Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Mar 2013, 07:50


09.03.2013.

Firefox i Thunderbird bezbednosne nadogradnje za Slackware 13.37, 14.0 i -current i obe arhitekture

Code: Select all

patches/packages/mozilla-firefox-19.0.2-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Mar 2013, 21:19


13.03.2013.

Novi perl paketi za Slackware 13.1, 13.37, 14.0 i -current.
Seamonkey samo za 13.37, 14.0 i -current.

Code: Select all

patches/packages/perl-5.16.3-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a flaw in the rehashing code that can be exploited
  to carry out a denial of service attack against code that uses arbitrary
  user input as hash keys.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.16.1-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16.1-i486-1_slack14.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Mar 2013, 21:21


16.03.2013.

Ruby paketi za Slackware 13.1, 13.37, 14.0 i -current.

Code: Select all

patches/packages/ruby-1.9.3_p392-i486-1_slack14.0.txz:  Upgraded.
  This release includes security fixes about bundled JSON and REXML.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Mar 2013, 14:38


23.03.2013.

PHP nadogradnja za verzije 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/php-5.4.13-i486-1_slack14.0.txz:  Upgraded.
  This release fixes two security issues in SOAP:
  Added check that soap.wsdl_cache_dir conforms to open_basedir.
  Disabled external entities loading.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Mar 2013, 16:59


27.03.2013.

Dhcp i bind nadogradnje za verzije 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current i obe arhitekture:

Code: Select all

patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz:  Upgraded.
  This update replaces the included BIND 9 code that the DHCP programs
  link against.  Those contained a defect that could possibly lead to
  excessive memory consumption and a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
  (* Security fix *)

patches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a critical defect in BIND 9 that allows an attacker
  to cause excessive memory consumption in named or other programs linked
  to libdns.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
    https://kb.isc.org/article/AA-00871
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Mar 2013, 21:22


28.03.2013.

Libssh nadogradnja za Slackware 14 i -current.

Code: Select all

patches/packages/libssh-0.5.4-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a possible denial of service issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Apr 2013, 12:38


03.04.2013.

Stigao Firefox 20 i nadogradnja za Thunderbird za Slackware 13.37, 14.0 i -current

Code: Select all

patches/packages/mozilla-firefox-20.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-17.0.5-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Apr 2013, 15:31


Eto malo sam bio na proputovanju pa nisam baš mogao da pišem o novostima ali sad sam opet kraj računara i da vidimo šta smo propustili od nadogradnji kod stabilnih i -current verzija Slackware GNU/Linuxa :)

05.04.2013.

Subversion za Slackware 13.0, 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/subversion-1.7.9-i486-1_slack14.0.txz:  Upgraded.
  This update fixes some denial of service bugs:
    mod_dav_svn excessive memory usage from property changes
    mod_dav_svn crashes on LOCK requests against activity URLs
    mod_dav_svn crashes on LOCK requests against non-existant URLs
    mod_dav_svn crashes on PROPFIND requests against activity URLs
    mod_dav_svn crashes on out of range limit in log REPORT request
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
  (* Security fix *)
07.04.2013.

Seamonkey za Slackware 13.37, 14.0 i -current:

Code: Select all

patches/packages/seamonkey-2.17-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.17-i486-1_slack14.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Apr 2013, 20:43


19.04.2013.

Zanimljivo da se kroz changelog za stabilnu verziju nije našao seamonkey 2.17.1, koja je stigla malo posle verzije 2.17.

U ovom update-u stiže zakrpa za Xorg za Slackware 13.37, 14.0 i -current.

Code: Select all

patches/packages/xorg-server-1.12.4-i486-1_slack14.0.txz:  Upgraded.
  This update fixes an input flush bug with evdev.  Under exceptional
  conditions (keyboard input during device hotplugging), this could leak
  a small amount of information intended for the X server.
  This issue was evaluated to be of low impact.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940
    http://lists.x.org/archives/xorg-devel/2013-April/036014.html
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz:  Upgraded.
patches/packages/xorg-server-xnest-1.12.4-i486-1_slack14.0.txz:  Upgraded.
patches/packages/xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 May 2013, 00:38


15.05.2013.

Slackware 13.37, 14 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-17.0.6-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/mozilla-firefox-21.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
16.05.2013.

Slackware 13.1, 13.37, 14 i -current:

Code: Select all

patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a security issue in DL and Fiddle included in Ruby where
  tainted strings can be used by system calls regardless of the $SAFE level
  setting.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065
    http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 34 guests