Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jul 2015, 09:08
09.07.2015.
Openssl sveži paketi za Slackware 14.1 i -current:
Code: Select all
patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issue:
Alternative chains certificate forgery (CVE-2015-1793).
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a
valid leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
For more information, see:
https://openssl.org/news/secadv_20150709.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
(* Security fix *)
patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jul 2015, 09:10
11.07.2015.
Mozilla-thunderbird sveži paketi za Slackware 14.1 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-38.1.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jul 2015, 09:11
17.07.2015.
Php i httpd sveži paketi za Slackware 14.0, 14.1 i -current:
Code: Select all
patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.
This update fixes some bugs and security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
(* Security fix *)
Code: Select all
patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
* CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local
URL-path with the INCLUDES filter active, introduced in 2.4.11.
* CVE-2015-0228: mod_lua: A maliciously crafted websockets PING after a
script calls r:wsupgrade() can cause a child process crash.
* CVE-2015-3183: core: Fix chunk header parsing defect. Remove
apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN
filter, parse chunks in a single pass with zero copy. Limit accepted
chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.
* CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache
httpd 2.4) with new ap_some_authn_required and ap_force_authn hook.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Jul 2015, 20:00
28.07.2015.
Sveži bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:
Code: Select all
Tue Jul 28 19:36:39 UTC 2015
n/bind-9.10.2_P3-i586-1.txz: Upgraded.
This update fixes a security issue where an error in the handling of TKEY
queries can be exploited by an attacker for use as a denial-of-service
vector, as a constructed packet can use the defect to trigger a REQUIRE
assertion failure, causing BIND to exit.
Impact:
Both recursive and authoritative servers are vulnerable to this defect.
Additionally, exposure is not prevented by either ACLs or configuration
options limiting or denying service because the exploitable code occurs
early in the packet handling, before checks enforcing those boundaries.
Operators should take steps to upgrade to a patched version as soon as
possible.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 09 Aug 2015, 12:35
07.08.2015.
Svezi Firefox i mozilla-nss paketi:
Code: Select all
patches/packages/mozilla-nss-3.19.2-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/nss.html
(* Security fix *)
patches/packages/mozilla-firefox-38.1.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Aug 2015, 21:34
14.08.2015.
Mozilla Firefox i Thunderbird svezi paketi za Slackware 14.1 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-38.2.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
Code: Select all
patches/packages/mozilla-firefox-38.2.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 22 Aug 2015, 09:18
21.08.2015.
Gnutls osveženi paket za Slackware 14.0, 14.1 i -current,
Code: Select all
patches/packages/gnutls-3.3.17.1-i486-1_slack14.1.txz: Upgraded.
This update fixes some bugs and security issues.
For more information, see:
http://www.gnutls.org/security.html#GNUTLS-SA-2015-2
http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251
(* Security fix *)
IMPORTANT: On Slackware 14.0, install the new updated nettle package first.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 06 Sep 2015, 11:53
28.08.2015.
Firefox-esr sveži paketi za Slackware 14.1 i -current:
Code: Select all
patches/packages/mozilla-firefox-38.2.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 06 Sep 2015, 11:54
01.09.2015.
Gdk-pixbuf2 sveži paketi za Slacware 13.37, 14.0, 14.1 i -current:
Code: Select all
patches/packages/gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz: Rebuilt.
Gustavo Grieco discovered a heap overflow in the processing of BMP images
which may result in the execution of arbitrary code if a malformed image
is opened.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3451
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 06 Sep 2015, 11:55
02.09.2015.
Novi bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:
Code: Select all
patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz: Upgraded.
This update fixes two denial-of-service vulnerabilities:
+ CVE-2015-5722 is a denial-of-service vector which can be
exploited remotely against a BIND server that is performing
validation on DNSSEC-signed records. Validating recursive
resolvers are at the greatest risk from this defect, but it has not
been ruled out that it could be exploited against an
authoritative-only nameserver under limited conditions. Servers
that are not performing validation are not vulnerable. However,
ISC does not recommend disabling validation as a workaround to
this issue as it exposes the server to other types of attacks.
Upgrading to the patched versions is the recommended solution.
All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
+ CVE-2015-5986 is a denial-of-service vector which can be used
against a BIND server that is performing recursion. Validation
is not required. Recursive resolvers are at the greatest risk
from this defect, but it has not been ruled out that it could
be exploited against an authoritative-only nameserver under
limited conditions.
Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to
CVE-2015-5986.
For more information, see:
https://kb.isc.org/article/AA-01287/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
https://kb.isc.org/article/AA-01291/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: Bing [Bot] and 45 guests