Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 29 Oct 2019, 00:11
14.10.2019.
Sveži sudo paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/sudo-1.8.28-i586-1_slack14.2.txz: Upgraded.
Fixed a bug where an sudo user may be able to run a command as root when
the Runas specification explicitly disallows root access as long as the
ALL keyword is listed first.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 29 Oct 2019, 00:17
20.10.2019.
Sveži python paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/python-2.7.17-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues:
Update vendorized expat library version to 2.2.8.
Disallow URL paths with embedded whitespace or control characters into the
underlying http client request. Such potentially malicious header injection
URLs now cause an httplib.InvalidURL exception to be raised.
Avoid file reading by disallowing ``local-file://`` and ``local_file://``
URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
:meth:`urllib.URLopener.retrieve`.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 29 Oct 2019, 00:18
22.10.2019.
Sveži mozilla-firefox paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2019, 23:01
04.11.2019.
Sveži libtiff paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/libtiff-4.1.0-i586-1_slack14.2.txz: Upgraded.
libtiff: fix integer overflow in _TIFFCheckMalloc() that could cause a crash.
tif_dir: unset transferfunction field if necessary.
pal2rgb: failed to free memory on a few errors.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2019, 23:02
07.11.2019.
Sveži kernel paketi za Slackware 14.2:
Code: Select all
patches/packages/linux-4.4.199/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 4.4.191:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117
Fixed in 4.4.193:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835
Fixed in 4.4.194:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821
Fixed in 4.4.195:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054
Fixed in 4.4.196:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215
Fixed in 4.4.197:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976
Fixed in 4.4.198:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133
Fixed in 4.4.199:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2019, 23:03
16.11.2019.
Sveži kernel paketi za Slackware 14.2:
Code: Select all
patches/packages/linux-4.4.202/*: Upgraded.
CRYPTO_CRC32C_INTEL m -> y
+X86_INTEL_TSX_MODE_AUTO n
+X86_INTEL_TSX_MODE_OFF y
+X86_INTEL_TSX_MODE_ON n
These updates fix various bugs and security issues, including mitigation for
the TSX Asynchronous Abort condition on some CPUs.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 4.4.201:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154
Fixed in 4.4.202:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 01 Dec 2019, 23:04
20.11.2019.
Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/bind-9.11.13-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
Set a limit on the number of concurrently served pipelined TCP queries.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 4591
- Joined: 04 Feb 2011, 20:32
- Location: Beograd
-
Contact:
Post
Napisano: 03 Apr 2020, 18:00
Samo kratak pregled zakrpa koje nisu (još uvek?) navedene u ovoj temi:
2020:
Code: Select all
2020-03-31 - [slackware-security] httpd (SSA:2020-091-02)
2020-03-31 - [slackware-security] gnutls (SSA:2020-091-01)
2020-03-26 - [slackware-security] Slackware 14.2 kernel (SSA:2020-086-01)
2020-03-23 - [slackware-security] gd (SSA:2020-083-01)
2020-03-13 - [slackware-security] mozilla-thunderbird (SSA:2020-073-01)
2020-03-10 - [slackware-security] mozilla-firefox (SSA:2020-070-01)
2020-03-04 - [slackware-security] ppp (SSA:2020-064-01)
2020-03-02 - [slackware-security] seamonkey (SSA:2020-062-01)
2020-02-20 - [slackware-security] proftpd (SSA:2020-051-01)
2020-02-12 - [slackware-security] libarchive (SSA:2020-043-01)
2020-02-11 - [slackware-security] mozilla-thunderbird (SSA:2020-042-02)
2020-02-11 - [slackware-security] mozilla-firefox (SSA:2020-042-01)
2020-01-31 - [slackware-security] sudo (SSA:2020-031-01)
2020-01-24 - [slackware-security] mozilla-thunderbird (SSA:2020-024-01)
2020-01-10 - [slackware-security] mozilla-thunderbird (SSA:2020-010-01)
2020-01-09 - [slackware-security] mozilla-firefox (SSA:2020-009-01)
2020-01-08 - [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
2020-01-06 - [slackware-security] mozilla-firefox (SSA:2020-006-01)
Detaljnije:
http://www.slackware.com/security/list. ... ity&y=2020
2019:
Code: Select all
2019-12-20 - [slackware-security] tigervnc (SSA:2019-354-02)
2019-12-20 - [slackware-security] openssl (SSA:2019-354-01)
2019-12-19 - [slackware-security] wavpack (SSA:2019-353-01)
2019-12-03 - [slackware-security] mozilla-firefox (SSA:2019-337-01)
Detaljnije:
http://www.slackware.com/security/list. ... ity&y=2019
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 08 Aug 2020, 17:40
03.04.2020.
Sveži mozilla-firefox paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-68.6.1esr-i686-1_slack14.2.txz: Upgraded.
This release contains critical security fixes and improvements.
"Under certain conditions, when running the nsDocShell destructor, a race
condition can cause a use-after-free. We are aware of targeted attacks in
the wild abusing this flaw."
"Under certain conditions, when handling a ReadableStream, a race condition
can cause a use-after-free. We are aware of targeted attacks in the wild
abusing this flaw."
For more information, see:
https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 08 Aug 2020, 17:55
07.04.2020.
Sveži mozilla-firefox paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 50 guests