Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 18 Jan 2013, 20:17
15.01.2013.
Freetype font, za obe arhitekture a važi za verzije Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current.
Code: Select all
patches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded.
This release fixes several security bugs that could cause freetype to
crash or run programs upon opening a specially crafted file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 2168
- Joined: 08 Jun 2010, 13:28
- Location: Centralna Srbija Kraljevo
-
Contact:
Post
Napisano: 19 Jan 2013, 13:56
Meni na 13.37.0 32bit nešto neda, kaže da ga već imam instaliranu tu verziju
Code: Select all
bash-4.1# upgradepkg --install-new freetype-2.4.11-i486-1_slack13.37.txz
+==============================================================================
| Skipping package freetype-2.4.11-i486-1_slack13.37 (already installed)
+==============================================================================
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 23 Jan 2013, 14:18
22.01.2013.
Mysql bezbedonosne zakrpe, za obe arhitekture a važi za verzije Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current.
Code: Select all
patches/packages/mysql-5.5.29-i486-1_slack14.0.txz: Upgraded.
Upgraded to the latest upstream version to fix security issues and provide
other bug fixes and improvements. Note that some of the changes may
possibly introduce incompatibilities with the previous package.
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 10 Feb 2013, 17:39
07.02.2013.
Curl bezbednosna nadogradnja - važi za Slackware 14 i current i za obe arhitekture:
Code: Select all
patches/packages/curl-7.29.0-i486-1_slack14.0.txz: Upgraded.
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack. This vulnerability
can be exploited by someone who is in control of a server that a libcurl
based program is accessing with POP3, SMTP or IMAP. For applications
that accept user provided URLs, it is also thinkable that a malicious
user would feed an application with a URL to a server hosting code
targeting this flaw.
Affected versions: curl 7.26.0 to and including 7.28.1
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 10 Feb 2013, 17:45
09.02.2013.
Bezbednosna nadogradnja za openssl - važi za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i current i obe arhitekture:
Code: Select all
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz: Upgraded.
Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
Emilia Käsper for the initial patch.
(CVE-2013-0169)
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
ciphersuites which can be exploited in a denial of service attack.
Thanks go to and to Adam Langley <agl@chromium.org> for discovering
and detecting this bug and to Wolfgang Ettlinger
<wolfgang.ettlinger@gmail.com> for independently discovering this issue.
(CVE-2012-2686)
[Adam Langley]
Return an error when checking OCSP signatures when key is NULL.
This fixes a DoS attack. (CVE-2013-0166)
[Steve Henson]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
(* Security fix *)
patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz: Upgraded.
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Feb 2013, 15:37
13.02.2013.
Blaga nadogradnja za Pidgin za Slackware 12.2, 13.0, 13.1, 13.37, 14.0 i current
Code: Select all
patches/packages/pidgin-2.10.7-i486-1_slack14.0.txz: Upgraded.
This update fixes several security issues:
Remote MXit user could specify local file path.
MXit buffer overflow reading data from network.
Sametime crash with long user IDs.
Crash when receiving a UPnP response with abnormally long values.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 2168
- Joined: 08 Jun 2010, 13:28
- Location: Centralna Srbija Kraljevo
-
Contact:
Post
Napisano: 21 Feb 2013, 20:26
=> 19. 02. 2013.
Slackware 13.37:
Code: Select all
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-19.0-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack13.37.txz
Slackware x86_64 13.37:
Code: Select all
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-19.0-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-17.0.3-x86_64-1_slack13.37.txz
Slackware 14.0:
Code: Select all
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-firefox-19.0-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack14.0.txz
Slackware x86_64 14.0:
Code: Select all
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-firefox-19.0-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-thunderbird-17.0.3-x86_64-1_slack14.0.txz
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 26 Feb 2013, 11:33
25.02.2013.
Novi seamonkey za Slackware 13.37, 14 i -current i obe arhitekture
Code: Select all
patches/packages/seamonkey-2.16-i486-1_slack14.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.16-i486-1_slack14.0.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 Mar 2013, 02:05
03.03.2013.
Nadogradnja za httpd paket. Nadogradnja je za verzije 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current, važi za obe arhitekture.
Code: Select all
patches/packages/httpd-2.4.4-i486-1_slack14.0.txz: Upgraded.
This update provides bugfixes and enhancements.
Two security issues are fixed:
* Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
* XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 10 Mar 2013, 07:47
06.03.2013.
Nadogradnja za
sudo za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -
current za obe arhitekture
Code: Select all
patches/packages/sudo-1.8.6p7-i486-1_slack14.0.txz: Upgraded.
This update fixes security issues that could allow a user to run commands
without authenticating after the password timeout has already expired.
Note that the vulnerability did not permit a user to run commands other
than those allowed by the sudoers policy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 85 guests