The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware Linux

vulnerability note CVE-2018-10963

LibTIFF: assertion error via TIFFWriteDirectorySec

Synthesis of the vulnerability

An attacker can force an assertion error via TIFFWriteDirectorySec() of LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, LibTIFF, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/05/2018.
Identifiers: 2795, CVE-2018-10963, DLA-1411-1, DSA-4349-1, openSUSE-SU-2018:1834-1, openSUSE-SU-2018:1956-1, RHSA-2019:2053-01, SSA:2018-316-01, SUSE-SU-2018:1826-1, SUSE-SU-2018:1889-1, USN-3864-1, VIGILANCE-VUL-26114.

Description of the vulnerability

An attacker can force an assertion error via TIFFWriteDirectorySec() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-10779

LibTIFF: out-of-bounds memory reading via TIFFWriteScanline

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: 2788, bulletinjan2019, CVE-2018-10779, openSUSE-SU-2018:2880-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, RHSA-2019:2053-01, SSA:2018-316-01, SUSE-SU-2018:2676-1, SUSE-SU-2018:2836-1, SUSE-SU-2018:3327-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-26081.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0494

wget: information disclosure via Cookies Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1100

Zsh: buffer overflow via checkmailpath

Synthesis of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: bulletinoct2018, CVE-2018-1100, FEDORA-2018-ac1d9c2777, openSUSE-SU-2018:1893-1, openSUSE-SU-2018:2966-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1874-1, USN-3764-1, VIGILANCE-VUL-26051.

Description of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-18241

Linux kernel: NULL pointer dereference via flush_cmd_control

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-301, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2019-AVI-115, CVE-2017-18241, DSA-4187-1, DSA-4188-1, openSUSE-SU-2018:1773-1, SSA:2019-030-01, SUSE-SU-2018:1772-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, USN-3910-1, USN-3910-2, VIGILANCE-VUL-25998.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-9336

OpenVPN: use after free via Interactive Service

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Interactive Service of OpenVPN, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, Slackware, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/04/2018.
Identifiers: CVE-2018-9336, openSUSE-SU-2018:1912-1, SSA:2018-116-01, SUSE-SU-2018:1888-1, VIGILANCE-VUL-25996.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Interactive Service of OpenVPN, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10545 CVE-2018-10546 CVE-2018-10547

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 26/04/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-207, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, DLA-1373-1, DLA-1397-1, DSA-4240-1, FEDORA-2018-04f6056c42, FEDORA-2018-6071a600e8, FEDORA-2018-ee6707d519, openSUSE-SU-2018:1207-1, openSUSE-SU-2018:1317-1, RHSA-2019:2519-01, SSA:2018-136-02, SUSE-SU-2018:1176-1, SUSE-SU-2018:1291-1, SUSE-SU-2018:1294-1, USN-3646-1, USN-3646-2, VIGILANCE-VUL-25994.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-2755 CVE-2018-2758 CVE-2018-2759

Oracle MySQL: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Solaris, Percona Server, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 32.
Creation date: 18/04/2018.
Identifiers: bulletinapr2018, bulletinjan2019, bulletinoct2018, CERTFR-2018-AVI-191, cpuapr2018, CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, CVE-2018-2762, CVE-2018-2766, CVE-2018-2767, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, CVE-2018-2775, CVE-2018-2776, CVE-2018-2777, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, CVE-2018-2816, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, CVE-2018-2846, CVE-2018-2877, DLA-1355-1, DLA-1407-1, DSA-4176-1, DSA-4341-1, FEDORA-2018-00e90783d2, FEDORA-2018-2513b888a4, FEDORA-2018-77e610115a, FEDORA-2018-d955395c08, openSUSE-SU-2018:1101-1, openSUSE-SU-2018:1595-1, openSUSE-SU-2018:1800-1, RHSA-2018:1254-01, RHSA-2018:2439-01, RHSA-2018:3655-01, RHSA-2019:1258-01, SSA:2018-130-01, SUSE-SU-2018:1333-1, SUSE-SU-2018:1382-1, SUSE-SU-2018:1781-1, USN-3629-1, USN-3629-2, USN-3629-3, VIGILANCE-VUL-25900.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, BladeCenter, IBM i, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000156

GNU patch: code execution via ed

Synthesis of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 06/04/2018.
Identifiers: 53566, bulletinapr2018, CVE-2018-1000156, DLA-1348-1, DSA-2019-131, FEDORA-2018-23a1b5975a, FEDORA-2018-88a4219528, FEDORA-2018-ed8d7c62c9, openSUSE-SU-2018:1137-1, RHSA-2018:1199-01, RHSA-2018:1200-01, RHSA-2018:2091-01, RHSA-2018:2092-01, RHSA-2018:2093-01, RHSA-2018:2094-01, RHSA-2018:2095-01, RHSA-2018:2096-01, RHSA-2018:2097-01, SSA:2018-096-01, SUSE-SU-2018:1128-1, SUSE-SU-2018:1162-1, USN-3624-1, USN-3624-2, VIGILANCE-VUL-25780.

Description of the vulnerability

An attacker can use a vulnerability via ed of GNU patch, similar to VIGILANCE-VUL-17557, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware Linux: