Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Oct 2019, 00:11


14.10.2019.

Sveži sudo paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/sudo-1.8.28-i586-1_slack14.2.txz:  Upgraded.
  Fixed a bug where an sudo user may be able to run a command as root when
  the Runas specification explicitly disallows root access as long as the
  ALL keyword is listed first.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Oct 2019, 00:17


20.10.2019.

Sveži python paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/python-2.7.17-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues:
  Update vendorized expat library version to 2.2.8.
  Disallow URL paths with embedded whitespace or control characters into the
  underlying http client request. Such potentially malicious header injection
  URLs now cause an httplib.InvalidURL exception to be raised.
  Avoid file reading by disallowing ``local-file://`` and ``local_file://``
  URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
  :meth:`urllib.URLopener.retrieve`.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Oct 2019, 00:18


22.10.2019.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2019, 23:01


04.11.2019.

Sveži libtiff paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libtiff-4.1.0-i586-1_slack14.2.txz:  Upgraded.
  libtiff: fix integer overflow in _TIFFCheckMalloc() that could cause a crash.
  tif_dir: unset transferfunction field if necessary.
  pal2rgb: failed to free memory on a few errors.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2019, 23:02


07.11.2019.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.199/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 4.4.191:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117
    Fixed in 4.4.193:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835
    Fixed in 4.4.194:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821
    Fixed in 4.4.195:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054
    Fixed in 4.4.196:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215
    Fixed in 4.4.197:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976
    Fixed in 4.4.198:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133
    Fixed in 4.4.199:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2019, 23:03


16.11.2019.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.202/*:  Upgraded.
   CRYPTO_CRC32C_INTEL m -> y
  +X86_INTEL_TSX_MODE_AUTO n
  +X86_INTEL_TSX_MODE_OFF y
  +X86_INTEL_TSX_MODE_ON n
  These updates fix various bugs and security issues, including mitigation for
  the TSX Asynchronous Abort condition on some CPUs.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 4.4.201:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154
    Fixed in 4.4.202:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2019, 23:04


20.11.2019.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.11.13-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Set a limit on the number of concurrently served pipelined TCP queries.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 4590
Joined: 04 Feb 2011, 20:32
Location: Beograd
Contact:

Post Napisano: 03 Apr 2020, 18:00


Samo kratak pregled zakrpa koje nisu (još uvek?) navedene u ovoj temi:

2020:

Code: Select all

2020-03-31 - [slackware-security] httpd (SSA:2020-091-02)
2020-03-31 - [slackware-security] gnutls (SSA:2020-091-01)
2020-03-26 - [slackware-security] Slackware 14.2 kernel (SSA:2020-086-01)
2020-03-23 - [slackware-security] gd (SSA:2020-083-01)
2020-03-13 - [slackware-security] mozilla-thunderbird (SSA:2020-073-01)
2020-03-10 - [slackware-security] mozilla-firefox (SSA:2020-070-01)
2020-03-04 - [slackware-security] ppp (SSA:2020-064-01)
2020-03-02 - [slackware-security] seamonkey (SSA:2020-062-01)
2020-02-20 - [slackware-security] proftpd (SSA:2020-051-01)
2020-02-12 - [slackware-security] libarchive (SSA:2020-043-01)
2020-02-11 - [slackware-security] mozilla-thunderbird (SSA:2020-042-02)
2020-02-11 - [slackware-security] mozilla-firefox (SSA:2020-042-01)
2020-01-31 - [slackware-security] sudo (SSA:2020-031-01)
2020-01-24 - [slackware-security] mozilla-thunderbird (SSA:2020-024-01)
2020-01-10 - [slackware-security] mozilla-thunderbird (SSA:2020-010-01)
2020-01-09 - [slackware-security] mozilla-firefox (SSA:2020-009-01)
2020-01-08 - [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
2020-01-06 - [slackware-security] mozilla-firefox (SSA:2020-006-01) 
Detaljnije: http://www.slackware.com/security/list. ... ity&y=2020


2019:

Code: Select all

2019-12-20 - [slackware-security] tigervnc (SSA:2019-354-02)
2019-12-20 - [slackware-security] openssl (SSA:2019-354-01)
2019-12-19 - [slackware-security] wavpack (SSA:2019-353-01)
2019-12-03 - [slackware-security] mozilla-firefox (SSA:2019-337-01) 
Detaljnije: http://www.slackware.com/security/list. ... ity&y=2019



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Aug 2020, 17:40


03.04.2020.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-68.6.1esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains critical security fixes and improvements.
  "Under certain conditions, when running the nsDocShell destructor, a race
  condition can cause a use-after-free. We are aware of targeted attacks in
  the wild abusing this flaw."
  "Under certain conditions, when handling a ReadableStream, a race condition
  can cause a use-after-free. We are aware of targeted attacks in the wild
  abusing this flaw."
  For more information, see:
    https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Aug 2020, 17:55


07.04.2020.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/68.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6828
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6827
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests