Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 May 2018, 22:11
03.05.2018.
Sveži seamonkey paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/seamonkey-2.49.3-i586-1_slack14.2.txz: Upgraded.
This update contains security fixes and improvements.
For more information (when it appears), see:
http://www.seamonkey-project.org/releases/seamonkey2.49.3
(* Security fix *)
patches/packages/seamonkey-solibs-2.49.3-i586-1_slack14.2.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 May 2018, 22:12
04.05.2018.
Sveži python paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/python-2.7.15-i586-1_slack14.2.txz: Upgraded.
Updated to the latest 2.7.x release.
This fixes some security issues in difflib and poplib (regexes vulnerable
to denial of service attacks), as well as security issues with the bundled
expat library.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 May 2018, 22:14
09.05.2018.
Sveži mozilla-firefox paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-52.8.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/
(* Security fix *)
Sveži wget paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/wget-1.19.5-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue where a malicious web server could inject arbitrary
cookies into the cookie jar file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 May 2018, 22:14
10.05.2018.
Sveži maridb paketi za Slackware 14.1 i 14.2:
Code: Select all
patches/packages/mariadb-10.0.35-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 24 May 2018, 20:26
16.05.2018.
Sveži curl i php paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/curl-7.60.0-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes:
FTP: shutdown response buffer overflow
RTSP: bad headers buffer over-read
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
(* Security fix *)
Code: Select all
patches/packages/php-5.6.36-i586-1_slack14.2.txz: Upgraded.
This fixes many bugs, including some security issues:
Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
stream filter convert.iconv leads to infinite loop on invalid sequence
Malicious LDAP-Server Response causes crash
fix for CVE-2018-5712 may not be complete
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 24 May 2018, 20:28
22.05.2018.
Sveži kernel paketi za Slackware 14.2:
Code: Select all
patches/packages/linux-4.4.132/*: Upgraded.
This kernel upgrade is being provided primarily to fix a regression in the
getsockopt() function, but it also contains fixes for two denial-of-service
security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
(* Security fix *)
Sveži mozilla-thunderbird i procps-ng paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-52.8.0-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/52.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/
(* Security fix *)
Code: Select all
patches/packages/procps-ng-3.3.15-i586-1_slack14.2.txz: Upgraded.
Shared library .so-version bump.
This update fixes bugs and security issues:
library: Fix integer overflow and LPE in file2strvec
library: Use size_t for alloc functions
pgrep: Fix stack-based buffer overflow
ps: Fix buffer overflow in output buffer, causing DOS
top: Don't use cwd for location of config
For more information, see:
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Jun 2018, 12:49
01.06.2018.
Sveži git paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/git-2.14.4-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 07 Jun 2018, 15:45
06.06.2018.
Sveži mozilla-firefox paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-52.8.1esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 16 Jun 2018, 19:38
08.06.2018.
Sveži gnupg2 paketi za Slackware 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz: Upgraded.
Sanitize the diagnostic output of the original file name in verbose mode.
By using a made up file name in the message it was possible to fake status
messages. Using this technique it was for example possible to fake the
verification status of a signed mail.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 16 Jun 2018, 19:39
13.06.2018.
Sveži libgcrypt paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/libgcrypt-1.7.10-i586-1_slack14.2.txz: Upgraded.
Use blinding for ECDSA signing to mitigate a novel side-channel attack.
For more information, see:
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 83 guests