Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Feb 2017, 17:34


23.01.2017.

Novi mozilla-firefox paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-45.7.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Feb 2017, 17:35


26.01.2017.

Novi mozilla-thunderbird paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 09:32


10.02.2017.

Sveži bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/bind-9.10.4_P6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a denial-of-service vulnerability.  Under some conditions
  when using both DNS64 and RPZ to rewrite query responses, query processing
  can resume in an inconsistent state leading to either an INSIST assertion
  failure or an attempt to read through a NULL pointer.
  For more information, see:
    https://kb.isc.org/article/AA-01453
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135
  (* Security fix *)
Sveži openssl paketi za Slackware 14.2 i -current

Code: Select all

patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  Truncated packet could crash via OOB read (CVE-2017-3731)
  BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
  Montgomery multiplication may produce incorrect results (CVE-2016-7055)
  For more information, see:
    https://www.openssl.org/news/secadv/20170126.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz:  Upgraded.
Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/php-5.6.30-i586-1_slack14.2.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    https://php.net/ChangeLog-5.php#5.6.30
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10158
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161
  (* Security fix *)
Sveži tcpdump paketi za Slackware 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/tcpdump-4.9.0-i586-1_slack14.2.txz:  Upgraded.
  Fixed bugs which allow an attacker to crash tcpdump (denial of service).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 09:34


07.03.2017.

Sveži firefox i thunderbird paketi za Slackware 14.1, 14.2 i -current

Code: Select all

patches/packages/mozilla-thunderbird-45.8.0-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
  
patches/packages/mozilla-firefox-45.8.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:07


15.03.2017.

Sveži pidgin paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/pidgin-2.12.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a minor security issue (out of bounds memory read in
  purple_markup_unescape_entity).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2640
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:08


23.03.2017.

Sveži mcabber i samba paketi za Slackware 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/mcabber-1.0.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP
  clients allows a remote attacker to impersonate any user, including
  contacts, in the vulnerable application's display.  This allows for various
  kinds of social engineering attacks.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5604
  (* Security fix *)
  
patches/packages/samba-4.4.12-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to
  a malicious client using a symlink race to allow access to areas of
  the server file system not exported under the share definition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:09


28.03.2017.

Sveži mariadb paketi za Slackware 14.2 i -current

Code: Select all

patches/packages/mariadb-10.0.30-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  Crash in libmysqlclient.so.
  Difficult to exploit vulnerability allows low privileged attacker with
  logon to compromise the server.  Successful attacks of this vulnerability
  can result in unauthorized access to data.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:10


31.03.2017.

Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/samba-4.4.13-i586-1_slack14.2.txz:  Upgraded.
  This is a bug fix release to address a regression introduced by the security
  fixes for CVE-2017-2619 (Symlink race allows access outside share definition).
  Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:11


08.04.2017.

Sveži libtiff paketi za Slackware 14.2 i -current

Code: Select all

patches/packages/libtiff-4.0.7-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2379
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:12


10.04.2017.

Sveži vim paketi za Slackware 14.0 i 14.1

Code: Select all

patches/packages/vim-7.4.399-i486-1_slack14.1.txz:  Upgraded.
  In Vim 7.3+ but prior to 7.4.399, blowfish encryption is weak.
  Upgrade to Vim 7.4.399 to address this issue.
  For more information, see:
    https://dgl.cx/2014/10/vim-blowfish
  (* Security fix *)
patches/packages/vim-gvim-7.4.399-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests