[slackware-security] tcpdump (SSA:2017-041-04)

Posted by Slackware Security Team on Feb 13[slackware-security] tcpdump (SSA:2017-041-04)

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix security issues.

NOTE: These updates also require the updated libpcap package.

Here are the details from the Slackware 14.2 ChangeLog:
+————————–+
patches/packages/tcpdump-4.9.0-i586-1_slack14.2.txz: Upgraded.
Fixed bugs which allow an attacker to crash tcpdump (denial of service)….

Link: http://seclists.org/bugtraq/2017/Feb/24

[slackware-security] php (SSA:2017-041-03)

Posted by Slackware Security Team on Feb 13[slackware-security] php (SSA:2017-041-03)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+————————–+
patches/packages/php-5.6.30-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.30…

Link: http://seclists.org/bugtraq/2017/Feb/23

[security bulletin] HPSBMU03692 rev.1 – HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

Posted by security-alert on Feb 13Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c05385680
Version: 1

HPSBMU03692 rev.1 – HPE Matrix Operating Environment, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-03
Last Updated:…

Link: http://seclists.org/bugtraq/2017/Feb/25

[security bulletin] HPESBGN03698 rev.1 – HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)

Posted by security-alert on Feb 13Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05386804

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c05386804
Version: 1

HPESBGN03698 rev.1 – HPE DDMi using OpenSSL, Remote Arbitrary Code Execution,
Bypass Security Restrictions, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible….

Link: http://seclists.org/bugtraq/2017/Feb/26

[security bulletin] HPESBHF03704 rev.1 – HPE OfficeConnect Network Switches, Local Unauthorized Data Modification

Posted by security-alert on Feb 13Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c05388948
Version: 1

HPESBHF03704 rev.1 – HPE OfficeConnect Network Switches, Local Unauthorized
Data Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-10
Last…

Link: http://seclists.org/bugtraq/2017/Feb/21

[slackware-security] openssl (SSA:2017-041-02)

Posted by Slackware Security Team on Feb 13[slackware-security] openssl (SSA:2017-041-02)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+————————–+
patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Truncated packet could crash via OOB read (CVE-2017-3731)
BN_mod_exp may produce incorrect results on x86_64…

Link: http://seclists.org/bugtraq/2017/Feb/22

WebKitGTK+ Security Advisory WSA-2017-0002

Posted by Carlos Alberto Lopez Perez on Feb 13————————————————————————
WebKitGTK+ Security Advisory WSA-2017-0002
————————————————————————

Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,…

Link: http://seclists.org/bugtraq/2017/Feb/20