The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Solaris

vulnerability announce CVE-2017-2862

gdk-pixbuf: memory corruption via gdk_pixbuf__jpeg_image_load_increment

Synthesis of the vulnerability

Impacted products: Debian, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 07/09/2017.
Identifiers: bulletinjul2018, CVE-2017-2862, DLA-1100-1, DSA-3978-1, openSUSE-SU-2017:2393-1, SUSE-SU-2017:2381-1, SUSE-SU-2018:2470-1, USN-3418-1, VIGILANCE-VUL-23752.

Description of the vulnerability

An attacker can generate a memory corruption via gdk_pixbuf__jpeg_image_load_increment() of gdk-pixbuf, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-13738 CVE-2017-13739 CVE-2017-13740

Liblouis: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Liblouis.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 05/09/2017.
Identifiers: bulletinjul2018, CVE-2017-13738, CVE-2017-13739, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744, FEDORA-2017-2c9852dd05, FEDORA-2017-f9f6398158, openSUSE-SU-2017:2639-1, RHSA-2017:3111-01, USN-3408-1, VIGILANCE-VUL-23726.

Description of the vulnerability

Several vulnerabilities were announced in Liblouis.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2017-13738]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-13739]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-13740]

An attacker can force the usage of a freed memory area via compileBrailleIndicator(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-13741]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-13742]

An attacker can generate a buffer overflow via _lou_showString(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-13743]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2017-13744]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-12982

OpenJPEG: denial of service via opj_image_create

Synthesis of the vulnerability

Impacted products: Fedora, Solaris, Slackware.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/09/2017.
Identifiers: bulletinjul2018, CVE-2017-12982, FEDORA-2017-06cace06ce, FEDORA-2017-deefb26e8b, SSA:2017-279-02, VIGILANCE-VUL-23714.

Description of the vulnerability

An attacker can generate a fatal error via opj_image_create() of OpenJPEG, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-9110 CVE-2017-9112 CVE-2017-9116

OpenEXR: three vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Slackware.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/09/2017.
Identifiers: bulletinjul2018, CVE-2017-9110, CVE-2017-9112, CVE-2017-9116, DLA-1083-1, FEDORA-2018-b152c791cc, FEDORA-2018-f5d2f4ec0d, openSUSE-SU-2018:0619-1, SSA:2017-274-01, VIGILANCE-VUL-23696.

Description of the vulnerability

An attacker can use several vulnerabilities of OpenEXR.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-13726

LibTIFF: assertion error via TIFFWriteDirectorySec

Synthesis of the vulnerability

Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: 2727, bulletinjan2018, bulletinjul2018, CVE-2017-13726, DLA-1093-1, DSA-4100-1, openSUSE-SU-2018:1834-1, SUSE-SU-2018:1826-1, USN-3602-1, VIGILANCE-VUL-23654.

Description of the vulnerability

An attacker can force an assertion error via TIFFWriteDirectorySec() of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-13764 CVE-2017-13765 CVE-2017-13766

Wireshark: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, WindRiver Linux, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 31/08/2017.
Identifiers: bulletinoct2017, CERTFR-2017-AVI-278, CVE-2017-13764, CVE-2017-13765, CVE-2017-13766, CVE-2017-13767, DLA-1634-1, DSA-4060-1, FEDORA-2017-9fd430dba0, openSUSE-SU-2017:2349-1, VIGILANCE-VUL-23642, wnpa-sec-2017-38, wnpa-sec-2017-39, wnpa-sec-2017-40, wnpa-sec-2017-41.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can generate an infinite loop via MSDP, in order to trigger a denial of service. [severity:1/4; CVE-2017-13767, wnpa-sec-2017-38]

An attacker can generate a buffer overflow via Profinet I/O, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-13766, wnpa-sec-2017-39]

An attacker can trigger a fatal error via Modbus, in order to trigger a denial of service. [severity:1/4; CVE-2017-13764, wnpa-sec-2017-40]

An attacker can generate a buffer overflow via IrCOMM, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-13765, wnpa-sec-2017-41]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-3735

OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily

Synthesis of the vulnerability

Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, X2GoClient.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 29/08/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, K21462542, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-23636.

Description of the vulnerability

An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-7244 CVE-2017-7245 CVE-2017-7246

PCRE: three vulnerabilities

Synthesis of the vulnerability

Impacted products: Fedora, Solaris, Nessus.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 21/08/2017.
Identifiers: bulletinjul2017, CERTFR-2018-AVI-288, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246, FEDORA-2018-3238d4da59, TNS-2018-08, VIGILANCE-VUL-23592.

Description of the vulnerability

An attacker can use several vulnerabilities of PCRE.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-7555

augeas: code execution

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 21/08/2017.
Identifiers: bulletinjul2018, CVE-2017-7555, DLA-1067-1, DSA-3949-1, FEDORA-2017-7dacb3c21c, FEDORA-2017-8bd521abc9, RHSA-2017:2788-01, USN-3400-1, VIGILANCE-VUL-23585.

Description of the vulnerability

An attacker can use a vulnerability of augeas, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-12932

PHP: use after free via var_unserializer.re

Synthesis of the vulnerability

Impacted products: Debian, Solaris, PHP, RHEL.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 18/08/2017.
Identifiers: 74103, bulletinapr2018, CVE-2017-12932, DSA-4080-1, RHSA-2018:1296-01, VIGILANCE-VUL-23568.

Description of the vulnerability

An attacker can force the usage of a freed memory area via var_unserializer.re of PHP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Solaris: