Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Dec 2020, 16:28


24.11.2020.

Sveži mutt paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/mutt-1.10.1-i586-2_slack14.2.txz:  Rebuilt.
  Mutt had incorrect error handling when initially connecting to an IMAP
  server, which could result in an attempt to authenticate without enabling TLS.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Dec 2020, 16:29


25.11.2020.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.11.25-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs, including a denial-of-service security issue:
  After a Negative Trust Anchor (NTA) is added, BIND performs periodic
  checks to see if it is still necessary. If BIND encountered a failure
  while creating a query to perform such a check, it attempted to
  dereference a NULL pointer, resulting in a crash. [GL #2244]
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Dec 2020, 16:30


07.12.2020.

Sveži seamonkey paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/seamonkey-2.53.5.1-i686-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.5.1
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Dec 2020, 16:31


09.12.2020.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.74.0-i586-1_slack14.2.txz:  Upgraded.
  This release includes the following security related bugfixes:
  Inferior OCSP verification [93]
  FTP wildcard stack overflow [95]
  Trusting FTP PASV responses [97]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Dec 2020, 16:32


12.12.2020.

Sveži p11-kit paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/p11-kit-0.23.22-i586-1_slack14.2.txz:  Upgraded.
  Fix memory-safety issues that affect the RPC protocol.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Feb 2021, 20:30


11.01.2021.

Sveži sudo paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/sudo-1.9.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  Potential information leak in sudoedit that could be used to test for
  the existence of directories not normally accessible to the user.
  Flaw in the temporary file handling of sudoedit's SELinux RBAC support.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23239
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23240
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Feb 2021, 20:31


14.01.2021.

Sveži wavpack paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/wavpack-5.4.0-i586-1_slack14.2.txz:  Upgraded.
  WavPack 5.4.0 fixes an issue where a specially crafted WAV file could cause
  the wavpack command-line program to crash with an out-of-bounds write.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35738
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Feb 2021, 20:32


24.01.2021

Sveži seamonkey paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/seamonkey-2.53.6-i686-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.6
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Feb 2021, 20:33


26.01.2021.

Sveži sudo paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/sudo-1.9.5p2-i586-1_slack14.2.txz:  Upgraded.
  When invoked as sudoedit, the same set of command line options
  are now accepted as for "sudo -e". The -H and -P options are
  now rejected for sudoedit and "sudo -e" which matches the sudo
  1.7 behavior. This is part of the fix for CVE-2021-3156.
  Fixed a potential buffer overflow when unescaping backslashes
  in the command's arguments. Normally, sudo escapes special
  characters when running a command via a shell (sudo -s or sudo
  -i). However, it was also possible to run sudoedit with the -s
  or -i flags in which case no escaping had actually been done,
  making a buffer overflow possible. This fixes CVE-2021-3156.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Feb 2021, 20:34


09.02.2021.

Sveži dnsmasq paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/dnsmasq-2.84-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and remotely exploitable security issues:
    Use the values of --min-port and --max-port in outgoing
    TCP connections to upstream DNS servers.
    Fix a remote buffer overflow problem in the DNSSEC code. Any
    dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
    referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
    CVE-2020-25687.
    Be sure to only accept UDP DNS query replies at the address
    from which the query was originated. This keeps as much entropy
    in the {query-ID, random-port} tuple as possible, to help defeat
    cache poisoning attacks. Refer: CVE-2020-25684.
    Use the SHA-256 hash function to verify that DNS answers
    received are for the questions originally asked. This replaces
    the slightly insecure SHA-1 (when compiled with DNSSEC) or
    the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
    Handle multiple identical near simultaneous DNS queries better.
    Previously, such queries would all be forwarded
    independently. This is, in theory, inefficent but in practise
    not a problem, _except_ that is means that an answer for any
    of the forwarded queries will be accepted and cached.
    An attacker can send a query multiple times, and for each repeat,
    another {port, ID} becomes capable of accepting the answer he is
    sending in the blind, to random IDs and ports. The chance of a
    succesful attack is therefore multiplied by the number of repeats
    of the query. The new behaviour detects repeated queries and
    merely stores the clients sending repeats so that when the
    first query completes, the answer can be sent to all the
    clients who asked. Refer: CVE-2020-25686.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 43 guests