Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2015, 18:15


22.12.2014.

Ntp paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/ntp-4.2.8-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several high-severity vulnerabilities discovered by Neel Mehta
  and Stephen Roettger of the Google Security Team.
  For more information, see:
    https://www.kb.cert.org/vuls/id/852879
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
  (* Security fix *)
Php svezi paketi za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/php-5.4.36-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68545 (NULL pointer dereference in unserialize.c).
  #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
  (* Security fix *)
Novi xorg-server paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/xorg-server-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes many security issues discovered by Ilja van Sprundel,
  a security researcher with IOActive.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2015, 18:18


09.01.2015.

Svezi openssl paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl.org/news/secadv_20150108.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2015, 18:25


16.01.2015.

Freetype paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/freetype-2.5.5-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug that could cause freetype to crash
  or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240
  (* Security fix *)
Mozilla Firefox i Thunderbird nadogradnja za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-firefox-31.4.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-31.4.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Seamonkey nadogradnja za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/seamonkey-2.32-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2015, 18:27


20.01.2015.

Samba nadogradnja za Slackware 14.1 i -current:

Code: Select all

patches/packages/samba-4.1.16-i486-1_slack14.1.txz:  Upgraded.
  This update is a security release in order to address CVE-2014-8143
  (Elevation of privilege to Active Directory Domain Controller).
  Samba's AD DC allows the administrator to delegate creation of user or
  computer accounts to specific users or groups.  However, all released
  versions of Samba's AD DC did not implement the additional required
  check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl
  attributes.  Most Samba deployments are not of the AD Domain Controller,
  but are of the classic domain controller, the file server or print server.
  Only the Active Directory Domain Controller is affected by this issue.
  Additionally, most sites running the AD Domain Controller do not configure
  delegation for the creation of user or computer accounts, and so are not
  vulnerable to this issue, as no writes are permitted to the
  userAccountControl attribute, no matter what the value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Feb 2015, 14:42


28.01.2015.

Glibc svez paket za Slackware 13.0, 13.1, 13.37, 14.0 i 14.1

Code: Select all

patches/packages/glibc-2.17-i486-10_slack14.1.txz:  Rebuilt.
  This update patches a security issue __nss_hostname_digits_dots() function
  of glibc which may be triggered through the gethostbyname*() set of
  functions.  This flaw could allow local or remote attackers to take control
  of a machine running a vulnerable version of glibc.  Thanks to Qualys for
  discovering this issue (also known as the GHOST vulnerability.)
  For more information, see:
    https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014j and tzdata2014j.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 4590
Joined: 04 Feb 2011, 20:32
Location: Beograd
Contact:

Post Napisano: 22 Apr 2015, 20:56


21.04.2015.

Stigao poveći paket zakrpa. Neke su očekivane od prethodnog meseca. Zastoj je nastao zbog velike liste nadogradnji u currentu i naporu Slackware tima da ažuriranje (currenta) učini bezbolnim.

Slackware 32-bitni

Code: Select all

Tue Apr 21 23:44:00 UTC 2015
patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz: Upgraded.
       Fix some denial-of-service and other security issues.
       For more information, see:
       https://kb.isc.org/article/AA-01166/
       https://kb.isc.org/article/AA-01161/
       https://kb.isc.org/article/AA-01167/
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
       (* Security fix *)
patches/packages/gnupg-1.4.19-i486-1_slack14.1.txz: Upgraded.
       * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
       See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
       * Fixed data-dependent timing variations in modular exponentiation
       [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
       are Practical].
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837
       (* Security fix *)
patches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded.
       This update fixes the following security issues:
       * CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer
       over-read, with response headers' size above 8K.
       * CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an
       empty value. PR 56924.
       * CVE-2014-8109 mod_lua: Fix handling of the Require line when a
       LuaAuthzProvider is used in multiple Require directives with
       different arguments. PR57204.
       * CVE-2013-5704 core: HTTP trailers could be used to replace HTTP
       headers late during request processing, potentially undoing or
       otherwise confusing modules that examined or modified request
       headers earlier. Adds "MergeTrailers" directive to restore legacy
       behavior.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
       (* Security fix *)
patches/packages/libssh-0.6.4-i486-1_slack14.1.txz: Upgraded.
       This update fixes some security issues.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
       (* Security fix *)
patches/packages/mozilla-firefox-31.6.0esr-i486-1_slack14.1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
       (* Security fix *)
patches/packages/mozilla-thunderbird-31.6.0-i486-1_slack14.1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
patches/packages/mutt-1.5.23-i486-2_slack14.1.txz: Rebuilt.
       Patched a vulnerability where malformed headers can cause mutt to crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
       (* Security fix *)
patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded.
       In addition to bug fixes and enhancements, this release fixes the
       following medium-severity vulnerabilities involving private key
       authentication:
       * ntpd accepts unauthenticated packets with symmetric key crypto.
       * Authentication doesn't protect symmetric associations against DoS attacks.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
       (* Security fix *)
patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
       Fixes several bugs and security issues:
       o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
       o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
       o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
       o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
       o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
       o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
       o Removed the export ciphers from the DEFAULT ciphers
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
       (* Security fix *)
patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz: Upgraded.
patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
       This update fixes some security issues.
       Please note that this package build also moves the configuration files
       from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
       (* Security fix *)
patches/packages/ppp-2.4.5-i486-3_slack14.1.txz: Rebuilt.
       Fixed a potential security issue in parsing option files.
       Fixed remotely triggerable PID overflow that causes pppd to crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310
       (* Security fix *)
patches/packages/proftpd-1.3.4e-i486-1_slack14.1.txz: Upgraded.
       Patched an issue where mod_copy allowed unauthenticated copying
       of files via SITE CPFR/CPTO.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
       (* Security fix *)
patches/packages/qt-4.8.6-i486-1_slack14.1.txz: Upgraded.
       Fixed issues with BMP, ICO, and GIF handling that could lead to a denial
       of service or the execution of arbitrary code when processing malformed
       images.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
       (* Security fix *)
patches/packages/seamonkey-2.33.1-i486-1_slack14.1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
patches/packages/seamonkey-solibs-2.33.1-i486-1_slack14.1.txz: Upgraded.
Slackware 64-bitni

Code: Select all

Tue Apr 21 23:44:00 UTC 2015
patches/packages/bind-9.9.6_P2-x86_64-1_slack14.1.txz: Upgraded.
       Fix some denial-of-service and other security issues.
       For more information, see:
       https://kb.isc.org/article/AA-01166/
       https://kb.isc.org/article/AA-01161/
       https://kb.isc.org/article/AA-01167/
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
       (* Security fix *)
patches/packages/gnupg-1.4.19-x86_64-1_slack14.1.txz: Upgraded.
       * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
       See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
       * Fixed data-dependent timing variations in modular exponentiation
       [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
       are Practical].
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837
       (* Security fix *)
patches/packages/httpd-2.4.12-x86_64-1_slack14.1.txz: Upgraded.
       This update fixes the following security issues:
       * CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer
       over-read, with response headers' size above 8K.
       * CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an
       empty value. PR 56924.
       * CVE-2014-8109 mod_lua: Fix handling of the Require line when a
       LuaAuthzProvider is used in multiple Require directives with
       different arguments. PR57204.
       * CVE-2013-5704 core: HTTP trailers could be used to replace HTTP
       headers late during request processing, potentially undoing or
       otherwise confusing modules that examined or modified request
       headers earlier. Adds "MergeTrailers" directive to restore legacy
       behavior.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
       (* Security fix *)
patches/packages/libssh-0.6.4-x86_64-1_slack14.1.txz: Upgraded.
       This update fixes some security issues.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
       (* Security fix *)
patches/packages/mozilla-firefox-31.6.0esr-x86_64-1_slack14.1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
       (* Security fix *)
patches/packages/mozilla-thunderbird-31.6.0-x86_64-1_slack14.1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
patches/packages/mutt-1.5.23-x86_64-2_slack14.1.txz: Rebuilt.
       Patched a vulnerability where malformed headers can cause mutt to crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
       (* Security fix *)
patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz: Upgraded.
       In addition to bug fixes and enhancements, this release fixes the
       following medium-severity vulnerabilities involving private key
       authentication:
       * ntpd accepts unauthenticated packets with symmetric key crypto.
       * Authentication doesn't protect symmetric associations against DoS attacks.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
       (* Security fix *)
patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz: Upgraded.
       Fixes several bugs and security issues:
       o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
       o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
       o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
       o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
       o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
       o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
       o Removed the export ciphers from the DEFAULT ciphers
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
       (* Security fix *)
patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz: Upgraded.
patches/packages/php-5.4.40-x86_64-1_slack14.1.txz: Upgraded.
       This update fixes some security issues.
       Please note that this package build also moves the configuration files
       from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
       (* Security fix *)
patches/packages/ppp-2.4.5-x86_64-3_slack14.1.txz: Rebuilt.
       Fixed a potential security issue in parsing option files.
       Fixed remotely triggerable PID overflow that causes pppd to crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310
       (* Security fix *)
patches/packages/proftpd-1.3.4e-x86_64-1_slack14.1.txz: Upgraded.
       Patched an issue where mod_copy allowed unauthenticated copying
       of files via SITE CPFR/CPTO.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
       (* Security fix *)
patches/packages/qt-4.8.6-x86_64-1_slack14.1.txz: Upgraded.
       Fixed issues with BMP, ICO, and GIF handling that could lead to a denial
       of service or the execution of arbitrary code when processing malformed
       images.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
       (* Security fix *)
patches/packages/seamonkey-2.33.1-x86_64-1_slack14.1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
patches/packages/seamonkey-solibs-2.33.1-x86_64-1_slack14.1.txz: Upgraded.



Administrator
Administrator
offline
User avatar

Posts: 4590
Joined: 04 Feb 2011, 20:32
Location: Beograd
Contact:

Post Napisano: 22 Apr 2015, 20:59


A da. Prethodni post je izvod iz ChangeLog-a. Konkretne izvode iz "Security Advisories" siguronosne liste možete naći ovde: http://www.slackware.com/security/list. ... ity&y=2015" onclick="window.open(this.href);return false;.



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2015, 19:39


12.05.2015

Mariadb i mozilla-firefox osveženi paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-31.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Mysql osveženi paket za Slackware 14.0:

Code: Select all

patches/packages/mysql-5.5.43-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
  (* Security fix *)
Wpa-supplicant osveženi paket za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/wpa_supplicant-2.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes potential denial of service issues.
  For more information, see:
    http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
    http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
    http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
    http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2015, 20:16


06.11.2015

Php osveženi paket za Slackware 14.0, 14.1 i -current

Code: Select all

patches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded.
  This update fixes some bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
  (* Security fix *)
Osveženi openssl paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current

Code: Select all

patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Malformed ECParameters causes infinite loop (CVE-2015-1788)
   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
   o Race condition handling NewSessionTicket (CVE-2015-1791)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jul 2015, 09:03


07.07.2015.

Bind, cups i ntp paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/cups-1.5.4-i486-4_slack14.1.txz:  Rebuilt.
  This release fixes a security issue:
  CWE-911: Improper Update of Reference Count - CVE-2015-1158
    This bug could allow an attacker to upload a replacement CUPS
    configuration file and mount further attacks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158
  (* Security fix *)

Code: Select all

patches/packages/ntp-4.2.8p3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where under specific circumstances an
  attacker can send a crafted packet to cause a vulnerable ntpd instance to
  crash.  Since this requires 1) ntpd set up to allow remote configuration
  (not allowed by default), and 2) knowledge of the configuration password,
  and 3) access to a computer entrusted to perform remote configuration,
  the vulnerability is considered low-risk.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146
  (* Security fix *)

Code: Select all

patches/packages/bind-9.9.7_P1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where an attacker who can cause
  a validating resolver to query a zone containing specifically constructed
  contents can cause that resolver to fail an assertion and terminate due
  to a defect in validation code.  This means that a recursive resolver that
  is performing DNSSEC validation can be deliberately stopped by an attacker
  who can cause the resolver to perform a query against a
  maliciously-constructed zone.  This will result in a denial of service to
  clients who rely on that resolver.
  For more information, see:
    https://kb.isc.org/article/AA-01267/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
  (* Security fix *)
Mozilla-firefox sveži paketi Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-firefox-31.8.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 36 guests