The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of openSUSE Leap

computer vulnerability bulletin CVE-2014-2525

LibYAML: buffer overflow of yaml_parser_scan_uri_escapes

Synthesis of the vulnerability

An attacker can generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, openSUSE Leap, Puppet, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 27/03/2014.
Identifiers: CVE-2014-2525, DSA-2884-1, DSA-2885-1, FEDORA-2014-4438, FEDORA-2014-4440, FEDORA-2014-4517, FEDORA-2014-4548, MDVSA-2014:070, MDVSA-2014:071, MDVSA-2015:060, oCERT-2014-003, openSUSE-SU-2014:0500-1, openSUSE-SU-2015:0319-1, openSUSE-SU-2016:1067-1, RHSA-2014:0353-01, RHSA-2014:0354-01, RHSA-2014:0355-01, RHSA-2014:0364-01, RHSA-2014:0415-01, SSA:2014-111-01, USN-2160-1, USN-2161-1, VIGILANCE-VUL-14488.

Description of the vulnerability

The LibYAML library is used to read data files in YAML (YAML Ain't Markup Language) format.

However, if the size of an url escaped with "%hh" is greater than the size of the storage array, an overflow occurs in the yaml_parser_scan_uri_escapes() function of the src/scanner.c file.

An attacker can therefore generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2013-6393

LibYAML: buffer overflow of yaml_parser_scan_tag_uri

Synthesis of the vulnerability

An attacker can generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, openSUSE Leap, Puppet, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2014.
Identifiers: 1033990, BID-65258, CVE-2013-6393, DSA-2850-1, DSA-2850-2, DSA-2870-1, FEDORA-2014-1817, FEDORA-2014-1851, FEDORA-2014-4517, FEDORA-2014-4548, MDVSA-2014:034, MDVSA-2014:070, MDVSA-2015:060, openSUSE-SU-2014:0272-1, openSUSE-SU-2014:0273-1, openSUSE-SU-2014:0381-1, openSUSE-SU-2015:0319-1, openSUSE-SU-2016:1067-1, RHSA-2014:0353-01, RHSA-2014:0354-01, RHSA-2014:0355-01, RHSA-2014:0364-01, RHSA-2014:0415-01, USN-2161-1, VIGILANCE-VUL-14239.

Description of the vulnerability

The LibYAML library is used to read data files in YAML (YAML Ain't Markup Language) format.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the yaml_parser_scan_tag_uri() function of the src/scanner.c file.

An attacker can therefore generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2013-7073 CVE-2013-7074 CVE-2013-7075

TYPO3: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3.
Impacted products: Debian, openSUSE, openSUSE Leap, TYPO3 Core.
Severity: 2/4.
Creation date: 10/12/2013.
Identifiers: BID-64238, BID-64239, BID-64240, BID-64244, BID-64245, BID-64247, BID-64248, BID-64252, BID-64256, CERTA-2013-AVI-675, CVE-2013-7073, CVE-2013-7074, CVE-2013-7075, CVE-2013-7076, CVE-2013-7077, CVE-2013-7078, CVE-2013-7079, CVE-2013-7080, CVE-2013-7081, DSA-2834-1, openSUSE-SU-2016:2025-1, openSUSE-SU-2016:2114-1, openSUSE-SU-2016:2169-1, TYPO3-CORE-SA-2013-004, VIGILANCE-VUL-13896.

Description of the vulnerability

Several vulnerabilities were announced in TYPO3.

An attacker can read data via Content Editing Wizards, in order to obtain sensitive information. [severity:2/4; BID-64240, CVE-2013-7073]

An attacker can trigger a Cross Site Scripting in Content Editing Wizards, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64245, CVE-2013-7074]

An attacker can unserialize data in Content Editing Wizards, in order to execute code. [severity:2/4; BID-64256, CVE-2013-7075]

An attacker can trigger a Cross Site Scripting in Extension Manager, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64247, CVE-2013-7076]

An attacker can trigger a Cross Site Scripting in Backend User Administration, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64244, CVE-2013-7077]

An attacker can trigger a Cross Site Scripting in Extbase, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64239, CVE-2013-7078]

An attacker can redirect the victim via OpenID Extension. [severity:2/4; BID-64252, CVE-2013-7079]

An attacker can use Extension Table Administration Library, in order to trigger a denial of service. [severity:2/4; BID-64248, CVE-2013-7080]

An attacker can obtain information via Form Content Element, in order to escalate his privileges. [severity:2/4; BID-64238, CVE-2013-7081]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-0169

OpenSSL: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, MBS, MES, ePO, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 12/02/2013.
Identifiers: 1643316, c03710522, c03883001, CERTA-2013-AVI-454, CVE-2013-0169, DSA-2621-1, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10759, Lucky 13, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0416-01, SB10041, SSA:2013-042-01, SSRT101104, SSRT101289, SUSE-SU-2014:0320-1, VIGILANCE-VUL-12394, VMSA-2013-0009.

Description of the vulnerability

The bulletin VIGILANCE-VUL-12374 describes a vulnerability of TLS/DTLS.

For OpenSSL, the solution VIGILANCE-SOL-28668 corrected this vulnerability. However, this solution was not complete.

An attacker can therefore still inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2013-0166

OpenSSL: denial of service via OCSP

Synthesis of the vulnerability

An attacker can setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, JUNOS, MBS, MES, McAfee Email and Web Security, ePO, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 05/02/2013.
Identifiers: 1643316, BID-57755, BID-60268, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-387, CERTA-2013-AVI-454, CERTFR-2014-AVI-112, CVE-2013-0166, DSA-2621-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10580, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, sol14261, SSA:2013-040-01, SSRT101104, SSRT101289, VIGILANCE-VUL-12378, VMSA-2013-0006.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2.

Description of the vulnerability

The OCSP (Online Certificate Status Protocol) extension checks the validity of certificates.

The OCSP_basic_verify() function of the crypto/ocsp/ocsp_vfy.c file decodes the received OCSP reply. However, if the key is empty, a NULL pointer is dereferenced.

An attacker can therefore setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-0169 CVE-2013-1619 CVE-2013-1620

TLS, DTLS: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Bouncy Castle JCE, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, MBS, MES, Mandriva Linux, McAfee Email and Web Security, ePO, MySQL Enterprise, NetScreen Firewall, ScreenOS, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Opera, Java Oracle, Solaris, pfSense, SSL protocol, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 05/02/2013.
Identifiers: 1639354, 1643316, 1672363, BID-57736, BID-57774, BID-57776, BID-57777, BID-57778, BID-57780, BID-57781, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-109, CERTA-2013-AVI-339, CERTA-2013-AVI-454, CERTA-2013-AVI-543, CERTA-2013-AVI-657, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-286, CVE-2013-0169, CVE-2013-1619, CVE-2013-1620, CVE-2013-1621, CVE-2013-1622-REJECT, CVE-2013-1623, CVE-2013-1624, DSA-2621-1, DSA-2622-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi410-201307001, ESXi410-201307401-SG, ESXi510-201401101-SG, FEDORA-2013-2110, FEDORA-2013-2128, FEDORA-2013-2764, FEDORA-2013-2793, FEDORA-2013-2813, FEDORA-2013-2834, FEDORA-2013-2892, FEDORA-2013-2929, FEDORA-2013-2984, FEDORA-2013-3079, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, GNUTLS-SA-2013-1, HPSBUX02856, HPSBUX02909, IC90385, IC90395, IC90396, IC90397, IC90660, IC93077, JSA10575, JSA10580, JSA10759, Lucky 13, MDVSA-2013:014, MDVSA-2013:018, MDVSA-2013:019, MDVSA-2013:040, MDVSA-2013:050, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2013:0807-1, openSUSE-SU-2016:0640-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0587-01, RHSA-2013:0588-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1135-01, RHSA-2013:1144-01, RHSA-2013:1181-01, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0371-01, RHSA-2014:0372-01, RHSA-2014:0896-01, RHSA-2015:1009, SOL14190, SOL15630, SSA:2013-040-01, SSA:2013-042-01, SSA:2013-242-01, SSA:2013-242-03, SSA:2013-287-03, SSRT101104, SSRT101289, SUSE-SU-2013:0328-1, SUSE-SU-2014:0320-1, SUSE-SU-2014:0322-1, swg21633669, swg21638270, swg21639354, swg21640169, VIGILANCE-VUL-12374, VMSA-2013-0006.1, VMSA-2013-0007.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015.

Description of the vulnerability

The TLS protocol uses a block encryption algorithm. In CBC (Cipher Block Chaining) mode, the encryption depends on the previous block.

When an incorrect encrypted message is received, a fatal error message is sent to the sender. However, the duration of the generation of this error message depends on the number of valid bytes, used by a MAC hash.

An attacker can therefore inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.

In order to guess a clear block, 2^23 TLS sessions are required. So, to exploit this vulnerability, the TLS client has to permanently open a new session, as soon as the previous one ended with a fatal error.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2012-1152

Perl: format string attack via YAML-LibYAML

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious YAML file, with a Perl application using the YAML-LibYAML module, in order to create a format string attack, which leads to a denial of service or possibly to code execution.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Perl Module ~ not comprehensive.
Severity: 2/4.
Creation date: 09/03/2012.
Identifiers: 661548, BID-52381, CVE-2012-1152, DSA-2432-1, FEDORA-2012-4997, FEDORA-2012-5035, openSUSE-SU-2012:1000-1, openSUSE-SU-2015:0319-1, openSUSE-SU-2016:1067-1, VIGILANCE-VUL-11415.

Description of the vulnerability

The Perl YAML-LibYAML module is used to read data files in YAML (YAML Ain't Markup Language) format.

