The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Slackware Linux

computer vulnerability alert CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Impacted products: SDS, SNS, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Email Gateway, McAfee NSP, McAfee NTBA, VirusScan, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-13089 CVE-2017-13090

wget: buffer overflow via Chunk Encode

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Chunk Encode of wget, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/10/2017.
Identifiers: CVE-2017-13089, CVE-2017-13090, DLA-1149-1, DSA-4008-1, FEDORA-2017-10fbce01ec, FEDORA-2017-de8a421dcd, FEDORA-2017-f0b3231763, openSUSE-SU-2017:2884-1, RHSA-2017:3075-01, SSA:2017-300-02, SUSE-SU-2017:2871-2, Synology-SA-17:62, USN-3464-1, USN-3464-2, VIGILANCE-VUL-24248.

Description of the vulnerability

An attacker can generate a buffer overflow via Chunk Encode of wget, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15227 CVE-2017-15228 CVE-2017-15721

irssi: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of irssi.
Impacted products: Debian, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 23/10/2017.
Identifiers: bulletinjan2018, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723, DLA-1217-1, DSA-4016-1, openSUSE-SU-2017:2832-1, openSUSE-SU-2017:2835-1, SSA:2017-298-01, USN-3465-1, VIGILANCE-VUL-24213.

Description of the vulnerability

An attacker can use several vulnerabilities of irssi.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000257

curl: out-of-bounds memory reading via IMAP FETCH Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, QRadar SIEM, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 23/10/2017.
Identifiers: 2011740, bulletinapr2018, CVE-2017-1000257, DLA-1143-1, DSA-4007-1, FEDORA-2017-ebf32659bf, JSA10874, K-511316, openSUSE-SU-2017:2880-1, RHSA-2017:3263-01, RHSA-2018:3558-01, SSA:2017-297-01, USN-3457-1, VIGILANCE-VUL-24199.

Description of the vulnerability

An attacker can force a read at an invalid address via IMAP FETCH Response of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-10155 CVE-2017-10165 CVE-2017-10167

MySQL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Impacted products: Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Percona Server, XtraDB Cluster, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition, data deletion.
Provenance: user account.
Number of vulnerabilities in this bulletin: 23.
Creation date: 17/10/2017.
Revision date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-367, cpuoct2017, CVE-2017-10155, CVE-2017-10165, CVE-2017-10167, CVE-2017-10203, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10277, CVE-2017-10279, CVE-2017-10283, CVE-2017-10284, CVE-2017-10286, CVE-2017-10294, CVE-2017-10296, CVE-2017-10311, CVE-2017-10313, CVE-2017-10314, CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-10424, DLA-1141-1, DLA-1407-1, DSA-4002-1, DSA-4341-1, FEDORA-2017-50c790aaed, FEDORA-2017-95327e44ec, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0400-1, RHSA-2017:3265-01, RHSA-2017:3442-01, RHSA-2018:0574-01, RHSA-2018:2439-01, SSA:2017-306-01, SUSE-SU-2017:2996-1, SUSE-SU-2018:0698-1, USN-3459-1, USN-3459-2, VIGILANCE-VUL-24153.

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12176 CVE-2017-12177 CVE-2017-12178

X.Org Server: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of X.Org Server.
Impacted products: Debian, NetBSD, openSUSE Leap, Solaris, Slackware, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 12.
Creation date: 13/10/2017.
Identifiers: bulletinoct2018, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, DLA-1186-1, DSA-4000-1, openSUSE-SU-2017:2823-1, SSA:2017-291-03, USN-3456-1, VIGILANCE-VUL-24130.

Description of the vulnerability

An attacker can use several vulnerabilities of X.Org Server.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-14164

OpenJPEG: buffer overflow via opj_j2k_write_sot

Synthesis of the vulnerability

An attacker can generate a buffer overflow via opj_j2k_write_sot() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/10/2017.
Identifiers: CVE-2017-14164, openSUSE-SU-2017:2685-1, openSUSE-SU-2017:2686-1, SSA:2017-279-02, VIGILANCE-VUL-24044.

Description of the vulnerability

An attacker can generate a buffer overflow via opj_j2k_write_sot() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-14039

OpenJPEG: buffer overflow via opj_t2_encode_packet

Synthesis of the vulnerability

An attacker can generate a buffer overflow via opj_t2_encode_packet() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/10/2017.
Identifiers: bulletinjul2018, CVE-2017-14039, DSA-4013-1, openSUSE-SU-2017:2685-1, openSUSE-SU-2017:2686-1, SSA:2017-279-02, VIGILANCE-VUL-24043.

Description of the vulnerability

An attacker can generate a buffer overflow via opj_t2_encode_packet() of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-13723

X.Org Server: buffer overflow via xkb

Synthesis of the vulnerability

An attacker can generate a buffer overflow via xkb of X.Org Server, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Solaris, Slackware, Ubuntu, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 05/10/2017.
Identifiers: bulletinjan2018, CVE-2017-13723, DLA-1186-1, DSA-4000-1, SSA:2017-279-03, USN-3453-1, VIGILANCE-VUL-24027.

Description of the vulnerability

An attacker can generate a buffer overflow via xkb of X.Org Server, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Slackware Linux: