Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:0748-1)
Summary:The remote host is missing an update for the 'sles12sp1-docker-image' package(s) announced via the SUSE-SU-2016:0748-1 advisory.
The remote host is missing an update for the 'sles12sp1-docker-image' package(s) announced via the SUSE-SU-2016:0748-1 advisory.

Vulnerability Insight:
This update for sles12sp1-docker-image fixes the following issues:
glibc fixed the following security issues:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed
remote attackers to cause a crash or execute arbitrary code via crafted
and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment
variable allowed local attackers to bypass the pointer guarding
protection of the dynamic loader on set-user-ID and set-group-ID
programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function
may cause it to crash, leading to a denial of service, or potentially
disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have
caused an out-of-bound memory access. leading to application crashes or,
potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused
applications which process long strings with the nan function to crash
or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen
function could have caused applications which pass long strings to the
catopen function to crash or, potentially execute arbitrary code.
glibc received the following non-security bugfixes:
- bsc#955647: Resource leak in resolver
- bsc#956716: Don't do lock elision on an error checking mutex
- bsc#958315: Reinitialize dl_load_write_lock on fork openssl fixed the following security issues:
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was
vulnerable to a cross-protocol attack that could lead to decryption of
TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites
as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled if
required by old legacy software using the environment variable
- CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes
in the modular exponentation code were added that make sure that it is
not possible to recover RSA secret keys by analyzing cache-bank
conflicts on the Intel Sandy-Bridge microarchitecture.
Note that this was only exploitable if the malicious code was running
on the same hyper threaded Intel Sandy Bridge processor as the victim
thread performing decryptions.
- CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser
code was fixed that could be abused to facilitate a denial-of-service
- CVE-2016-07... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'sles12sp1-docker-image' package(s) on SUSE Linux Enterprise Module for Containers 12

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9761
BugTraq ID: 83306
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
RedHat Security Advisories: RHSA-2017:0680
RedHat Security Advisories: RHSA-2017:1916
SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0471 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0472 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0473 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0510 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-0293
BugTraq ID: 73232
FreeBSD Security Advisory: FreeBSD-SA-16:12
HPdes Security Advisory: HPSBMU03380
HPdes Security Advisory: HPSBMU03397
HPdes Security Advisory: HPSBMU03409
HPdes Security Advisory: HPSBUX03334
HPdes Security Advisory: SSRT102000
RedHat Security Advisories: RHSA-2015:0715
RedHat Security Advisories: RHSA-2015:0716
RedHat Security Advisories: RHSA-2015:0752
RedHat Security Advisories: RHSA-2015:0800
SuSE Security Announcement: SUSE-SU-2015:0541 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0617 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0620 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0621 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0624 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0631 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0641 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1057 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0554 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0628 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0638 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0720 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-3197
BugTraq ID: 82237
BugTraq ID: 91787
CERT/CC vulnerability note: VU#257823
SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1239 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1241 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-7547
BugTraq ID: 83265
CERT/CC vulnerability note: VU#457759
Debian Security Information: DSA-3480 (Google Search)
Debian Security Information: DSA-3481 (Google Search)
HPdes Security Advisory: HPSBGN03442
HPdes Security Advisory: HPSBGN03547
HPdes Security Advisory: HPSBGN03549
HPdes Security Advisory: HPSBGN03551
HPdes Security Advisory: HPSBGN03582
RedHat Security Advisories: RHSA-2016:0175
RedHat Security Advisories: RHSA-2016:0176
RedHat Security Advisories: RHSA-2016:0225
RedHat Security Advisories: RHSA-2016:0277
SuSE Security Announcement: openSUSE-SU-2016:0511 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0512 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-8776
BugTraq ID: 83277
Common Vulnerability Exposure (CVE) ID: CVE-2015-8777
BugTraq ID: 81469
Common Vulnerability Exposure (CVE) ID: CVE-2015-8778
BugTraq ID: 83275
Common Vulnerability Exposure (CVE) ID: CVE-2015-8779
BugTraq ID: 82244
Common Vulnerability Exposure (CVE) ID: CVE-2016-0702
Cisco Security Advisory: 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
Debian Security Information: DSA-3500 (Google Search)
HPdes Security Advisory: HPSBGN03563
RedHat Security Advisories: RHSA-2016:2957
SuSE Security Announcement: SUSE-SU-2016:1267 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1290 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1360 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0627 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1242 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1273 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-0703
BugTraq ID: 83743
Common Vulnerability Exposure (CVE) ID: CVE-2016-0704
BugTraq ID: 83764
Common Vulnerability Exposure (CVE) ID: CVE-2016-0705
BugTraq ID: 83754
HPdes Security Advisory: HPSBGN03569
HPdes Security Advisory: HPSBMU03575
RedHat Security Advisories: RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2713
SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-0797
BugTraq ID: 83763
Common Vulnerability Exposure (CVE) ID: CVE-2016-0798
BugTraq ID: 83705
Common Vulnerability Exposure (CVE) ID: CVE-2016-0799
BugTraq ID: 83755
RedHat Security Advisories: RHSA-2016:0722
RedHat Security Advisories: RHSA-2016:0996
RedHat Security Advisories: RHSA-2016:2073
Common Vulnerability Exposure (CVE) ID: CVE-2016-0800
BugTraq ID: 83733
CERT/CC vulnerability note: VU#583776
HPdes Security Advisory: HPSBMU03573
RedHat Security Advisories: RHSA-2016:1519
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.