Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 27 Oct 2017, 08:45
23.10.2017.
Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/curl-7.56.1-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
IMAP FETCH response out of bounds read may cause a crash or information leak.
For more information, see:
https://curl.haxx.se/docs/adv_20171023.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 27 Oct 2017, 08:45
25.10.2017.
Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/irssi-1.0.5-i586-1_slack14.2.txz: Upgraded.
This update fixes some remote denial of service issues.
For more information, see:
https://irssi.org/security/irssi_sa_2017_10.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15722
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 29 Oct 2017, 01:32
27.10.2017.
Sveži wget paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/wget-1.19.2-i586-1_slack14.2.txz: Upgraded.
This update fixes stack and heap overflows in in HTTP protocol handling.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
(* Security fix *)
Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/php-5.6.32-i586-1_slack14.2.txz: Upgraded.
Several security bugs were fixed in this release:
Out of bounds read in timelib_meridian().
The arcfour encryption stream filter crashes PHP.
Applied upstream patch for PCRE (CVE-2016-1283).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 Nov 2017, 20:19
02.11.2017.
Sveži mariadb paketi za Slackware 14.1, 14.2 i -current:
Code: Select all
patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://jira.mariadb.org/browse/MDEV-13819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
(* Security fix *)
Sveži openssl paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
There is a carry propagating bug in the x64 Montgomery squaring procedure.
No EC algorithms are affected. Analysis suggests that attacks against RSA
and DSA as a result of this defect would be very difficult to perform and
are not believed likely. Attacks against DH are considered just feasible
(although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount of
resources required for such an attack would be very significant and likely
only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
For more information, see:
https://www.openssl.org/news/secadv/20171102.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
(* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 17 Nov 2017, 17:32
16.11.2017.
Sveži mozilla-firefox i libplist paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-52.5.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Code: Select all
patches/packages/libplist-2.0.0-i586-1_slack14.2.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 21 Nov 2017, 16:21
20.11.2017.
Sveži libtiff paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/libtiff-4.0.9-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 28 Nov 2017, 16:15
27.11.2017.
Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/samba-4.4.16-i586-2_slack14.2.txz: Rebuilt.
This is a security update in order to patch the following defects:
CVE-2017-14746 (Use-after-free vulnerability.)
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
CVE-2017-15275 (Server heap memory information leak.)
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
For more information, see:
https://www.samba.org/samba/security/CVE-2017-14746.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
https://www.samba.org/samba/security/CVE-2017-15275.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2017, 00:24
29.11.2017.
Sveži libXcursor i libXfont paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/libXcursor-1.1.15-i586-1_slack14.2.txz: Upgraded.
Fix heap overflows when parsing malicious files. (CVE-2017-16612)
It is possible to trigger heap overflows due to an integer overflow
while parsing images and a signedness issue while parsing comments.
The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes
4 bytes. Properly chosen values allow an overflow which in turn will
lead to less allocated memory than needed for subsequent reads.
The signedness bug is triggered by reading the length of a comment
as unsigned int, but casting it to int when calling the function
XcursorCommentCreate. Turning length into a negative value allows the
check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
addition of sizeof (XcursorComment) + 1 makes it possible to allocate
less memory than needed for subsequent reads.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
(* Security fix *)
Code: Select all
patches/packages/libXfont-1.5.1-i486-2_slack14.2.txz: Rebuilt.
Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root
to open any file by creating own directory with "fonts.dir",
"fonts.alias" or any font file being a symbolic link to any other
file in the system. X server will then open it. This can be issue
with special files such as /dev/watchdog (which could then reboot
the system).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2017, 00:25
29.11.2017.
Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/curl-7.57.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
SSL out of buffer access
FTP wildcard out of bounds read
NTLM buffer overflow via integer overflow
For more information, see:
https://curl.haxx.se/docs/adv_2017-af0a.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818
https://curl.haxx.se/docs/adv_2017-ae72.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
https://curl.haxx.se/docs/adv_2017-12e7.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 16 Dec 2017, 10:33
08.12.2017.
Sveži openssl paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Read/write after SSL object in error state
rsaz_1024_mul_avx2 overflow bug on x86_64
For more information, see:
https://www.openssl.org/news/secadv/20171207.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738
(* Security fix *)
patches/packages/openssl-solibs-1.0.2n-i586-1_slack14.2.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: Google [Bot] and 102 guests