The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SUSE Linux Enterprise Server

computer vulnerability announce CVE-2017-3735

OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily

Synthesis of the vulnerability

An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24317.

Description of the vulnerability

An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15535

MongoDB: read-write access via Wire Protocol Compression

Synthesis of the vulnerability

An attacker can bypass access restrictions via Wire Protocol Compression of MongoDB, in order to read or alter data.
Impacted products: Fedora, MongoDB, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-386, CVE-2017-15535, FEDORA-2017-774e7863a4, FEDORA-2017-913288e9a9, openSUSE-SU-2017:3018-1, openSUSE-SU-2017:3022-1, VIGILANCE-VUL-24311.

Description of the vulnerability

An attacker can bypass access restrictions via Wire Protocol Compression of MongoDB, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12193

Linux kernel: NULL pointer dereference via assoc_array_apply_edit

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-321, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3698-1, USN-3698-2, VIGILANCE-VUL-24308.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15930

GraphicsMagick: NULL pointer dereference via ReadOneJNGImage

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ReadOneJNGImage() of GraphicsMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-15930, DLA-1154-1, DLA-1456-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:3020-1, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, SUSE-SU-2017:3435-1, VIGILANCE-VUL-24302.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ReadOneJNGImage() of GraphicsMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-14997

GraphicsMagick: denial of service via ReadPICTImage

Synthesis of the vulnerability

An attacker can generate a fatal error via ReadPICTImage() of GraphicsMagick, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-14997, DLA-1154-1, DLA-1456-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2018:3479-1, openSUSE-SU-2018:3524-1, SUSE-SU-2018:3465-1, SUSE-SU-2018:3808-1, SUSE-SU-2019:13923-1, VIGILANCE-VUL-24301.

Description of the vulnerability

An attacker can generate a fatal error via ReadPICTImage() of GraphicsMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-14733

GraphicsMagick: out-of-bounds memory reading via ReadRLEImage

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ReadRLEImage() of GraphicsMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-14733, DLA-1154-1, DLA-1401-1, DSA-4321-1, DSA-4321-2, openSUSE-SU-2017:3270-1, openSUSE-SU-2017:3420-1, SUSE-SU-2017:3378-1, SUSE-SU-2017:3388-1, VIGILANCE-VUL-24299.

Description of the vulnerability

An attacker can force a read at an invalid address via ReadRLEImage() of GraphicsMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15565

Poppler: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15565, DLA-1177-1, DSA-4079-1, DSA-4079-2, FEDORA-2017-1762a103bf, FEDORA-2017-2853ab80b3, FEDORA-2018-e23d2dae46, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3467-1, VIGILANCE-VUL-24271.

Description of the vulnerability

An attacker can generate a fatal error of Poppler, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-16227

Quagga: memory corruption via AS_PATH Long Paths Update Message

Synthesis of the vulnerability

An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Quagga, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 30/10/2017.
Identifiers: bulletinapr2018, CVE-2017-16227, DLA-1152-1, DSA-4011-1, FEDORA-2017-7d25605e98, FEDORA-2017-df3032c978, openSUSE-SU-2018:0473-1, SUSE-SU-2018:0455-1, SUSE-SU-2018:0456-1, SUSE-SU-2018:0457-1, USN-3471-1, VIGILANCE-VUL-24267.

Description of the vulnerability

An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-15951

Linux kernel: denial of service via KEY_FLAG_NEGATIVE

Synthesis of the vulnerability

An attacker can generate a fatal error via KEY_FLAG_NEGATIVE of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/10/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-454, CERTFR-2018-AVI-147, CERTFR-2018-AVI-196, CVE-2017-15951, FEDORA-2017-10faeda281, FEDORA-2017-ebab38baf6, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3507-1, USN-3507-2, VIGILANCE-VUL-24266.

Description of the vulnerability

An attacker can generate a fatal error via KEY_FLAG_NEGATIVE of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SUSE Linux Enterprise Server: