Suse Linux Enterprise Desktop vulnerabilities

CVE-2015-8930 [HIGH] CWE-20 CVE-2015-8930: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loo bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

CVE-2015-8931 [HIGH] CWE-190 CVE-2015-8931: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_rea Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

CVE-2015-8925 [MEDIUM] CWE-125 CVE-2015-8925: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remot The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

CVE-2015-8929 [MEDIUM] CWE-119 CVE-2015-8929: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive befo Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

CVE-2015-8932 [MEDIUM] CWE-20 CVE-2015-8932: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2 The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

CVE-2015-8926 [MEDIUM] CWE-476 CVE-2015-8926: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive be The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

CVE-2015-8933 [MEDIUM] CWE-190 CVE-2015-8933: Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c i Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

CVE-2015-8934 [MEDIUM] CWE-125 CVE-2015-8934: The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earl The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

CVE-2015-8928 [MEDIUM] CWE-125 CVE-2015-8928: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 all The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVE-2016-4954 [HIGH] CWE-362 CVE-2016-4954: The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

CVE-2016-4953 [HIGH] CWE-287 CVE-2016-4953: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-assoc ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

CVE-2016-4957 [HIGH] CVE-2016-4957: ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

CVE-2016-4956 [MEDIUM] CVE-2016-4956: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mod ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

CVE-2016-4955 [MEDIUM] CWE-362 CVE-2016-4955: ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial o ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

CVE-2016-5244 [HIGH] CWE-200 CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initiali The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

CVE-2016-4171 [CRITICAL] CVE-2016-4171: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to ex Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

CVE-2016-4138 [CRITICAL] CVE-2016-4138: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

CVE-2016-4148 [HIGH] CVE-2016-4148: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

CVE-2016-4140 [HIGH] CVE-2016-4140: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

CVE-2016-4141 [HIGH] CVE-2016-4141: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.