Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jan 2013, 20:17


15.01.2013.

Freetype font, za obe arhitekture a važi za verzije Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current.

Code: Select all

patches/packages/freetype-2.4.11-i486-1_slack14.0.txz:  Upgraded.
  This release fixes several security bugs that could cause freetype to
  crash or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 2168
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija Kraljevo
Contact:

Post Napisano: 19 Jan 2013, 13:56


Meni na 13.37.0 32bit nešto neda, kaže da ga već imam instaliranu tu verziju :huh:

Code: Select all

bash-4.1# upgradepkg --install-new freetype-2.4.11-i486-1_slack13.37.txz

+==============================================================================
| Skipping package freetype-2.4.11-i486-1_slack13.37 (already installed)
+==============================================================================



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Jan 2013, 14:18


22.01.2013.

Mysql bezbedonosne zakrpe, za obe arhitekture a važi za verzije Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current.

Code: Select all

patches/packages/mysql-5.5.29-i486-1_slack14.0.txz:  Upgraded.
  Upgraded to the latest upstream version to fix security issues and provide
  other bug fixes and improvements.  Note that some of the changes may
  possibly introduce incompatibilities with the previous package.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Feb 2013, 17:39


07.02.2013.

Curl bezbednosna nadogradnja - važi za Slackware 14 i current i za obe arhitekture:

Code: Select all

patches/packages/curl-7.29.0-i486-1_slack14.0.txz:  Upgraded.
  When negotiating SASL DIGEST-MD5 authentication, the function
  Curl_sasl_create_digest_md5_message() uses the data provided from the
  server without doing the proper length checks and that data is then
  appended to a local fixed-size buffer on the stack.  This vulnerability
  can be exploited by someone who is in control of a server that a libcurl
  based program is accessing with POP3, SMTP or IMAP.  For applications
  that accept user provided URLs, it is also thinkable that a malicious
  user would feed an application with a URL to a server hosting code
  targeting this flaw.
  Affected versions: curl 7.26.0 to and including 7.28.1
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Feb 2013, 17:45


09.02.2013.

Bezbednosna nadogradnja za openssl - važi za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i current i obe arhitekture:

Code: Select all

patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at: http://www.isg.rhul.ac.uk/tls/
  Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
  Security Group at Royal Holloway, University of London
  (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
  Emilia Käsper for the initial patch.
  (CVE-2013-0169)
  [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
    Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
  ciphersuites which can be exploited in a denial of service attack.
  Thanks go to and to Adam Langley <agl@chromium.org> for discovering
  and detecting this bug and to Wolfgang Ettlinger
  <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
  (CVE-2012-2686)
  [Adam Langley]
    Return an error when checking OCSP signatures when key is NULL.
  This fixes a DoS attack. (CVE-2013-0166)
  [Steve Henson]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Feb 2013, 15:37


13.02.2013.

Blaga nadogradnja za Pidgin za Slackware 12.2, 13.0, 13.1, 13.37, 14.0 i current

Code: Select all

patches/packages/pidgin-2.10.7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes several security issues:
  Remote MXit user could specify local file path.
  MXit buffer overflow reading data from network.
  Sametime crash with long user IDs.
  Crash when receiving a UPnP response with abnormally long values.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 2168
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija Kraljevo
Contact:

Post Napisano: 21 Feb 2013, 20:26


=> 19. 02. 2013.

Slackware 13.37:

Code: Select all

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-19.0-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack13.37.txz
Slackware x86_64 13.37:

Code: Select all

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-19.0-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-17.0.3-x86_64-1_slack13.37.txz
Slackware 14.0:

Code: Select all

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-firefox-19.0-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack14.0.txz
Slackware x86_64 14.0:

Code: Select all

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-firefox-19.0-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-thunderbird-17.0.3-x86_64-1_slack14.0.txz



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 26 Feb 2013, 11:33


25.02.2013.

Novi seamonkey za Slackware 13.37, 14 i -current i obe arhitekture

Code: Select all

patches/packages/seamonkey-2.16-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16-i486-1_slack14.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Mar 2013, 02:05


03.03.2013.

Nadogradnja za httpd paket. Nadogradnja je za verzije 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current, važi za obe arhitekture.

Code: Select all

patches/packages/httpd-2.4.4-i486-1_slack14.0.txz:  Upgraded.
  This update provides bugfixes and enhancements.
  Two security issues are fixed:
  *  Various XSS flaws due to unescaped hostnames and URIs HTML output in
     mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
  *  XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
     Niels Heinen <heinenn google com>]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Mar 2013, 07:47


06.03.2013.

Nadogradnja za sudo za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current za obe arhitekture

Code: Select all

patches/packages/sudo-1.8.6p7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes security issues that could allow a user to run commands
  without authenticating after the password timeout has already expired.
  Note that the vulnerability did not permit a user to run commands other
  than those allowed by the sudoers policy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 39 guests