/verifier.c

Synthesis of the vulnerability

An attacker can generate a fatal error via kernel/bpf/verifier.c of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-017, CERTFR-2018-AVI-049, CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CVE-2017-17862, DSA-4073-1, FEDORA-2018-22d5fa8a90, FEDORA-2018-884a105c04, FEDORA-2018-8ed5eff2c0, openSUSE-SU-2018:0408-1, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0986-1, USN-3523-1, USN-3523-2, USN-3523-3, USN-3541-1, USN-3541-2, USN-3619-1, USN-3619-2, VIGILANCE-VUL-24882.

Description of the vulnerability

An attacker can generate a fatal error via kernel/bpf/verifier.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: