Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:44


01.08.2018.

Sveži blueman paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/blueman-2.0.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes an issue where blueman-mechanism did not enforce the
  polkit action 'org.blueman.network.setup' for which a polkit policy is
  shipped. This meant that any user with access to the D-Bus system bus was
  able to access the related API without authentication. The result was an
  unspecified impact on the networking stack.
  Thanks to Matthias Gerstner for discovering this issue.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:46


02.08.2018.

Sveži lftp paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/lftp-4.8.4-i586-1_slack14.2.txz:  Upgraded.
  It has been discovered that lftp up to and including version 4.8.3 does
  not properly sanitize remote file names, leading to a loss of integrity
  on the local system when reverse mirroring is used. A remote attacker
  may trick a user to use reverse mirroring on an attacker controlled FTP
  server, resulting in the removal of all files in the current working
  directory of the victim's system.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:47


10.08.2018.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.10.8_P1-i586-1_slack14.2.txz:  Upgraded.
  Fixed a security issue where named could crash during recursive processing
  of DNAME records when "deny-answer-aliases" was in use resulting in a
  denial of service. Note that "deny-answer-aliases" is rarely used.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740
  (* Security fix*)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:09


14.08.2018.

Sveži openssl paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two low severity security issues:
  Client DoS due to large DH parameter.
  Cache timing vulnerability in RSA Key Generation.
  For more information, see:
    https://www.openssl.org/news/secadv/20180612.txt
    https://www.openssl.org/news/secadv/20180416.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2p-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:11


17.08.2018.

Sveži ntp i samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz:  Upgraded.
  This release improves on one security fix in ntpd:
    LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
    While fixed in ntp-4.2.8p7 and with significant additional protections for
    this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
    the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
    Edge-case hole reported by Martin Burnicki of Meinberg.
  And fixes another security issue in ntpq and ntpdc:
    LOW: Sec 3505: The openhost() function used during command-line hostname
    processing by ntpq and ntpdc can write beyond its buffer limit, which
    could allow  an attacker to achieve code execution or escalate to higher
    privileges via a long string as the argument for an IPv4 or IPv6
    command-line parameter. NOTE: It is unclear whether there are any common
    situations in which ntpq or ntpdc is used with a command line from an
    untrusted source. Reported by Fakhri Zulkifli.
  For more information, see:
    http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
  (* Security fix *)

Code: Select all

patches/packages/samba-4.6.16-i586-1_slack14.2.txz:  Upgraded.
  This is a security release in order to address the following defects:
  Insufficient input validation on client directory listing in libsmbclient.
  A malicious server could return a directory entry that could corrupt
  libsmbclient memory.
  Confidential attribute disclosure from the AD LDAP server.
  Missing access control checks allow discovery of confidential attribute
  values via authenticated LDAP search expressions.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-10858.html
    https://www.samba.org/samba/security/CVE-2018-10919.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2646
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:12


21.08.2018.

Sveži libX11 paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libX11-1.6.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes some security issues:
  Fixed crash on invalid reply (CVE-2018-14598).
  Fixed off-by-one writes (CVE-2018-14599).
  Fixed out of boundary write (CVE-2018-14600).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14599
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests