Colapse all |
Post message
[slackware-security] libXres (SSA:2017-291-01) 2017-10-18 Slackware Security Team (security slackware com) WebKitGTK+ Security Advisory WSA-2017-0008 2017-10-18 Carlos Alberto Lopez Perez (clopez igalia com) SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products 2017-10-18 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data 2017-10-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03789en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03789en_us Version: 2 HP [ more ] [ reply ] SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ 2017-10-16 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege 2017-10-13 swpmb cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/km/KM02987868 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM02987868 Version: 1 MFSBGN03786 rev.1 - HPE Connected Backup, Loca [ more ] [ reply ] Advisory X41-2017-010: Command Execution in Shadowsocks-libev 2017-10-13 X41 D-Sec GmbH Advisories (advisories x41-dsec de) X41 D-Sec GmbH Security Advisory: X41-2017-010 Command Execution in Shadowsocks-libev ====================================== Overview -------- Severity Rating: High Confirmed Affected Versions: 3.1.0 Confirmed Patched Versions: N/A Vendor: Shadowsocks Vendor URL: https://github.com/shadowsocks/sh [ more ] [ reply ] Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks 2017-10-13 X41 D-Sec GmbH Advisories (advisories x41-dsec de) X41 D-Sec GmbH Security Advisory: X41-2017-008 Multiple Vulnerabilities in Shadowsocks ======================================= Overview -------- Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6 Confirmed Patched Versions: N/A Vendor: Shadowsocks Vendor URL: https://github.com/shadowsoc [ more ] [ reply ] [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure 2017-10-13 Julien Ahrens (info rcesecurity com) Multiple vulnerabilities in OpenText Documentum Content Server 2017-10-13 Andrey B. Panfilov (andrew panfilov tel) CVE Identifier: CVE-2017-15012 Vendor: OpenText Affected products: OpenText Documentum Content Server (all versions) Researcher: Andrey B. Panfilov CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available Description: Opentext Documentum Content Server (formerly known as EMC [ more ] [ reply ] [slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xorg-server (SSA:2017-279-03) New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patc [ more ] [ reply ] DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05 DefenseCode (defensecode defensecode com)            DefenseCode Security Advisory   Magento Commerce CSRF, Stored Cross Site Scripting Advisory ID: DC-2017-09-001 Advisory Title: Magento CSRF, Stored Cross Site Scripting Advisory URL: http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored _Cross_Site_Scri [ more ] [ reply ] [security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03776en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03776en_us Version: 1 HP [ more ] [ reply ] HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu 03753en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbmu03753en_us Version: 1 [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFF ICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================== www.trendmicro.com [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01 apparitionsec gmail com [SECURITY] [DSA 3988-1] libidn2-0 security update 2017-09-30 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3988-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 30, 2017 [ more ] [ reply ] [SECURITY] [DSA 3986-1] ghostscript security update 2017-09-29 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3986-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFF ICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt [+] ISR: ApparitionSec Vendor: ================== [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFF ICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================== www.trendmicro [ more ] [ reply ] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx) 2017-09-29 apparitionsec gmail com Mac OS X Local Javascript Quarantine Bypass 2017-09-29 Filippo Cavallarin (filippo cavallarin wearesegment com) |
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libXres (SSA:2017-291-01)
New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/
[ more ] [ reply ]