Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Apr 2014, 18:32


08.04.2014.

Openssl nadogradnja za Slackware 14.0, 14.1 i -current. Ova nadogradnja rešava CVE-2014-0160 bug o kojem se može pročitati ovde. Proveru možete izvršiti na sledećoj adresi —> http://filippo.io/Heartbleed/" onclick="window.open(this.href);return false;

Code: Select all

patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Apr 2014, 11:01


21.04.2014.

Libyaml update za Slackware 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/libyaml-0.1.6-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
  where a specially crafted string could cause a heap overflow leading to
  arbitrary code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
    https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
  (* Security fix *)
PHP update za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/php-5.4.27-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue in the in the awk script detector
  which allows context-dependent attackers to cause a denial of service
  (CPU consumption) via a crafted ASCII file that triggers a large amount
  of backtracking.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Apr 2014, 12:40


29.04.2014.

Firefox i Thunderbird nadogradnje za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-firefox-24.5.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-24.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 May 2014, 08:30


11.05.2014.

Seamonkey nadogradnja za Slackware 14.0, 14.1 i current:

Code: Select all

patches/packages/seamonkey-2.26-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.26-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Jun 2014, 03:32


01.06.2014.

Novi mariadb paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mariadb-5.5.37-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 Jun 2014, 12:03


05.06.2014.

Gnutls, openssl i sendmail nadogradnje za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/gnutls-3.1.25-i486-1_slack14.1.txz:  Upgraded.
  A security issue has been corrected in gnutls.  This vulnerability
  affects the client side of the gnutls library.  A server that sends
  a specially crafted ServerHello could corrupt the memory of a requesting
  client.  This may allow a remote attacker to execute arbitrary code.
  Additional vulnerabilities in the embedded libtasn1 library have also
  been patched.
  Thanks to mancha for the backported patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)

Code: Select all

patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz:  Upgraded.
  Multiple security issues have been corrected, including a possible
  man-in-the-middle attack where weak keying material is forced, denial
  of service, and the execution of arbitrary code.
  For more information, see:
    http://www.openssl.org/news/secadv_20140605.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz:  Upgraded.

Code: Select all

patches/packages/sendmail-8.14.9-i486-1_slack14.1.txz:  Upgraded.
  This release fixes one security related bug by properly closing file
  descriptors (except stdin, stdout, and stderr) before executing programs.
  This bug could enable local users to interfere with an open SMTP
  connection if they can execute their own program for mail delivery
  (e.g., via procmail or the prog mailer).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956
  (* Security fix *)
patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.1.txz:  Upgraded.
Novi libtasn1 paket za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/libtasn1-3.6-i486-1_slack14.1.txz:  Upgraded.
  Multiple security issues have been corrected in the libtasn1 library.
  These errors allow a remote attacker to cause a denial of service, or
  possibly to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 07 Jun 2014, 17:43


06.06.2014.

Firefox nadogradnja za Slackware 14.1, ispravka bezbednosnih propusta.

Code: Select all

patches/packages/mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Jun 2014, 03:48


09.06.2014.

Php nadogradnja paketa za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/php-5.4.29-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues, including a possible denial
  of service, and an issue where insecure default permissions on the FPM
  socket may allow local users to run arbitrary code as the apache user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Jun 2014, 11:42


12.06.2014.

Firefox nadogradnja za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-24.6.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jun 2014, 19:07


24.06.2014.

Bind i gnupg nadogradnja za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/bind-9.9.5_P1-i486-1_slack14.1.txz:  Upgraded.
  This fixes security issues and other bugs.  Please note that the first
  CVE only affects Windows, and the second one was claimed to be fixed by
  an earlier version of BIND.  But we'll update anyway just in case.  :-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6230
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)

Code: Select all

patches/packages/gnupg-1.4.17-i486-1_slack14.1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
Gnupg2 nadogradnja za Slackware 13.37, 14.0, 14.1 -current:

Code: Select all

patches/packages/gnupg2-2.0.24-i486-1_slack14.1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
Seamonkey i Samba nadogradnja za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/samba-4.1.9-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues, including a flaw in Samba's
  internal DNS server which can be exploited to cause a denial of service,
  a flaw in SRV_SNAPSHOT_ARRAY that permits attackers to leverage
  configurations that use shadow_copy* for vfs objects to reveal potentially
  private server information, a denial of service on the nmbd NetBIOS name
  services daemon, and a denial of service crash involving overwriting
  memory on an authenticated connection to the smbd file server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.26.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.26.1-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 39 guests