Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Feb 2018, 18:52


06.02.2018.

Sveži kernel paketi za Slackware 14.2 u cilju sprečavanja Spectra V2 napada:

Code: Select all

patches/packages/linux-4.4.115/*:  Upgraded.
  This kernel includes full retpoline mitigation for the Spectre (variant 2)
  speculative side channel attack.
  Please note that this kernel was compiled with gcc-5.5.0, also provided as
  an update for Slackware 14.2. You'll need to install the updated gcc in order
  to compile kernel modules that will load into this updated kernel.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Feb 2018, 18:54


15.02.2018.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.7-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://irssi.org/security/html/irssi_sa_2018_02
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Mar 2018, 00:20


26.02.2018.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.118/*:  Upgraded.
  This kernel includes __user pointer sanitization mitigation for the Spectre
  (variant 1) speculative side channel attack.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Mar 2018, 00:22


01.03.2018.

Sveži dhcp paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/dhcp-4.4.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two security issues:
    Corrected an issue where large sized 'X/x' format options were causing
  option handling logic to overwrite memory when expanding them to human
  readable form. Reported by Felix Wilhelm, Google Security Team.
    Option reference count was not correctly decremented in error path
  when parsing buffer for options. Reported by Felix Wilhelm, Google
  Security Team.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Mar 2018, 00:23


01.03.2018.

Sveži ntp paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz:  Upgraded.
  This release addresses five security issues in ntpd:
  * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:
    ephemeral association attack. While fixed in ntp-4.2.8p7, there are
    significant additional protections for this issue in 4.2.8p11.
    Reported by Matt Van Gundy of Cisco.
  * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer
    read overrun leads to undefined behavior and information leak.
    Reported by Yihan Lian of Qihoo 360.
  * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated
    ephemeral associations. Reported on the questions@ list.
  * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode
    cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat.
  * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet
    can reset authenticated interleaved association.
    Reported by Miroslav Lichvar of Red Hat.
  For more information, see:
    http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Mar 2018, 08:42


08.03.2018.

Sveži openssh paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i 14.2:

Code: Select all

patches/packages/openssh-7.4p1-i586-2_slack14.2.txz:  Rebuilt.
  sftp-server: in read-only mode, sftp-server was incorrectly permitting
  creation of zero-length files. Reported by Michal Zalewski.
  Thanks to arny (of Bluewhite64 fame) for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906
  (* Security fix *)
Sveži php paketi za Slackware 14.0, 14.1, 14.2, and -current:

Code: Select all

patches/packages/php-5.6.34-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a stack buffer overflow vulnerability.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Mar 2018, 08:45


13.03.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.7.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/samba-4.4.16-i586-3_slack14.2.txz:  Rebuilt.
  This is a security update in order to patch the following defect:
    On a Samba 4 AD DC the LDAP server in all versions of Samba from
  4.0.0 onwards incorrectly validates permissions to modify passwords
  over LDAP allowing authenticated users to change any other users`
  passwords, including administrative users.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-1057.html
    https://wiki.samba.org/index.php/CVE-2018-1057
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Mar 2018, 08:47


15.03.2018.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.59.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  FTP path trickery leads to NIL byte out of bounds write
  LDAP NULL pointer dereference
  RTSP RTP buffer over-read
  For more information, see:
    https://curl.haxx.se/docs/adv_2018-9cd6.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-97a2.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-b047.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Mar 2018, 08:49


16.03.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.7.2esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Apr 2018, 08:48


17.03.2018.

Sveži libvorbis paketi za Slackware 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libvorbis-1.3.6-i586-1_slack14.2.txz:  Upgraded.
  This release fixes security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests