The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

computer vulnerability note CVE-2018-7550

QEMU: code execution via the multiboot header

Synthesis of the vulnerability

An attacker, inside a guest system, can put an invalid address to the field mh_load_end_addr from the multiboot header in the kernel file to be loaded by QEMU, in order to run code on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 02/03/2018.
Identifiers: CVE-2018-7550, DLA-1350-1, DLA-1351-1, DLA-1497-1, DSA-4213-1, openSUSE-SU-2018:0780-1, openSUSE-SU-2018:2402-1, RHSA-2018:2462-01, SUSE-SU-2018:0762-1, SUSE-SU-2018:0831-1, SUSE-SU-2018:1077-1, SUSE-SU-2018:1177-1, SUSE-SU-2018:1181-1, SUSE-SU-2018:1202-1, SUSE-SU-2018:1203-1, SUSE-SU-2018:1308-1, SUSE-SU-2018:2340-1, USN-3649-1, VIGILANCE-VUL-25419.

Description of the vulnerability

An attacker, inside a guest system, can put an invalid address to the field mh_load_end_addr from the multiboot header in the kernel file to be loaded by QEMU, in order to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-18203

Linux kernel: denial of service via dm_get_from_kobject

Synthesis of the vulnerability

A local attacker can generate a fatal error via dm_get_from_kobject() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 02/03/2018.
Identifiers: CERTFR-2018-AVI-170, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-232, CERTFR-2018-AVI-241, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-18203, DLA-1369-1, DSA-4187-1, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1854-01, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, USN-3653-1, USN-3653-2, USN-3655-1, USN-3655-2, USN-3657-1, VIGILANCE-VUL-25418.

Description of the vulnerability

A local attacker can generate a fatal error via dm_get_from_kobject() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-18208

Linux kernel: infinite loop via madvise_willneed

Synthesis of the vulnerability

A local attacker can generate an infinite loop via madvise_willneed() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 02/03/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-18208, openSUSE-SU-2018:0781-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:0986-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, USN-3653-1, USN-3653-2, USN-3655-1, USN-3655-2, USN-3657-1, VIGILANCE-VUL-25417.

Description of the vulnerability

A local attacker can generate an infinite loop via madvise_willneed() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0202 CVE-2018-1000085

ClamAV: vulnerability

Synthesis of the vulnerability

A vulnerability of ClamAV was announced.
Impacted products: SNS, ClamAV, Debian, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/03/2018.
Identifiers: CVE-2018-0202, CVE-2018-1000085, DLA-1307-1, openSUSE-SU-2018:0825-1, openSUSE-SU-2018:2406-1, STORM-2018-003, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, SUSE-SU-2018:2323-1, USN-3592-1, USN-3592-2, VIGILANCE-VUL-25413.

Description of the vulnerability

A vulnerability of ClamAV was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-7584

PHP: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, openSUSE Leap, Solaris, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 01/03/2018.
Identifiers: 75981, bulletinapr2018, CERTFR-2018-AVI-109, CVE-2018-7584, DLA-1326-1, DLA-1397-1, DSA-4240-1, FEDORA-2018-a89ccf7133, FEDORA-2018-e8bc8d2784, HT208849, openSUSE-SU-2018:0657-1, openSUSE-SU-2018:0725-1, SUSE-SU-2018:0806-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-25412.

Description of the vulnerability

An attacker can generate a buffer overflow of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5803

Linux kernel: memory corruption via _sctp_make_chunk

Synthesis of the vulnerability

An attacker can generate a memory corruption via _sctp_make_chunk() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on client.
Provenance: intranet client.
Creation date: 01/03/2018.
Identifiers: CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CERTFR-2018-AVI-299, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-321, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CVE-2018-5803, DLA-1369-1, DSA-4187-1, DSA-4188-1, FEDORA-2018-2bce10900e, FEDORA-2018-884a105c04, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:2119-1, RHSA-2018:1854-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1761-1, SUSE-SU-2018:1762-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2637-1, USN-3654-1, USN-3654-2, USN-3656-1, USN-3697-1, USN-3697-2, USN-3698-1, USN-3698-2, VIGILANCE-VUL-25407.

Description of the vulnerability

An attacker can generate a memory corruption via _sctp_make_chunk() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12627

Apache Xerces-C++: NULL pointer dereference via the DTD reference

Synthesis of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/03/2018.
Identifiers: CVE-2017-12627, DLA-1328-1, FEDORA-2018-51ce232320, FEDORA-2018-7b97e553ff, openSUSE-SU-2019:1283-1, SUSE-SU-2018:3277-1, SUSE-SU-2019:0977-1, VIGILANCE-VUL-25404.

Description of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-7170 CVE-2018-7182 CVE-2018-7183

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, Solaris, SafeNet Network HSM, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/02/2018.
Identifiers: bulletinapr2018, bulletinapr2019, CERTFR-2018-AVI-545, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, FEDORA-2018-7051d682fa, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-18:02.ntp, JSA10898, K04912972, K13540723, K82570157, KB0018260, openSUSE-SU-2018:0970-1, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, SA165, SB10231, SB10264, SSA:2018-060-02, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, Synology-SA-18:13, Synology-SA-18:14, USN-3707-1, USN-3707-2, VIGILANCE-VUL-25397.

Description of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: