Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2013, 10:10


16.07.2013.

Novi php paketi su dostupni za Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0 i -current.

Code: Select all

patches/packages/php-5.4.17-i486-1_slack14.0.txz:  Upgraded.
  This update fixes an issue where XML in PHP does not properly consider
  parsing depth, which allows remote attackers to cause a denial of service
  (heap memory corruption) or possibly have unspecified other impact via a
  crafted document that is processed by the xml_parse_into_struct function.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Aug 2013, 00:32


03.08.2013.

Nadogradnja za gnupg i libgcrypt za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    http://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    http://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 Aug 2013, 20:34


06.08.2013.

Novi bind paketi za 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/bind-9.9.3_P2-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a security issue where a specially crafted query can cause
  BIND to terminate abnormally, resulting in a denial of service.
  For more information, see:
    https://kb.isc.org/article/AA-01015
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
  (* Security fix *)
Novi httpd paketi za 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/httpd-2.4.6-i486-1_slack14.0.txz:  Upgraded.
  This update addresses two security issues:
  * SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
    a URI handled by mod_dav_svn with the source href (sent as part of the
    request body as XML) pointing to a URI that is not configured for DAV
    will trigger a segfault.
  * SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
    dirty flag is respected when saving sessions, and ensure the session ID
    is changed each time the session changes.  This changes the format of the
    updatesession SQL statement.  Existing configurations must be changed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
  (* Security fix *)
Novi Samba paketi za 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/samba-3.6.17-i486-1_slack14.0.txz:  Upgraded.
  This update fixes missing integer wrap protection in an EA list reading
  that can allow authenticated or guest connections to cause the server to
  loop, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Aug 2013, 13:41


07.08.2013.

Nadogradnja Seamonkey za Slak 14 i -current, Firefox i Thunderbird za Slak 13.37, 14 i -current.

Code: Select all

patches/packages/seamonkey-2.20-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.20-i486-1_slack14.0.txz:  Upgraded.

Code: Select all

patches/packages/mozilla-firefox-17.0.8esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-17.0.8-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Aug 2013, 10:13


Bilo je nadogradnji i to pre 4 dana ali mi nije stiglo obaveštenje pa i ja kasnim sa novostima.

21.08.2013.

Hplip i xpdf nadogradnje za Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0 i -current

Poppler nadogradnja za Slackware 14 i -current

Code: Select all

patches/packages/hplip-3.12.9-i486-2_slack14.0.txz:  Rebuilt.
  This update fixes a stack-based buffer overflow in the hpmud_get_pml
  function that can allow remote attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SNMP response
  with a large length value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
  (* Security fix *)

Code: Select all

patches/packages/xpdf-3.03-i486-1_slack14.0.txz:  Upgraded.
  Sanitize error messages to remove escape sequences that could be used to
  exploit vulnerable terminal emulators.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
  Thanks to mancha.
  (* Security fix *)

Code: Select all

patches/packages/poppler-0.20.2-i486-2_slack14.0.txz:  Rebuilt.
  Sanitize error messages to remove escape sequences that could be used to
  exploit vulnerable terminal emulators.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Sep 2013, 01:31


30.08.2013.

Gnutls i php za Slackware 14 i -current.

Code: Select all

patches/packages/php-5.4.19-i486-1_slack14.0.txz:  Upgraded.
  Fixed handling null bytes in subjectAltName (CVE-2013-4248).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
  (* Security fix *)

Code: Select all

patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz:  Upgraded.
  This update prevents a side-channel attack which may allow remote attackers
  to conduct distinguishing attacks and plaintext recovery attacks using
  statistical analysis of timing data for crafted packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
  (* Security fix *)
A onda izvinjenje i novija verzija gnutls:
Sorry about having to reissue this one -- I pulled it from ftp.gnu.org not
realizing that the latest version there was actually months out of date.

Code: Select all

patches/packages/gnutls-3.0.31-i486-1_slack14.0.txz:  Upgraded.
  [Updated to the correct version to fix fetching the "latest" from gnu.org]
  This update prevents a side-channel attack which may allow remote attackers
  to conduct distinguishing attacks and plaintext recovery attacks using
  statistical analysis of timing data for crafted packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Sep 2013, 10:50


09.09.2013.

Subversion za Slackware 14 i -current.

Code: Select all

patches/packages/subversion-1.7.13-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a local privilege escalation vulnerability via
  symlink attack.
  For more information, see:
    http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Sep 2013, 11:50


17.09.2013.

Mozzila Firefox, Thunderbird za Slackware 13.37, 14.0 i -current.
Nova glibc nagodradnja paketa za Slackware 13.0, 13.1, 13.37, 14.0 i -current.

Code: Select all

patches/packages/mozilla-thunderbird-17.0.9esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-17.0.9esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/glibc-2.15-i486-8_slack14.0.txz:  Rebuilt.
  Patched to fix integer overflows in pvalloc, valloc, and
  posix_memalign/memalign/aligned_alloc.
  Thanks to mancha for the backported patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013-4332
  (* Security fix *)
  Also, as long as these packages were being respun anyway, I added a patch
  to fix the check for AVX opcodes.  This was causing crashes on Xen.
  Thanks to Dale Gallagher.
patches/packages/glibc-i18n-2.15-i486-8_slack14.0.txz:  Rebuilt.
patches/packages/glibc-profile-2.15-i486-8_slack14.0.txz:  Rebuilt.
patches/packages/glibc-solibs-2.15-i486-8_slack14.0.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2013d_2013d-noarch-8_slack14.0.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Sep 2013, 12:56


28.09.2013.

Seamonkey nadogradnja - 2.21

Code: Select all

patches/packages/seamonkey-2.21-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.21-i486-1_slack14.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Oct 2013, 12:35


14.10.2013.

Gnupg nadogradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current

Code: Select all

patches/packages/gnupg-1.4.15-i486-1_slack14.0.txz:  Upgraded.
  Fixed possible infinite recursion in the compressed packet
  parser. [CVE-2013-4402]
  Protect against rogue keyservers sending secret keys.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
  (* Security fix *)
Gnutls nagodradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current:

Code: Select all

patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz:  Rebuilt.
  [Updated to the correct version to fix fetching the "latest" from gnu.org]
  This update prevents a side-channel attack which may allow remote attackers
  to conduct distinguishing attacks and plaintext recovery attacks using
  statistical analysis of timing data for crafted packets.
  Other minor security issues are patched as well.
  Thanks to mancha for backporting these patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
  (* Security fix *)
Xorg-server nadogradnja za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14 i current:

Code: Select all

patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
  Patched a use-after-free bug that can cause an X server crash or
  memory corruption.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
Gnupg2 nadogradnja za Slackware 13.37, 14 i current:

Code: Select all

patches/packages/gnupg2-2.0.22-i486-1_slack14.0.txz:  Upgraded.
  Fixed possible infinite recursion in the compressed packet
  parser. [CVE-2013-4402]
  Protect against rogue keyservers sending secret keys.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
  (* Security fix *)
Libgpg-error nadogradnja za Slackware 13.37, 14 i current

Code: Select all

patches/packages/libgpg-error-1.11-i486-1_slack14.0.txz:  Upgraded.
  This package upgrade was needed by the new version of gnupg2.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 44 guests