When the YAML file contains errors, the module generates messages by calling the croak() and loader_error_msg() functions. However, these functions are called with no format string.

An attacker can therefore invite the victim to open a malicious YAML file, with a Perl application using the YAML-LibYAML module, in order to create a format string attack, which leads to a denial of service or possibly to code execution.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2008-1483

OpenSSH: obtaining X11 cookie

Synthesis of the vulnerability

A local attacker can listen to a TCP port in order to obtain the X11 session cookie.
Impacted products: FreeBSD, HP-UX, Mandriva Corporate, Mandriva Linux, Mandriva NF, NetBSD, NLD, OES, OpenBSD, OpenSSH, openSUSE, openSUSE Leap, Solaris, Slackware, SLES, TurboLinux.
Severity: 2/4.
Creation date: 25/03/2008.
Identifiers: 237444, 463011, 6684003, BID-28444, CVE-2008-1483, emr_na-c01462841, FreeBSD-SA-08:05.openssh, HPSBUX02337, MDVSA-2008:078, NetBSD-SA2008-005, openSUSE-SU-2017:3243-1, SSA:2008-095-01, SSRT080072, SUSE-SR:2008:009, TLSA-2008-14, VIGILANCE-VUL-7695.

Description of the vulnerability

When a X11 client connects to the X11 server (port 6000/tcp for example), it sends an authentication cookie. The X11 server checks this cookie and decides if it allows the X11 client to open a window.

OpenSSH can be used to forward a X11 session. In this case, the ssh server for example listen on the 6010/tcp port. The X11 client uses DISPLAY=10:0 and sends its data to the 6010/tcp port. The ssh server then transmit data to the ssh client.

If the 6010/tcp port is already used, the ssh server should skip to the next 6011/tcp port, and so forth. However, if the IP stack of the computer supports IPv4 and IPv6, an attacker can listen on the 6010/tcp/IPv4 port: the server thus success to open the 6010/tcp/IPv6 port and do not display errors related to IPv4. The X11 client then sends its data to attacker's service listening on the 6010/tcp/IPv4 port.

An attacker who captured this cookie can then for example open windows from another session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

PostgreSQL: several vulnerabilities

Synthesis of the vulnerability

A local attacker can create a denial of service or elevate his privileges via PostgreSQL.
Impacted products: Debian, Fedora, Tru64 UNIX, Mandriva Corporate, Mandriva Linux, NLD, OES, openSUSE, openSUSE Leap, Solaris, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES, TurboLinux.
Severity: 2/4.
Creation date: 07/01/2008.
Revisions dates: 11/01/2008, 06/03/2008.
Identifiers: 103197, 200559, c01420154, CERTA-2002-AVI-163, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601, DSA-1460-1, DSA-1463-1, FEDORA-2008-0478, FEDORA-2008-0552, HPSBTU02325, MDVSA-2008:004, openSUSE-SU-2016:0531-1, openSUSE-SU-2016:0578-1, RHSA-2008:0038-01, RHSA-2008:0039-01, RHSA-2008:0040-01, SSRT080006, SUSE-SA:2008:005, SUSE-SU-2016:0539-1, SUSE-SU-2016:0555-1, SUSE-SU-2016:0677-1, TLSA-2008-6, VIGILANCE-VUL-7475.

Description of the vulnerability

Several vulnerabilities affect PostgreSQL.

A local attacker can elevate his privileges via "expression indexes". Indeed, index functions are executed with "superuser" privileges during VACUUM and ANALYZE, and can contain privileged commands (SET ROLE and SET SESSION AUTHORIZATION). [severity:2/4; CVE-2007-6600]

An attacker can use a regular expression in order to create three denials of service (VIGILANCE-VUL-7643). Attacker needs a SQL access or has to use an application to transmit a regular expression to PostgreSQL. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]

In the default configuration, a local attacker can use the dblink feature to elevate his privileges. [severity:2/4; CVE-2007-6601]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

Tcl: denials of service of regular expressions

Synthesis of the vulnerability

An attacker can use special regular expressions in order to create three denials of service in Tcl.
Impacted products: Mandriva Corporate, Mandriva Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, VMware ACE, ESX, ESXi, VMware Player, VMware Server, VMware Workstation.
Severity: 1/4.
Creation date: 06/03/2008.
Identifiers: 1810264, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, MDVSA-2008:059, openSUSE-SU-2016:0578-1, RHSA-2013:0122-01, SUSE-SU-2016:0555-1, VIGILANCE-VUL-7643, VMSA-2008-0009, VMSA-2008-0009.1, VMSA-2008-0009.2.

Description of the vulnerability

The Tcl program interprets programs written in Tcl language. It has three vulnerabilities.

An attacker can use a regular expression in order to create an infinite loop. [severity:1/4; CVE-2007-4772]

An attacker can use a regular expression in order to consume memory. [severity:1/4; CVE-2007-6067]

An attacker can use a regular expression in order to stop the service. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about openSUSE Leap: