[slackware-security] rsync

New rsync packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/rsync-3.1.3-i586-1slack14.2.txz: Upgraded. This update fixes two security issues: Fixed a buffer overru...

openSUSE Security Update : curl (openSUSE-2018-56)

This update for curl fixes the following issues : Security issues fixed : - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222. This update was imported from the SUSE:SLE-12:Update update...

The vulnerability in Internet Explorer, caused by an operation that goes beyond the buffer boundaries in memory, allows a malicious actor to gain the privileges of the current user.

The vulnerability of the Internet Explorer browser is related to improper handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to gain privileges as the current user...

The vulnerability of the APFS component in the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the APFS component in the Mac OS X operating system arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context, or cause a service failure memory corruption...

The vulnerability of the CFNetwork component in the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the CFNetwork component in the Mac OS X operating system arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context, or to trigger a service failure...

Vulnerability of Microsoft Word text editor, the Microsoft Office Compability Pack, and other Microsoft Office programs, caused by an operation that goes beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Word, the Microsoft Office Compability Pack, and other Microsoft Office programs arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current...

The vulnerability in Internet Explorer, caused by an operation that goes beyond the buffer boundaries in memory, allows a malicious actor to gain the privileges of the current user.

The vulnerability of the Internet Explorer browser is related to improper handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to gain privileges as the current user...

SUSE-SU-2018:0122-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222...

Fedora 27 : LibRaw (2017-0348398d64)

Fix for possible buffer overrun in kodak65000 decoder Fix for possible heap overrun in Canon makernotes parser Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans CFA pattern data Note that Tenable Network Security has extracted the preceding description block directly from the...

The vulnerability of the libffi library arises from a buffer out-of-bounds operation, allowing an attacker to execute arbitrary code.

The vulnerability of the libffi library arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to execute arbitrary code by forcing the installation of a runtime stack on the i386 architecture...

The vulnerability of the phar_parse_pharfile function (ext/phar/phar.c), a PHAR archive handler, allows a attacker to cause a service failure.

The vulnerability of the pharparsepharfile function ext/phar/phar.c, a PHAR archive handler, arises due to the execution of an operation beyond the buffer’s boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a...

MGASA-2018-0054 Updated curl packages fix security vulnerability

libcurl contains a buffer overrun flaw in the NTLM authentication code CVE-2017-8816. libcurl contains a read out of bounds flaw in the FTP wildcard function CVE-2017-8817. libcurl may read outside of a heap allocated buffer when doing FTP CVE-2017-1000254. libcurl contains a buffer overrun flaw ...

Updated curl packages fix security vulnerability

libcurl contains a buffer overrun flaw in the NTLM authentication code CVE-2017-8816. libcurl contains a read out of bounds flaw in the FTP wildcard function CVE-2017-8817. libcurl may read outside of a heap allocated buffer when doing FTP CVE-2017-1000254. libcurl contains a buffer overrun flaw ...

The vulnerability of the DSS microprogramming system’s thermostat control service allows a intruder to execute arbitrary code.

The vulnerability of the DSS microprogramming system for ComfortLink II arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, using a long REG query...

The vulnerability of the usbhid_parse function in the Linux operating system’s kernel allows a hacker to cause a service failure or exert other effects.

The vulnerability of the usbhidparse function in the Linux kernel’s drivers/hid/usbhid/hid-core.c file arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure or other adverse effects through a...

The vulnerability of the cdc_parse_cdc_header function in the Linux operating system’s kernel allows a attacker to cause a service failure or exert other effects.

The vulnerability of the cdcparsecdcheader function in the Linux kernel’s drivers/usb/core/message.c file arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure or other adverse effects through a...

CVE-2017-16417

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the...

CVE-2017-16416

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer;...

CVE-2017-14900

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDGETCHAINRSSI vendor command, in which attribute QCAWLANVENDORATTRMACADDR contains fewer than 6 bytes, a buffer overrun occurs...

CVE-2017-14899

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALEDECRDB vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALEDECRDB contains fewer than 1 byte, a buffer overrun occu...