Linux security Advisories

It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its

The package firefox before version 66.0.1-1 is vulnerable to arbitrary code execution.

Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array

Backport a security fix from PuTTY 0.71 affecting SFTP connections: Fix an integer overflow in the RSA key exchange preceeding host key verification

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.

Patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381.

Patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381.

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array

The package libssh2 before version 1.8.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package powerdns before version 4.1.7-1 is vulnerable to insufficient validation.

The package firefox before version 66.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, same-origin policy bypass, access restriction bypass, content spoofing and denial of service.

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

An update that solves one vulnerability and has four fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.