The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware Linux

computer vulnerability announce 23727

libxml2: multiple vulnerabilities

Synthesis of the vulnerability

Impacted products: libxml, Slackware, VxWorks.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 05/09/2017.
Identifiers: K-511315, SSA:2017-266-01, VIGILANCE-VUL-23727.

Description of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-12982

OpenJPEG: denial of service via opj_image_create

Synthesis of the vulnerability

Impacted products: Fedora, Solaris, Slackware.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/09/2017.
Identifiers: bulletinjul2018, CVE-2017-12982, FEDORA-2017-06cace06ce, FEDORA-2017-deefb26e8b, SSA:2017-279-02, VIGILANCE-VUL-23714.

Description of the vulnerability

An attacker can generate a fatal error via opj_image_create() of OpenJPEG, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-6362

libgd2: use after free via gdImagePngPtr

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/09/2017.
Identifiers: CVE-2017-6362, DLA-1106-1, DSA-3961-1, FEDORA-2017-7cc0e6a5f5, FEDORA-2017-a69b0bb52d, FEDORA-2017-c98c2e8e7a, FEDORA-2017-d361de1a65, openSUSE-SU-2018:0151-1, SSA:2018-108-01, SSA:2018-120-01, USN-3410-1, USN-3410-2, VIGILANCE-VUL-23710.

Description of the vulnerability

An attacker can force the usage of a freed memory area via gdImagePngPtr() of libgd2, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-9110 CVE-2017-9112 CVE-2017-9116

OpenEXR: three vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Slackware.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/09/2017.
Identifiers: bulletinjul2018, CVE-2017-9110, CVE-2017-9112, CVE-2017-9116, DLA-1083-1, FEDORA-2018-b152c791cc, FEDORA-2018-f5d2f4ec0d, openSUSE-SU-2018:0619-1, SSA:2017-274-01, VIGILANCE-VUL-23696.

Description of the vulnerability

An attacker can use several vulnerabilities of OpenEXR.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-0379

Libgcrypt: information disclosure via Curve25519 ECDH Side-channel

Synthesis of the vulnerability

Impacted products: Debian, Fedora, GnuPG, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Percona Server, XtraDB Cluster, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 30/08/2017.
Identifiers: cpujan2019, cpujul2018, CVE-2017-0379, DSA-3959-1, FEDORA-2017-8cd171f540, FEDORA-2017-bcdeca9d41, SSA:2017-261-02, USN-3417-1, VIGILANCE-VUL-23639.

Description of the vulnerability

An attacker can bypass access restrictions to data via Curve25519 ECDH Side-channel of Libgcrypt, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-1000115

Mercurial: file creation via symlink

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Solaris, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2017.
Identifiers: bulletinjul2017, CVE-2017-1000115, DLA-1072-1, DSA-3963-1, FEDORA-2017-f03b04acbb, FEDORA-2017-fa1d8ad61a, RHSA-2017:2489-01, SSA:2017-223-03, VIGILANCE-VUL-23536.

Description of the vulnerability

An attacker can use a symbolic link with Mercurial, in order to create a file outside the repository.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-7890

libgd2: information disclosure via gdImageCreateFromGifCtx

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2017.
Identifiers: bulletinapr2018, CVE-2017-7890, DLA-1055-1, DSA-3938-1, FEDORA-2017-7cc0e6a5f5, FEDORA-2017-a69b0bb52d, openSUSE-SU-2017:2337-1, openSUSE-SU-2017:2366-1, RHSA-2018:0406-01, RHSA-2018:1296-01, SSA:2018-108-01, SUSE-SU-2017:2303-1, USN-3389-1, USN-3389-2, VIGILANCE-VUL-23521.

Description of the vulnerability

An attacker can bypass access restrictions to data via gdImageCreateFromGifCtx() of libgd2, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-1000116

Mercurial: code execution via ssh

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Solaris, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 11/08/2017.
Identifiers: bulletinjul2017, CVE-2017-1000116, DLA-1072-1, DSA-3963-1, FEDORA-2017-f03b04acbb, FEDORA-2017-fa1d8ad61a, RHSA-2017:2489-01, SSA:2017-223-03, VIGILANCE-VUL-23504.

Description of the vulnerability

An attacker can use a vulnerability via ssh of Mercurial, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-1000117

Git: code execution via ssh

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 11/08/2017.
Identifiers: bulletinjul2017, CVE-2017-1000117, DLA-1068-1, DSA-3934-1, FEDORA-2017-8ba7572cfd, FEDORA-2017-b1b3ae6666, openSUSE-SU-2017:2182-1, openSUSE-SU-2017:2331-1, RHSA-2017:2484-01, RHSA-2017:2485-01, RHSA-2017:2491-01, SSA:2017-223-01, SUSE-SU-2017:2225-1, SUSE-SU-2017:2320-1, Synology-SA-17:41, USN-3387-1, VIGILANCE-VUL-23503.

Description of the vulnerability

An attacker can use a vulnerability via ssh of Git, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-2885

libsoup: buffer overflow via HTTP Request

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 10/08/2017.
Identifiers: bulletinjan2018, CVE-2017-2885, DSA-3929-1, FEDORA-2017-1f4c82d73e, FEDORA-2017-872a0a9a85, FEDORA-2017-b0ec173bd1, FEDORA-2017-c9d8011d69, openSUSE-SU-2017:2153-1, openSUSE-SU-2018:2296-1, RHSA-2017:2459-01, SSA:2017-223-02, SUSE-SU-2017:2129-1, SUSE-SU-2017:2130-1, SUSE-SU-2018:2204-1, SUSE-SU-2018:2204-2, Synology-SA-17:40, USN-3383-1, VIGILANCE-VUL-23497.

Description of the vulnerability

An attacker can generate a buffer overflow via HTTP Request of libsoup, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware Linux: