Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 May 2013, 06:12


20.05.2013.

Kernel update za Slackware 13.37 i 14.0

Code: Select all

patches/packages/linux-3.2.45/*:  Upgraded.
  Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
  users to gain a root shell.  Be sure to upgrade your initrd and reinstall
  LILO after upgrading the kernel packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 1053
Joined: 18 Feb 2012, 15:14
Location: Despotovac
Contact:

Post Napisano: 04 Jun 2013, 13:35


Стигло је ново обновљено издање кернела 3.2.45. Побољшања се првенствено односе на Интелове графичке карте.

Code: Select all

patches/packages/linux-3.2.45/*: Rebuilt.
       One more reverted commit. This one was leading to hangs on systems with
       Intel graphics. The previous revert was also reverted in 3.2.46, but it
       seems safer to just get this one manually than to take the newer kernel and
       still have to do another patch to it anyway. Hopefully the third time is
       the charm. :) 



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 Jun 2013, 13:52


10.06.2013.

Nadogradnja php paketa, verzija 5.4.16

Code: Select all

patches/packages/php-5.4.16-i486-1_slack14.0.txz:  Upgraded.
  This is a bugfix release.  It also fixes a security issue -- a heap-based
  overflow in the quoted_printable_encode() function, which could be used by
  a remote attacker to crash PHP or execute code as the 'apache' user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Jun 2013, 18:32


23.06.2013.

Nadogradnja za curl

Code: Select all

patches/packages/curl-7.29.0-i486-3_slack14.0.txz:  Rebuilt.
  This fixes a minor security issue where a decode buffer boundary flaw in
  libcurl could lead to heap corruption.
  For more information, see:
    http://curl.haxx.se/docs/adv_20130622.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 28 Jun 2013, 22:34


27.06.2013.

Novi ruby paketi su dostupni za Slackware 13.1, 13.37, 14.0 i -current:

Code: Select all

patches/packages/ruby-1.9.3_p448-i486-1_slack14.0.txz:  Upgraded.
  This update patches a vulnerability in Ruby's SSL client that could allow
  man-in-the-middle attackers to spoof SSL servers via a valid certificate
  issued by a trusted certification authority.
  For more information, see:
    http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Jun 2013, 10:01


29.06.2013.

Mozilla Firefox i Thunderbird nadogradnje za Slackware 13.37, 14.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-17.0.7esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
  We had to switch to ESR here as well, as there's a problem running Firefox
  22.0 on Slackware 14.0 under KDE (crash when oxygen-gtk2 is installed).
  Forcing people to uninstall oxygen-gtk2 isn't really an option for a
  security fix, and upgrading to the latest oxygen-gtk2 did not help.
  It's possible that future Firefox/Thunderbird security updates will always
  come from the ESR branch.

Code: Select all

patches/packages/mozilla-thunderbird-17.0.7-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 2168
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija Kraljevo
Contact:

Post Napisano: 30 Jun 2013, 15:02


Meni ovaj pač instalirao Firefox ESR 17.0.7 umesto 22.0. :)



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 1053
Joined: 18 Feb 2012, 15:14
Location: Despotovac
Contact:

Post Napisano: 03 Jul 2013, 18:27


Брок, кажу да су морали се пребаце на ESR грану јер је настајао проблем код покретања Фајерфокса 22 под КДЕ-ом, а узрок је био претходно инсталиран oxygen-gtk2. Како не би било лепо терати кориснике да уклањају поменути пакет, а надоградња на најсвежији oxyen-gtk2 није помогла, решили су да се пребаце на ESR грану.

Такође, кажу да је могуће да ће све будуће сигурносне надоградње за Фајерфокс / Тандербирд долазити из ESR гране.
We had to switch to ESR here as well, as there's a problem running Firefox
22.0 on Slackware 14.0 under KDE (crash when oxygen-gtk2 is installed).
Forcing people to uninstall oxygen-gtk2 isn't really an option for a
security fix, and upgrading to the latest oxygen-gtk2 did not help.
It's possible that future Firefox/Thunderbird security updates will always
come from the ESR branch.
ИЗВОР: http://www.slackware.com/changelog/stab ... cpu=x86_64



Prijatelj foruma
Prijatelj foruma
offline
User avatar

Posts: 2168
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija Kraljevo
Contact:

Post Napisano: 03 Jul 2013, 19:58


Hvala za info Slackmuz. :beer:



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Jul 2013, 10:24


10.07.2013.

Dbus, bezbednosna nadogradnja za Slackware 14 i -current:

Code: Select all

patches/packages/dbus-1.4.20-i486-4_slack14.0.txz:  Rebuilt.
  This update fixes a security issue where misuse of va_list could be used to
  cause a denial of service for system services.
  Vulnerability reported by Alexandru Cornea.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: Bing [Bot] and 44 guests