Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Sep 2017, 09:47


15.09.2017.

Sveži bluez paketi za Slackware 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bluez-5.47-i586-1_slack14.2.txz:  Upgraded.
  Fixed an information disclosure vulnerability which allows remote attackers
  to obtain sensitive information from the bluetoothd process memory. This
  vulnerability lies in the processing of SDP search attribute requests.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
  (* Security fix *)
Sveži kernel paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/linux-4.4.88/*:  Upgraded.
  This update fixes the security vulnerability known as "BlueBorne".
  The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
  Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in
  the processing of L2CAP configuration responses resulting in remote
  code execution in kernel space.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
    https://www.armis.com/blueborne
  (* Security fix *)
^^ BlueBorn fix - vezan za bluetooth propust u bezbednosti koji je skoro otkriven a prisutan dosta dugo.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2017, 17:06


18.09.2017.

Sveži httpd paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current :

Code: Select all

patches/packages/httpd-2.4.27-i586-2_slack14.2.txz:  Rebuilt.
  This update patches a security issue ("Optionsbleed") with the OPTIONS http
  method which may leak arbitrary pieces of memory to a potential attacker.
  Thanks to Hanno Bo:ck.
  For more information, see:
    http://seclists.org/oss-sec/2017/q3/477
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
  (* Security fix *)
Sveži libgcrypt i ruby paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz:  Upgraded.
  Mitigate a local side-channel attack on Curve25519 dubbed "May
  the Fourth be With You".
  For more information, see:
    https://eprint.iacr.org/2017/806
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379
  (* Security fix *)

Code: Select all

patches/packages/ruby-2.2.8-i586-1_slack14.2.txz:  Upgraded.
  This release includes several security fixes.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2017, 17:08


20.09.2017.

Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/samba-4.4.16-i586-1_slack14.2.txz:  Upgraded.
  This is a security release in order to address the following defects:
  SMB1/2/3 connections may not require signing where they should. A man in the
  middle attack may hijack client connections.
  SMB3 connections don't keep encryption across DFS redirects. A man in the
  middle attack can read and may alter confidential documents transferred via
  a client connection, which are reached via DFS redirect when the original
  connection used SMB3.
  Server memory information leak over SMB1. Client with write access to a share
  can cause server memory contents to be written into a file or printer.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2017-12150.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
    https://www.samba.org/samba/security/CVE-2017-12151.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
    https://www.samba.org/samba/security/CVE-2017-12163.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2017, 17:11


22.09.2017.

Sveži libxml2 i python paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libxml2-2.9.5-i586-1_slack14.2.txz:  Upgraded.
  This release fixes some security issues:
  Detect infinite recursion in parameter entities (Nick Wellnhofer),
  Fix handling of parameter-entity references (Nick Wellnhofer),
  Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),
  Fix XPointer paths beginning with range-to (Nick Wellnhofer).
  (* Security fix *)

Code: Select all

patches/packages/python-2.7.14-i586-1_slack14.2.txz:  Upgraded.
  Updated to the latest 2.7.x release.
  This fixes some security issues related to the bundled expat library.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2017, 17:12


27.09.2017.

Sveži gegl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/gegl-0.2.0-i586-4_slack14.2.txz:  Rebuilt.
  Patched integer overflows in operations/external/ppm-load.c that could allow
  a denial of service (application crash) or possibly the execution of
  arbitrary code via a large width or height value in a ppm image.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4433
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2017, 17:13


28.09.2017.

Sveži mozilla-firefox za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.4.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Oct 2017, 10:07


01.10.2017.

Sveži openexr paketi za Slackware 14.2 i -current

Code: Select all

patches/packages/openexr-2.2.0-i586-2_slack14.2.txz:  Rebuilt.
  Patched bugs that may lead to program crashes or possibly execution of
  arbitrary code. Thanks to Thomas Choi for the patch.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Oct 2017, 10:09


02.10.2017.

Osveženi dnsmasq paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and remotely exploitable security issues that may
  have impacts including denial of service, information leak, and execution
  of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana,
  Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team.
  For more information, see:
    https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Oct 2017, 17:21


05.10.2017.

Sveži curl i xorg-server paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.56.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  libcurl may read outside of a heap allocated buffer when doing FTP.
  For more information, see:
    https://curl.haxx.se/docs/adv_20171004.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
  (* Security fix *)

Code: Select all

patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
  This update fixes two security issues:
  Xext/shm: Validate shmseg resource id, otherwise it can belong to a
  non-existing client and abort X server with FatalError "client not
  in use", or overwrite existing segment of another existing client.
  Generating strings for XKB data used a single shared static buffer,
  which offered several opportunities for errors. Use a ring of
  resizable buffers instead, to avoid problems when strings end up
  longer than anticipated.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13723
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
Sveži openjpeg paketi za Slacwkare 14.2 i -current:

Code: Select all

patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues which may lead to a denial of service
  or possibly remote code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Oct 2017, 09:23


18.10.2017.

Sveži libXres paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/libXres-1.2.0-i586-1_slack14.2.txz:  Upgraded.
  Integer overflows may allow X servers to trigger allocation of insufficient
  memory and a buffer overflow via vectors related to the (1)
  XResQueryClients and (2) XResQueryClientResources functions.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
  (* Security fix *)
Sveži wpa_supplicant i xorg-server za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded.
  This update includes patches to mitigate the WPA2 protocol issues known
  as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
  hijack TCP connections, and to forge and inject packets. This is the
  list of vulnerabilities that are addressed here:
  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
    4-way handshake.
  CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
    handshake.
  CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
    handshake.
  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
    key handshake.
  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
    while processing it.
  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake.
  CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame.
  CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  For more information, see:
    https://www.krackattacks.com/
    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
  (* Security fix *)

Code: Select all

patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz:  Rebuilt.
  This update fixes integer overflows and other possible security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 31 guests