The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

computer vulnerability CVE-2017-14106

Linux kernel: denial of service via tcp_disconnect

Synthesis of the vulnerability

Impacted products: Debian, Junos Space, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 04/09/2017.
Identifiers: CERTFR-2017-AVI-339, CERTFR-2017-AVI-375, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CERTFR-2018-AVI-005, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CVE-2017-14106, DLA-1099-1, DSA-3981-1, JSA10838, openSUSE-SU-2017:2494-1, openSUSE-SU-2017:2495-1, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, RHSA-2017:3200-01, RHSA-2018:2172-01, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, USN-3443-1, USN-3443-2, USN-3443-3, USN-3444-1, USN-3444-2, USN-3445-1, USN-3445-2, VIGILANCE-VUL-23715.

Description of the vulnerability

An attacker can generate a fatal error via tcp_disconnect() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-14032

Mbed TLS: privilege escalation

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 04/09/2017.
Identifiers: CVE-2017-14032, DSA-3967-1, FEDORA-2017-382c240580, FEDORA-2017-3abea58794, openSUSE-SU-2017:2731-1, openSUSE-SU-2017:2736-1, VIGILANCE-VUL-23713.

Description of the vulnerability

An attacker can bypass restrictions of Mbed TLS, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-14051

Linux kernel: integer overflow via qla2x00_sysfs_write_optrom_ctl

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 01/09/2017.
Identifiers: CERTFR-2017-AVI-311, CERTFR-2017-AVI-338, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-384, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-14051, DLA-1200-1, FEDORA-2017-6764d16965, FEDORA-2017-a3a8638a60, FEDORA-2018-884a105c04, openSUSE-SU-2017:2384-1, openSUSE-SU-2017:2495-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2694-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, SUSE-SU-2017:3265-1, USN-3469-1, USN-3469-2, USN-3583-1, USN-3583-2, VIGILANCE-VUL-23707.

Description of the vulnerability

An attacker can generate an integer overflow via qla2x00_sysfs_write_optrom_ctl of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-13776 CVE-2017-13777

GraphicsMagick: denial of service via ReadXBMImage

Synthesis of the vulnerability

Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/09/2017.
Identifiers: CVE-2017-13776, CVE-2017-13777, DLA-1082-1, DLA-1456-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:3020-1, SUSE-SU-2017:3435-1, VIGILANCE-VUL-23690.

Description of the vulnerability

An attacker can generate a fatal error via ReadXBMImage() of GraphicsMagick, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-13133 CVE-2017-13134 CVE-2017-13139

ImageMagick: seven vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-13133, CVE-2017-13134, CVE-2017-13139, CVE-2017-13142, CVE-2017-13143, CVE-2017-13144, CVE-2017-13146, DLA-1081-1, DLA-1170-1, DLA-1401-1, DSA-4019-1, DSA-4032-1, DSA-4040-1, DSA-4204-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:2894-1, openSUSE-SU-2017:2999-1, openSUSE-SU-2017:3020-1, openSUSE-SU-2017:3420-1, openSUSE-SU-2018:0155-1, openSUSE-SU-2018:0218-1, openSUSE-SU-2018:0396-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2017:3435-1, USN-3681-1, VIGILANCE-VUL-23678.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-12983

ImageMagick: buffer overflow via ReadSFWImage

Synthesis of the vulnerability

Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-12983, DLA-1081-1, DSA-4032-1, DSA-4040-1, openSUSE-SU-2017:3020-1, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2017:3435-1, USN-3681-1, VIGILANCE-VUL-23677.

Description of the vulnerability

An attacker can generate a buffer overflow via ReadSFWImage() of ImageMagick, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-12662 CVE-2017-12663 CVE-2017-12664

ImageMagick: ten vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-12662, CVE-2017-12663, CVE-2017-12664, CVE-2017-12665, CVE-2017-12666, CVE-2017-12668, CVE-2017-12670, CVE-2017-12674, CVE-2017-12675, CVE-2017-12676, DLA-1081-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2017:3270-1, openSUSE-SU-2017:3420-1, openSUSE-SU-2018:0087-1, openSUSE-SU-2018:0155-1, openSUSE-SU-2018:0218-1, openSUSE-SU-2018:0396-1, openSUSE-SU-2018:0621-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2019:13923-1, USN-3681-1, VIGILANCE-VUL-23675.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-12640 CVE-2017-12641 CVE-2017-12642

ImageMagick: five vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-12640, CVE-2017-12641, CVE-2017-12642, CVE-2017-12643, CVE-2017-12644, DLA-1081-1, DSA-4019-1, DSA-4040-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2017:3270-1, openSUSE-SU-2017:3420-1, openSUSE-SU-2018:0092-1, openSUSE-SU-2018:0218-1, openSUSE-SU-2018:0396-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, USN-3681-1, VIGILANCE-VUL-23673.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-12587

ImageMagick: infinite loop via ReadPWPImage

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-12587, DLA-1081-1, DSA-4019-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2017:3435-1, USN-3681-1, VIGILANCE-VUL-23672.

Description of the vulnerability

An attacker can generate an infinite loop via ReadPWPImage() of ImageMagick, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-12563 CVE-2017-12564 CVE-2017-12565

ImageMagick: four vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: CVE-2017-12563, CVE-2017-12564, CVE-2017-12565, CVE-2017-12566, DLA-1081-1, openSUSE-SU-2018:0025-1, openSUSE-SU-2018:0087-1, openSUSE-SU-2018:0155-1, openSUSE-SU-2018:0396-1, openSUSE-SU-2018:0621-1, SUSE-SU-2018:0017-1, USN-3681-1, VIGILANCE-VUL-23671.

Description of the vulnerability

An attacker can use several vulnerabilities of ImageMagick.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: