Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:40


25.03.2016.

Sveži libevent i mozilla thunderbird paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/libevent-2.0.22-i486-1_slack14.1.txz:  Upgraded.
  Multiple integer overflows in the evbuffer API allow context-dependent
  attackers to cause a denial of service or possibly have other unspecified
  impact via "insanely large inputs" to the (1) evbuffer_add,
  (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a
  heap-based buffer overflow or an infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-38.7.1-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:47


01.04.2016.

Sveži mercurial i paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/mercurial-3.7.3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes security issues and bugs, including remote code execution
  in binary delta decoding, arbitrary code execution with Git subrepos, and
  arbitrary code execution when converting Git repos.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
  (* Security fix *)
Sveži php paketi za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/php-5.6.20-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.20
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:48


04.04.2016.

Sveži mozilla thunderbird paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-38.7.2-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:50


05.04.2016.

Sveži subverzion paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/subversion-1.7.22-i486-1_slack14.1.txz:  Upgraded.
  Subversion servers and clients are vulnerable to a remotely triggerable
  heap-based buffer overflow and out-of-bounds read that may allow remote
  attackers to cause a denial of service or possibly execute arbitrary code
  under the context of the targeted process.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Apr 2016, 06:26


15.04.2016.

Nadogradnja samba-e za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/samba-4.2.11-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the security issues known as "badlock" (or "sadlock"),
  which may allow man-in-the-middle or denial-of-service attacks:
    CVE-2015-5370 (Multiple errors in DCE-RPC code)
    CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
    CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
    CVE-2016-2112 (LDAP client and server don't enforce integrity)
    CVE-2016-2113 (Missing TLS certificate validation)
    CVE-2016-2114 ("server signing = mandatory" not enforced)
    CVE-2016-2115 (SMB IPC traffic is not integrity protected)
    CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
  (* Security fix *)
Nadogradnja mozilla thunderbird za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-45.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 May 2016, 07:59


30.04.2016

Svež subverzion paket za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/subversion-1.7.22-i486-2_slack14.1.txz:  Rebuilt.
  This update patches two security issues:
  CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
  CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
    during COPY/MOVE authorization check.
  For more information, see:
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 May 2016, 08:02


02.05.2016.

Svež mercurial paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/mercurial-3.8.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes possible arbitrary code execution when converting Git
  repos.  Mercurial prior to 3.8 allowed arbitrary code execution when using
  the convert extension on Git repos with hostile names.  This could affect
  automated code conversion services that allow arbitrary repository names.
  This is a further side-effect of Git CVE-2015-7545.
  Reported and fixed by Blake Burkhart.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2016, 06:41


03.05.2016.

Sveži openssl paketi za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  Memory corruption in the ASN.1 encoder (CVE-2016-2108)
  Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
  EVP_EncodeUpdate overflow (CVE-2016-2105)
  EVP_EncryptUpdate overflow (CVE-2016-2106)
  ASN.1 BIO excessive memory allocation (CVE-2016-2109)
  EBCDIC overread (CVE-2016-2176)
  For more information, see:
    https://www.openssl.org/news/secadv/20160503.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 May 2016, 11:16


10.05.2016.

Osveženi imagemagic paketi za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz:  Rebuilt.
  This update addresses several security issues in ImageMagick, including:
  Insufficient shell characters filtering allows code execution (CVE-2016-3714)
  Server Side Request Forgery (CVE-2016-3718)
  File deletion (CVE-2016-3715)
  File moving (CVE-2016-3716)
  Local file read (CVE-2016-3717)
  To mitigate these issues, the default policy.xml config file has been
  modified to disable all of the vulnerable coders.
  For more information, see:
    https://imagetragick.com
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 May 2016, 19:15


11.05.2016.

Osveženi mozilla thunderbird paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-45.1.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 42 guests