Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:11


28.11.2018.

Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/samba-4.6.16-i586-2_slack14.2.txz:  Rebuilt.
  This update patches some security issues:
  CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
  CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT
  CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server
  CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers
  CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported)
  CVE-2018-16857: Bad password count in AD DC not always effective
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-14629.html
    https://www.samba.org/samba/security/CVE-2018-16841.html
    https://www.samba.org/samba/security/CVE-2018-16851.html
    https://www.samba.org/samba/security/CVE-2018-16852.html
    https://www.samba.org/samba/security/CVE-2018-16853.html
    https://www.samba.org/samba/security/CVE-2018-16857.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:12


03.12.2018.

Sveži mozilla-nss paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/mozilla-nss-3.40.1-i586-1_slack14.2.txz:  Upgraded.
  Upgraded to nss-3.40.1 and nspr-4.20.
  Mitigate cache side-channel variant of the Bleichenbacher attack.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:14


05.12.2018.

Sveži gnutls i nettle paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and
  padding oracle verification.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868
  (* Security fix *)

Code: Select all

This update fixes a security issue:
  A Bleichenbacher type side-channel based padding oracle attack was found
  in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5
  data. An attacker who is able to run a process on the same physical core
  as the victim process, could use this flaw to extract plaintext or in some
  cases downgrade any TLS connections to a vulnerable server.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:15


07.12.2018.

Sveži php paketi za Slackware 14.0, 14,1, 14.2 i -current:

Code: Select all

Several security bugs have been fixed in this release:
  Segfault when using convert.quoted-printable-encode filter.
  Null pointer dereference in imap_mail.
  imap_open allows to run arbitrary shell commands via mailbox parameter.
  PharData always creates new files with mode 0666.
  Heap Buffer Overflow (READ: 4) in phar_parse_pharfile.
  For more information, see:
    https://php.net/ChangeLog-5.php#5.6.39
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:16


11.12.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-17466
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Dec 2018, 21:17


21.12.2018.

Sveži netatalk paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz:  Upgraded.
  Netatalk before 3.1.12 is vulnerable to an out of bounds write in
  dsi_opensess.c. This is due to lack of bounds checking on attacker
  controlled data. A remote unauthenticated attacker can leverage
  this vulnerability to achieve arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Jan 2019, 23:23


11.01.2019.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.1.2-i586-1_slack14.2.txz:  Upgraded.
  This update addresses bugs including security and stability issues:
  A NULL pointer dereference occurs for an "empty" nick.
  Certain nick names could result in out-of-bounds access when printing
  theme strings.
  Crash due to a NULL pointer dereference w hen the number of windows
  exceeds the available space.
  Use-after-free when SASL messages are received in an unexpected order.
  Use-after-free when a server is disconnected during netsplits.
  Use-after-free when hidden lines were expired from the scroll buffer.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5882
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Jan 2019, 23:24


13.01.2019.

Sveži zsh paketi za Slacwkare 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/zsh-5.6.2-i586-1_slack14.2.txz:  Upgraded.
  This release fixes security issues, including ones that could allow a local
  attacker to execute arbitrary code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1100
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jan 2019, 21:14


22.01.2019.

Sveži httpd paketi za Slackware 14.0, 14.1 i 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.38-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_session: mod_session_cookie does not respect expiry time allowing
  sessions to be reused.  [Hank Ibell]
  mod_http2: fixes a DoS attack vector. By sending slow request bodies
  to resources not consuming them, httpd cleanup code occupies a server
  thread unnecessarily. This was changed to an immediate stream reset
  which discards all stream state and incoming data.  [Stefan Eissing]
  mod_ssl: Fix infinite loop triggered by a client-initiated
  renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
  later.  PR 63052.  [Joe Orton]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2792
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jan 2019, 21:16


29.01.2019.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests