Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Oct 2018, 17:28


21.09.2018.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.157/*:  Upgraded.
  This kernel removes the unnecessary vmacache_flush_all code which could have
  led to a use-after-free situation and potentially local privilege escalation.
  In addition, it fixes some regressions which may have led to diminished X
  performance.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Oct 2018, 17:29


22.09.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
   A potentially exploitable crash in TransportSecurityInfo used for SSL
   can be triggered by data stored in the local cache in the user profile
   directory. This issue is only exploitable in combination with another
   vulnerability allowing an attacker to write data into the local cache
   or from locally installed malware. This issue also triggers a
   non-exploitable startup crash for users switching between the Nightly
   and Release versions of Firefox if the same profile is used.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Oct 2018, 19:12


02.10.2018.

Novi mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-60.2.2esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12387
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Oct 2018, 19:14


10.10.2018.

Novi git paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/git-2.14.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Submodules' "URL"s come from the untrusted .gitmodules file, but we
  blindly gave it to "git clone" to clone submodules when "git clone
  --recurse-submodules" was used to clone a project that has such a
  submodule. The code has been hardened to reject such malformed URLs
  (e.g. one that begins with a dash). Credit for finding and fixing this
  vulnerability goes to joernchen and Jeff King, respectively.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Oct 2018, 21:24


16.10.2018.

Sveži libssh paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libssh-0.7.6-i586-1_slack14.2.txz:  Upgraded.
  Fixed authentication bypass vulnerability.
  For more information, see:
    https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Oct 2018, 21:26


22.10.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-60.3.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Nov 2018, 17:47


31.10.2018.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.62.0-i586-1_slack14.2.txz:  Upgraded.
  This release fixes the following security issues:
  SASL password overflow via integer overflow.
  Use-after-free in handle close.
  Warning message out-of-buffer read.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Nov 2018, 18:11


05.11.2018.

Sveži mariadb paketi za Slackware 14.1 i 14.2,

Code: Select all

patches/packages/mariadb-10.0.37-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Nov 2018, 18:12


12.11.2018.

Sveži libtiff paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz:  Upgraded.
  This update fixes some denial of service security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Nov 2018, 20:34


21.11.2018.

Sveži openssl paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a timing side-channel flaw on processors which implement
  SMT/Hyper-Threading architectures, and a side channel attack on DSA
  signature generation that could allow an attacker to recover the private key.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests