14.10.2013.
Gnupg nadogradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i
current
Code: Select all
patches/packages/gnupg-1.4.15-i486-1_slack14.0.txz: Upgraded.
Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
Protect against rogue keyservers sending secret keys.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
(* Security fix *)
Gnutls nagodradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i
current:
Code: Select all
patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz: Rebuilt.
[Updated to the correct version to fix fetching the "latest" from gnu.org]
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
Other minor security issues are patched as well.
Thanks to mancha for backporting these patches.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
(* Security fix *)
Xorg-server nadogradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i
current:
Code: Select all
patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz: Rebuilt.
Patched a use-after-free bug that can cause an X server crash or
memory corruption.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
(* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz: Rebuilt.
Gnupg2 nadogradnja za Slackware 13.37, 14 i
current:
Code: Select all
patches/packages/gnupg2-2.0.22-i486-1_slack14.0.txz: Upgraded.
Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
Protect against rogue keyservers sending secret keys.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
(* Security fix *)
Libgpg-error nadogradnja za Slackware 13.37, 14 i
current
Code: Select all
patches/packages/libgpg-error-1.11-i486-1_slack14.0.txz: Upgraded.
This package upgrade was needed by the new version of gnupg2.