The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware Linux

computer vulnerability announce CVE-2017-7829 CVE-2017-7846 CVE-2017-7847

Thunderbird: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-484, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, DLA-1223-1, DSA-4075-1, MFSA-2017-30, openSUSE-SU-2017:3433-1, openSUSE-SU-2017:3434-1, RHSA-2018:0061-01, SSA:2017-356-01, USN-3529-1, VIGILANCE-VUL-24877.

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17405

Ruby: code execution via FTP Pipe File

Synthesis of the vulnerability

An attacker can use a vulnerability via FTP Pipe File of Ruby, in order to run code.
Impacted products: Mac OS X, Debian, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 20/12/2017.
Identifiers: bulletinjan2019, CVE-2017-17405, DLA-1221-1, DLA-1222-1, DLA-1421-1, DSA-4259-1, HT208937, HT209193, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0584-01, RHSA-2018:0585-01, SSA:2017-353-01, USN-3515-1, VIGILANCE-VUL-24840.

Description of the vulnerability

An attacker can use a vulnerability via FTP Pipe File of Ruby, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-3738

OpenSSL: information disclosure via rsaz_1024_mul_avx2

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-155, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3738, DSA-4065-1, DSA-4157-1, FEDORA-2017-e6be32cb7a, FreeBSD-SA-17:12.openssl, ibm10716907, ibm10717405, ibm10717409, ibm10719113, JSA10851, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, SA159, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24698.

Description of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3737

OpenSSL: information disclosure via SSL_read/SSL_write After Error

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, SIMATIC, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-376, cpuapr2018, cpujan2018, cpujul2018, CVE-2017-3737, DSA-4065-1, FreeBSD-SA-17:12.openssl, ibm10715641, ibm10716907, ibm10717405, ibm10717409, ibm10719113, ibm10738249, JSA10851, JSA10873, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:1057-1, RHSA-2018:0998-01, SA159, SSA-179516, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24697.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7826 CVE-2017-7827 CVE-2017-7828

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 14/11/2017.
Identifiers: CERTFR-2017-AVI-412, CERTFR-2017-AVI-431, CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842, DLA-1172-1, DLA-1199-1, DSA-4035-1, DSA-4061-1, DSA-4075-1, FEDORA-2017-463cb2af78, FEDORA-2017-7d33609b3d, FEDORA-2017-9a6569beb6, FEDORA-2017-b410301903, FEDORA-2017-e1e3fbcd3c, MFSA-2017-24, MFSA-2017-25, MFSA-2017-26, openSUSE-SU-2017:3027-1, openSUSE-SU-2017:3108-1, openSUSE-SU-2017:3110-1, RHSA-2017:3247-01, RHSA-2017:3372-01, SSA:2017-320-02, SUSE-SU-2017:3213-1, SUSE-SU-2017:3233-1, USN-3477-1, USN-3477-2, USN-3477-3, USN-3477-4, USN-3490-1, USN-3688-1, VIGILANCE-VUL-24431.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-13089 CVE-2017-13090

wget: buffer overflow via Chunk Encode

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Chunk Encode of wget, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/10/2017.
Identifiers: CVE-2017-13089, CVE-2017-13090, DLA-1149-1, DSA-4008-1, FEDORA-2017-10fbce01ec, FEDORA-2017-de8a421dcd, FEDORA-2017-f0b3231763, openSUSE-SU-2017:2884-1, RHSA-2017:3075-01, SSA:2017-300-02, SUSE-SU-2017:2871-2, Synology-SA-17:62, USN-3464-1, USN-3464-2, VIGILANCE-VUL-24248.

Description of the vulnerability

An attacker can generate a buffer overflow via Chunk Encode of wget, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15227 CVE-2017-15228 CVE-2017-15721

irssi: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of irssi.
Impacted products: Debian, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 23/10/2017.
Identifiers: bulletinjan2018, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723, DLA-1217-1, DSA-4016-1, openSUSE-SU-2017:2832-1, openSUSE-SU-2017:2835-1, SSA:2017-298-01, USN-3465-1, VIGILANCE-VUL-24213.

Description of the vulnerability

An attacker can use several vulnerabilities of irssi.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware Linux: