Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 23 Jul 2016, 19:21


21.07.2016.

Svezi php i gimp paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/gimp-2.8.18-i586-1_slack14.2.txz:  Upgraded.
  This release fixes a security issue:
  Use-after-free vulnerability in the xcf_load_image function in
  app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of
  service (program crash) or possibly execute arbitrary code via a crafted
  XCF file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
  (* Security fix *)

Code: Select all

patches/packages/php-5.6.24-i586-1_slack14.2.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.24
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 23 Jul 2016, 19:22


22.07.2016.

Novi bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, i -current:

Code: Select all

patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz:  Upgraded.
  Fixed a security issue:
  getrrsetbyname with a non absolute name could trigger an infinite
    recursion bug in lwresd and named with lwres configured if when
    combined with a search list entry the resulting name is too long.
    (CVE-2016-2775) [RT #42694]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 07 Aug 2016, 15:59


06.08.2016.

Sveži paketi openssh, stunnel i curl za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/openssh-7.3p1-i586-1_slack14.2.txz:  Upgraded.
  This is primarily a bugfix release, and also addresses security issues.
  sshd(8): Mitigate a potential denial-of-service attack against the system's
  crypt(3) function via sshd(8).
  sshd(8): Mitigate timing differences in password authentication that could
  be used to discern valid from invalid account names when long passwords were
  sent and particular password hashing algorithms are in use on the server.
  ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle
  countermeasures.
  ssh(1), sshd(8): Improve operation ordering of MAC verification for
  Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC
  before decrypting any ciphertext.
  sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes.
  For more information, see:
    http://www.openssh.com/txt/release-7.3
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
  (* Security fix *)

Code: Select all

patches/packages/stunnel-5.35-i586-1_slack14.2.txz:  Upgraded.
  Fixes security issues:
  Fixed malfunctioning "verify = 4".
  Fixed incorrectly enforced client certificate requests.
  (* Security fix *)

Code: Select all

patches/packages/curl-7.50.1-i586-1_slack14.2.txz:  Upgraded.
  This release fixes security issues:
  TLS: switch off SSL session id when client cert is used
  TLS: only reuse connections with the same client cert
  curl_multi_cleanup: clear connection pointer for easy handles
  For more information, see:
    https://curl.haxx.se/docs/adv_20160803A.html
    https://curl.haxx.se/docs/adv_20160803B.html
    https://curl.haxx.se/docs/adv_20160803C.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
  (* Security fix *)
Sveži firefox paketi za Slackware 14.1 i 14.2:

Code: Select all

patches/packages/mozilla-firefox-45.3.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 28 Aug 2016, 10:07


23.08.2016.

Svezi gnupg i libgcrypt paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libgcrypt-1.7.3-i586-1_slack14.2.txz:  Upgraded.
  Fix critical security bug in the RNG [CVE-2016-6313].  An attacker who
  obtains 580 bytes from the standard RNG can trivially predict the next
  20 bytes of output.  (This is according to the NEWS file included in the
  source.  According to the annoucement linked below, an attacker who obtains
  4640 bits from the RNG can trivially predict the next 160 bits of output.)
  Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
  For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
  (* Security fix *)

Code: Select all

patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz:  Upgraded.
  Fix critical security bug in the RNG [CVE-2016-6313].  An attacker who
  obtains 580 bytes from the standard RNG can trivially predict the next
  20 bytes of output.  (This is according to the NEWS file included in the
  source.  According to the annoucement linked below, an attacker who obtains
  4640 bits from the RNG can trivially predict the next 160 bits of output.)
  Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
  For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
  (* Security fix *)
Svez linux kernel za Slackware 14.2 i -current:

Code: Select all

patches/packages/linux-4.4.19/*:  Upgraded.
  A flaw was found in the implementation of the Linux kernels handling of
  networking challenge ack where an attacker is able to determine the shared
  counter.  This may allow an attacker located on different subnet to inject
  or take over a TCP connection between a server and client without having to
  be a traditional Man In the Middle (MITM) style attack.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5389
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Urednik
Urednik
offline
User avatar

Posts: 2108
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija
Contact:

Post Napisano: 30 Aug 2016, 12:59


Tih što mi ovo ide na živce :-/ , taman sredim nVidia Optimus sa Bumblebee skriptom, prilično se namučim da proradi i Bumblebeed i Primus, i sad sve mora jovo nanovo zbog kernela, jer neće da učita 4.4.19.



Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 03 Sep 2016, 19:45


@Broker

imaš li realnu potrebu da radiš update kernela :) samo ga ćušni u blacklist i uživaj.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Urednik
Urednik
offline
User avatar

Posts: 2108
Joined: 08 Jun 2010, 13:28
Location: Centralna Srbija
Contact:

Post Napisano: 04 Sep 2016, 23:20


Nisam imao potrebe, nego nisam ni gledao šta ima od paketa za ažuriranje, a to mi se ne dešava često da samo pustim update, već sve prekostrolišem, sada sam to izostavio.



Moderator
Moderator
offline
User avatar

Posts: 890
Joined: 07 Jun 2012, 18:01
Location: Najlipši grad na svitu :)

Post Napisano: 02 Nov 2016, 06:45


Slackware 64-bit

Code: Select all

Mon Oct 31 23:38:24 UTC 2016
patches/packages/libX11-1.6.4-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory read in XGetImage() or write in XListFonts().
       Affected versions libX11 <= 1.6.3.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
       (* Security fix *)
patches/packages/libXfixes-5.0.3-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause an integer
       overflow on 32 bit architectures.
       Affected versions : libXfixes <= 5.0.2.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
       (* Security fix *)
patches/packages/libXi-1.7.8-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory access or endless loops (Denial of Service).
       Affected versions libXi <= 1.7.6.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
       (* Security fix *)
patches/packages/libXrandr-1.5.1-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory writes.
       Affected versions: libXrandr <= 1.5.0.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
       (* Security fix *)
patches/packages/libXrender-0.9.10-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory writes.
       Affected version: libXrender <= 0.9.9.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
       (* Security fix *)
patches/packages/libXtst-1.2.3-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory access or endless loops (Denial of Service).
       Affected version libXtst <= 1.2.2.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
       (* Security fix *)
patches/packages/libXv-1.0.11-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory and memory corruption.
       Affected version libXv <= 1.0.10.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
       (* Security fix *)
patches/packages/libXvMC-1.0.10-x86_64-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause a one byte buffer
       read underrun.
       Affected version: libXvMC <= 1.0.9.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
       (* Security fix *)
patches/packages/linux-4.4.29/*: Upgraded.
       This kernel fixes a security issue known as "Dirty COW". A race condition
       was found in the way the Linux kernel's memory subsystem handled the
       copy-on-write (COW) breakage of private read-only memory mappings. An
       unprivileged local user could use this flaw to gain write access to
       otherwise read-only memory mappings and thus increase their privileges on
       the system.
       Be sure to upgrade your initrd after upgrading the kernel packages.
       If you use lilo to boot your machine, be sure lilo.conf points to the correct
       kernel and initrd and run lilo as root to update the bootloader.
       If you use elilo to boot your machine, you should run eliloconfig to copy the
       kernel and initrd to the EFI System Partition.
       For more information, see:
       https://dirtycow.ninja/
       https://www.kb.cert.org/vuls/id/243144
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
       (* Security fix *)
patches/packages/mariadb-10.0.28-x86_64-1_slack14.2.txz: Upgraded.
       This update fixes several security issues.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
       (* Security fix *)
patches/packages/php-5.6.27-x86_64-1_slack14.2.txz: Upgraded.
       This release fixes bugs and security issues.
       For more information, see:
       https://php.net/ChangeLog-5.php#5.6.27
       (* Security fix *)
patches/packages/xscreensaver-5.36-x86_64-1_slack14.2.txz: Upgraded.
       Here's an upgrade to the latest xscreensaver.
Slackware 32-bit

Code: Select all

Mon Oct 31 23:38:24 UTC 2016
patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory read in XGetImage() or write in XListFonts().
       Affected versions libX11 <= 1.6.3.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
       (* Security fix *)
patches/packages/libXfixes-5.0.3-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause an integer
       overflow on 32 bit architectures.
       Affected versions : libXfixes <= 5.0.2.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
       (* Security fix *)
patches/packages/libXi-1.7.8-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory access or endless loops (Denial of Service).
       Affected versions libXi <= 1.7.6.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
       (* Security fix *)
patches/packages/libXrandr-1.5.1-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory writes.
       Affected versions: libXrandr <= 1.5.0.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
       (* Security fix *)
patches/packages/libXrender-0.9.10-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory writes.
       Affected version: libXrender <= 0.9.9.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
       (* Security fix *)
patches/packages/libXtst-1.2.3-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory access or endless loops (Denial of Service).
       Affected version libXtst <= 1.2.2.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
       (* Security fix *)
patches/packages/libXv-1.0.11-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause out of boundary
       memory and memory corruption.
       Affected version libXv <= 1.0.10.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
       (* Security fix *)
patches/packages/libXvMC-1.0.10-i586-1_slack14.2.txz: Upgraded.
       Insufficient validation of data from the X server can cause a one byte buffer
       read underrun.
       Affected version: libXvMC <= 1.0.9.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
       (* Security fix *)
patches/packages/linux-4.4.29/*: Upgraded.
       This kernel fixes a security issue known as "Dirty COW". A race condition
       was found in the way the Linux kernel's memory subsystem handled the
       copy-on-write (COW) breakage of private read-only memory mappings. An
       unprivileged local user could use this flaw to gain write access to
       otherwise read-only memory mappings and thus increase their privileges on
       the system.
       Be sure to upgrade your initrd after upgrading the kernel packages.
       If you use lilo to boot your machine, be sure lilo.conf points to the correct
       kernel and initrd and run lilo as root to update the bootloader.
       If you use elilo to boot your machine, you should run eliloconfig to copy the
       kernel and initrd to the EFI System Partition.
       For more information, see:
       https://dirtycow.ninja/
       https://www.kb.cert.org/vuls/id/243144
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
       (* Security fix *)
patches/packages/mariadb-10.0.28-i586-1_slack14.2.txz: Upgraded.
       This update fixes several security issues.
       For more information, see:
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
       (* Security fix *)
patches/packages/php-5.6.27-i586-1_slack14.2.txz: Upgraded.
       This release fixes bugs and security issues.
       For more information, see:
       https://php.net/ChangeLog-5.php#5.6.27
       (* Security fix *)
patches/packages/xscreensaver-5.36-i586-1_slack14.2.txz: Upgraded.
       Here's an upgrade to the latest xscreensaver.
Udruga SOK - službena stranica
Spreman sam umrijeti časno, ali ako nečasno, onda ništa



Moderator
Moderator
offline
User avatar

Posts: 890
Joined: 07 Jun 2012, 18:01
Location: Najlipši grad na svitu :)

Post Napisano: 06 Nov 2016, 19:56


Slackware 64-bit

Code: Select all

Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.10.4_P4-x86_64-1_slack14.2.txz: Upgraded.
       This update fixes a denial-of-service vulnerability. A defect in BIND's
       handling of responses containing a DNAME answer can cause a resolver to exit
       after encountering an assertion failure in db.c or resolver.c. A server
       encountering either of these error conditions will stop, resulting in denial
       of service to clients. The risk to authoritative servers is minimal;
       recursive servers are chiefly at risk.
       For more information, see:
       https://kb.isc.org/article/AA-01434
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
       (* Security fix *)
patches/packages/curl-7.51.0-x86_64-1_slack14.2.txz: Upgraded.
       This release fixes security issues:
       CVE-2016-8615: cookie injection for other servers
       CVE-2016-8616: case insensitive password comparison
       CVE-2016-8617: OOB write via unchecked multiplication
       CVE-2016-8618: double-free in curl_maprintf
       CVE-2016-8619: double-free in krb5 code
       CVE-2016-8620: glob parser write/read out of bounds
       CVE-2016-8621: curl_getdate read out of bounds
       CVE-2016-8622: URL unescape heap overflow via integer truncation
       CVE-2016-8623: Use-after-free via shared cookies
       CVE-2016-8624: invalid URL parsing with '#'
       CVE-2016-8625: IDNA 2003 makes curl use wrong host
       For more information, see:
       https://curl.haxx.se/docs/adv_20161102A.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
       https://curl.haxx.se/docs/adv_20161102B.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
       https://curl.haxx.se/docs/adv_20161102C.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
       https://curl.haxx.se/docs/adv_20161102D.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
       https://curl.haxx.se/docs/adv_20161102E.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
       https://curl.haxx.se/docs/adv_20161102F.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
       https://curl.haxx.se/docs/adv_20161102G.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
       https://curl.haxx.se/docs/adv_20161102H.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
       https://curl.haxx.se/docs/adv_20161102I.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
       https://curl.haxx.se/docs/adv_20161102J.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
       https://curl.haxx.se/docs/adv_20161102K.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
       (* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.2.txz: Upgraded.
       This package provides the latest timezone updates.
Slackware 32-bit

Code: Select all

Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.10.4_P4-i586-1_slack14.2.txz: Upgraded.
       This update fixes a denial-of-service vulnerability. A defect in BIND's
       handling of responses containing a DNAME answer can cause a resolver to exit
       after encountering an assertion failure in db.c or resolver.c. A server
       encountering either of these error conditions will stop, resulting in denial
       of service to clients. The risk to authoritative servers is minimal;
       recursive servers are chiefly at risk.
       For more information, see:
       https://kb.isc.org/article/AA-01434
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
       (* Security fix *)
patches/packages/curl-7.51.0-i586-1_slack14.2.txz: Upgraded.
       This release fixes security issues:
       CVE-2016-8615: cookie injection for other servers
       CVE-2016-8616: case insensitive password comparison
       CVE-2016-8617: OOB write via unchecked multiplication
       CVE-2016-8618: double-free in curl_maprintf
       CVE-2016-8619: double-free in krb5 code
       CVE-2016-8620: glob parser write/read out of bounds
       CVE-2016-8621: curl_getdate read out of bounds
       CVE-2016-8622: URL unescape heap overflow via integer truncation
       CVE-2016-8623: Use-after-free via shared cookies
       CVE-2016-8624: invalid URL parsing with '#'
       CVE-2016-8625: IDNA 2003 makes curl use wrong host
       For more information, see:
       https://curl.haxx.se/docs/adv_20161102A.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
       https://curl.haxx.se/docs/adv_20161102B.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
       https://curl.haxx.se/docs/adv_20161102C.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
       https://curl.haxx.se/docs/adv_20161102D.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
       https://curl.haxx.se/docs/adv_20161102E.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
       https://curl.haxx.se/docs/adv_20161102F.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
       https://curl.haxx.se/docs/adv_20161102G.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
       https://curl.haxx.se/docs/adv_20161102H.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
       https://curl.haxx.se/docs/adv_20161102I.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
       https://curl.haxx.se/docs/adv_20161102J.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
       https://curl.haxx.se/docs/adv_20161102K.html
       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
       (* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.2.txz: Upgraded.
       This package provides the latest timezone updates.
Udruga SOK - službena stranica
Spreman sam umrijeti časno, ali ako nečasno, onda ništa



Administrator
Administrator
offline
User avatar

Posts: 2393
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 24 Dec 2016, 10:40


18.11.2016.

Svezi mozilla-firefox paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-45.5.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest