Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:44


01.08.2018.

Sveži blueman paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/blueman-2.0.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes an issue where blueman-mechanism did not enforce the
  polkit action 'org.blueman.network.setup' for which a polkit policy is
  shipped. This meant that any user with access to the D-Bus system bus was
  able to access the related API without authentication. The result was an
  unspecified impact on the networking stack.
  Thanks to Matthias Gerstner for discovering this issue.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:46


02.08.2018.

Sveži lftp paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/lftp-4.8.4-i586-1_slack14.2.txz:  Upgraded.
  It has been discovered that lftp up to and including version 4.8.3 does
  not properly sanitize remote file names, leading to a loss of integrity
  on the local system when reverse mirroring is used. A remote attacker
  may trick a user to use reverse mirroring on an attacker controlled FTP
  server, resulting in the removal of all files in the current working
  directory of the victim's system.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Aug 2018, 17:47


10.08.2018.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.10.8_P1-i586-1_slack14.2.txz:  Upgraded.
  Fixed a security issue where named could crash during recursive processing
  of DNAME records when "deny-answer-aliases" was in use resulting in a
  denial of service. Note that "deny-answer-aliases" is rarely used.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740
  (* Security fix*)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:09


14.08.2018.

Sveži openssl paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two low severity security issues:
  Client DoS due to large DH parameter.
  Cache timing vulnerability in RSA Key Generation.
  For more information, see:
    https://www.openssl.org/news/secadv/20180612.txt
    https://www.openssl.org/news/secadv/20180416.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2p-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:11


17.08.2018.

Sveži ntp i samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz:  Upgraded.
  This release improves on one security fix in ntpd:
    LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
    While fixed in ntp-4.2.8p7 and with significant additional protections for
    this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
    the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
    Edge-case hole reported by Martin Burnicki of Meinberg.
  And fixes another security issue in ntpq and ntpdc:
    LOW: Sec 3505: The openhost() function used during command-line hostname
    processing by ntpq and ntpdc can write beyond its buffer limit, which
    could allow  an attacker to achieve code execution or escalate to higher
    privileges via a long string as the argument for an IPv4 or IPv6
    command-line parameter. NOTE: It is unclear whether there are any common
    situations in which ntpq or ntpdc is used with a command line from an
    untrusted source. Reported by Fakhri Zulkifli.
  For more information, see:
    http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
  (* Security fix *)

Code: Select all

patches/packages/samba-4.6.16-i586-1_slack14.2.txz:  Upgraded.
  This is a security release in order to address the following defects:
  Insufficient input validation on client directory listing in libsmbclient.
  A malicious server could return a directory entry that could corrupt
  libsmbclient memory.
  Confidential attribute disclosure from the AD LDAP server.
  Missing access control checks allow discovery of confidential attribute
  values via authenticated LDAP search expressions.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-10858.html
    https://www.samba.org/samba/security/CVE-2018-10919.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Aug 2018, 20:12


21.08.2018.

Sveži libX11 paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libX11-1.6.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes some security issues:
  Fixed crash on invalid reply (CVE-2018-14598).
  Fixed off-by-one writes (CVE-2018-14599).
  Fixed out of boundary write (CVE-2018-14600).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14599
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Sep 2018, 20:10


28.08.2018.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.153/*:  Upgraded.
  This kernel update enables mitigations for L1 Terminal Fault aka
  Foreshadow and Foreshadow-NG vulnerabilities.
  Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing
  us from upgrading to earlier 4.4.x kernels that contained this fix.
  To see the status of CPU vulnerability mitigations on your system, look at
  the files in: /sys/devices/system/cpu/vulnerabilities
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Sep 2018, 20:13


06.09.2018.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.61.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes an NTLM password overflow via integer overflow.
  For more information, see:
    https://curl.haxx.se/docs/CVE-2018-14618.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
  (* Security fix *)
Sveži ghostscript, mozilla-firefox i mozilla-thunderbird paketi za Slackare 14.2 i -current:

Code: Select all

patches/packages/ghostscript-9.24-i586-1_slack14.2.txz:  Upgraded.
  Patched multiple -dSAFER sandbox bypass vulnerabilities.
  Thanks to Tavis Ormandy.
  For more information, see:
    https://www.ghostscript.com/doc/9.24/News.htm
    https://www.kb.cert.org/vuls/id/332928
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-60.0-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/60.0/releasenotes/
    https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Sep 2018, 20:14


13.09.2018.

Sveži ghostscript paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/ghostscript-9.25-i586-1_slack14.2.txz:  Upgraded.
  This release fixes problems with argument handling, some unintended
  results of the security fixes to the SAFER file access restrictions
  (specifically accessing ICC profile files), and some additional
  security issues over the recent 9.24 release.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Sep 2018, 20:15


14.09.2018.

Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/php-5.6.38-i586-1_slack14.2.txz:  Upgraded.
  One security bug has been fixed in this release:
  Apache2: XSS due to the header Transfer-Encoding: chunked
  For more information, see:
    https://php.net/ChangeLog-5.php#5.6.38
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests