Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Jan 2018, 11:13


19.12.2017.

Sveži ruby paket za Slackware 14.2 i -current:

Code: Select all

patches/packages/ruby-2.2.9-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile
  use Kernel#open to open a local file. If the localfile argument starts with
  the pipe character "|", the command following the pipe character is executed.
  The default value of localfile is File.basename(remotefile), so malicious FTP
  servers could cause arbitrary command execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Jan 2018, 11:13


22.12.2017.

Sveži mozilla-thunderbird paket za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-52.5.2-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/52.5.2/releasenotes/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Jan 2018, 11:14


08.01.2018.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes multiple security vulnerabilities.
  For more information, see:
    https://irssi.org/security/irssi_sa_2018_01.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jan 2018, 19:16


15.01.2018.

Sveži kernel paketi za Slackware 14.0 i 14.2:

Code: Select all

patches/packages/linux-4.4.111/*:  Upgraded.
  This kernel includes mitigations for the Spectre (variant 2) and Meltdown
  speculative side channel attacks.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jan 2018, 19:17


17.01.2018.

Sveži bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a high severity security issue:
  Improper sequencing during cleanup can lead to a use-after-free error,
  triggering an assertion failure and crash in named.
  For more information, see:
    https://kb.isc.org/article/AA-01542
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 28 Jan 2018, 22:45


20.01.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.6.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  Specifically, this update contains performance.now() mitigations for Spectre.
  For more information, see:
    https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 28 Jan 2018, 22:46


24.01.2018.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.58.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  HTTP authentication leak in redirects
  HTTP/2 trailer out-of-bounds read
  For more information, see:
    https://curl.haxx.se/docs/adv_2018-b3bf.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-824a.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 28 Jan 2018, 22:47


25.01.2018.

Sveži mozilla-thunderbird paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-52.6.0-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Feb 2018, 13:01


01.02.2018.

Sveži rsync paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/rsync-3.1.3-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two security issues:
  Fixed a buffer overrun in the protocol's handling of xattr names and
  ensure that the received name is null terminated.
  Fix an issue with --protect-args where the user could specify the arg in
  the protected-arg list and short-circuit some of the arg-sanitizing code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764
  (* Security fix *)
Sveži mariadb paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mariadb-10.0.34-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2639
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Feb 2018, 13:02


03.02.2018.

Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/php-5.6.33-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues, including:
  Potential infinite loop in gdImageCreateFromGifCtx.
  Reflected XSS in .phar 404 page.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest