SUSE CVE-2012-4424

Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...

SUSE CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow...

SUSE CVE-2012-6085

The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP packet...

SUSE CVE-2012-6656

iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8...

SUSE CVE-2013-0242

Buffer overflow in the extendbuffers function in the regular expression matcher posix/regexec.c in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service memory corruption and crash via crafted multibyte characters...

SUSE CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...

SUSE CVE-2013-2116

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...

SUSE CVE-2013-2207

ptchown in GNU C Library aka glibc or libc6 before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system...

SUSE CVE-2013-2213

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...

SUSE CVE-2013-2222

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...

SUSE CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

SUSE CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...

SUSE CVE-2013-4237

sysdeps/posix/readdirr.c in the GNU C Library aka glibc or libc6 2.18 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted 1 NTFS or 2 CIFS image...

SUSE CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

SUSE CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library aka glibc or libc6 2.18 and earlier allow context-dependent attackers to cause a denial of service heap corruption via a large value to the 1 pvalloc, 2 valloc, 3 posixmemalign, 4 memalign, or 5 alignedalloc functions...

SUSE CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

SUSE CVE-2013-4487

Off-by-one error in the danerawtlsa in the DANE library libdane in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466...

SUSE CVE-2013-4576

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

SUSE CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

SUSE CVE-2013-4788

The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...