Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 12 Jul 2014, 10:45
11.07.2014.
Php nadogradnja za Slackware 14.0, 14.1, i
-current:
Code: Select all
patches/packages/php-5.4.30-i486-1_slack14.1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 24 Jul 2014, 12:47
23.07.2014.
Bezbednosne nadogradnje httpd paketa za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i
-current:
Code: Select all
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM. [Ben Reser]
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
*) SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener]
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
(* Security fix *)
Bezbednosne nadogradnje Mozilla Firefox i Thunderbird paketa za Slackware 14.1 i
-current:
Code: Select all
patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Code: Select all
patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Aug 2014, 14:24
01.08.2014.
Nadogradnje za dhcpcd za Slackware 13.1, 13.37, 14.0, 14.1 i
-current:
Code: Select all
patches/packages/dhcpcd-6.0.5-i486-3_slack14.1.txz: Rebuilt.
This update fixes a security issue where a specially crafted packet
received from a malicious DHCP server causes dhcpcd to enter an infinite
loop causing a denial of service.
Thanks to Tobias Stoeckmann for the bug report.
(* Security fix *)
Nadogradnja za samba za Slackware 14.1 i
-current:
Code: Select all
patches/packages/samba-4.1.11-i486-1_slack14.1.txz: Upgraded.
This update fixes a remote code execution attack on unauthenticated nmbd
NetBIOS name services. A malicious browser can send packets that may
overwrite the heap of the target nmbd NetBIOS name services daemon.
It may be possible to use this to generate a remote code execution
vulnerability as the superuser (root).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 09 Aug 2014, 01:16
08.08.2014.
Novi openssl paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i
-current:
Code: Select all
patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded.
This update fixes several security issues:
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
Information leak in pretty printing functions (CVE-2014-3508)
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
SRP buffer overrun (CVE-2014-3512)
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
For more information, see:
https://www.openssl.org/news/secadv_20140806.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
(* Security fix *)
patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded.
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 05 Sep 2014, 00:54
04.09.2014.
Firefox i Thunderbird update za Slackware 14.1 i
-current:
Code: Select all
patches/packages/mozilla-firefox-24.8.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-thunderbird-24.8.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
Php update za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i
-current:
Code: Select all
patches/packages/php-5.4.32-i486-1_slack14.1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 09 Sep 2014, 21:37
09.09.2014.
Seamonkey 2.29 za Slackware 14.0, 14.1 i -
current
Code: Select all
patches/packages/seamonkey-2.29-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
(* Security fix *)
patches/packages/seamonkey-solibs-2.29-i486-1_slack14.1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Sep 2014, 10:31
24.09.2014.
Bash bezbednosna nadogradnja za Slackware 13.0, 13.1, 13.37, 14.0, 14.1
-current:
Code: Select all
patches/packages/bash-4.2.048-i486-1_slack14.1.txz: Upgraded.
This update fixes a vulnerability in bash related to how environment
variables are processed: trailing code in function definitions was
executed, independent of the variable name. In many common configurations
(such as the use of CGI scripts), this vulnerability is exploitable over
the network. Thanks to Stephane Chazelas for discovering this issue.
For more information, see:
http://seclists.org/oss-sec/2014/q3/650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
(* Security fix *)
Mozilla-nss bezbednosna nadogradnja za Slackware 14.0, 14.1
-current:
Code: Select all
patches/packages/mozilla-nss-3.16.5-i486-1_slack14.1.txz: Upgraded.
Fixed an RSA Signature Forgery vulnerability.
For more information, see:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Sep 2014, 23:25
25.09.2014.
Isto kao i danas samo sa novom zakrpom za Slackware 13.0, 13.1, 13.37, 14.0, 14.1
-current
Code: Select all
patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt.
Patched an additional trailing string processing vulnerability discovered
by Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 27 Sep 2014, 10:07
25.09.2014.
Nadogradnja koja pogađa samo Slackware 13.0:
Code: Select all
patches/packages/bash-3.1.018-i486-3_slack13.0.txz: Rebuilt.
The patch for CVE-2014-7169 needed to be rebased against bash-3.1 in order
to apply correctly. Thanks to B. Watson for the bug report.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 29 Sep 2014, 07:19
28.09.2014.
Sveži paketi Seamonkey za Slackware 14.0, 14.1 i
-current, kao i Firefox i Thunderbird paketi za Slackware 14.1 i
-current:
Code: Select all
patches/packages/seamonkey-2.29.1-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.29.1-i486-1_slack14.1.txz: Upgraded.
Code: Select all
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Code: Select all
patches/packages/mozilla-thunderbird-24.8.1-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 48 guests