Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:22


21.06.2017.

Sveži openvpn paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/openvpn-2.3.17-i586-1_slack14.2.txz:  Upgraded.
  This update fixes several denial of service issues discovered
  by Guido Vranken.
  For more information, see:
    https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:24


26.06.2017.

Sveži kernel paketi za Slackware 14.2 i current:

Code: Select all

patches/packages/linux-4.4.74/*:  Upgraded.
  This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys.
  The first issue may allow attackers to execute arbitrary code with elevated
  privileges. Failed attack attempts will likely result in denial-of-service
  conditions. The second issue can be exploited to bypass certain security
  restrictions and perform unauthorized actions.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:30


29.06.2017.

Sveži kernel paketi za Slackware 14.1:

Code: Select all

patches/packages/linux-3.10.107/*:  Upgraded.
  This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys.
  The first issue may allow attackers to execute arbitrary code with elevated
  privileges. Failed attack attempts will likely result in denial-of-service
  conditions. The second issue can be exploited to bypass certain security
  restrictions and perform unauthorized actions.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
  (* Security fix *)
  In addition, a patch is included and preapplied to guard against other == sk
  in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls.
  Thanks to Ben Stern for the bug report.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:37


29.06.2017.

Sveži bind i httpd paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.10.5_P2-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a high severity security issue:
  An error in TSIG handling could permit unauthorized zone transfers
  or zone updates.
  For more information, see:
    https://kb.isc.org/article/AA-01503/0
    https://kb.isc.org/article/AA-01504/0
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143
  (* Security fix *)

Code: Select all

patches/packages/httpd-2.4.26-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues which may lead to an authentication bypass
  or a denial of service:
  important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167
  important: mod_ssl Null Pointer Dereference CVE-2017-3169
  important: mod_http2 Null Pointer Dereference CVE-2017-7659
  important: ap_find_token() Buffer Overread CVE-2017-7668
  important: mod_mime Buffer Overread CVE-2017-7679
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
  (* Security fix *)
Sveži libgcrypt paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libgcrypt-1.7.8-i586-1_slack14.2.txz:  Upgraded.
  Mitigate a local flush+reload side-channel attack on RSA secret keys
  dubbed "Sliding right into disaster".
  For more information, see:
    https://eprint.iacr.org/2017/627
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:37


30.06.2017.

Sveži glibc i kernel paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/glibc-2.23-i586-2_slack14.2.txz:  Rebuilt.
  Applied upstream security hardening patches from git.
  For more information, see:
    https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d
    https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd
    https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9
    https://sourceware.org/git/?p=glibc.git;a=commit;h=3776f38fcd267c127ba5eb222e2c614c191744aa
    https://sourceware.org/git/?p=glibc.git;a=commit;h=adc7e06fb412a2a1ee52f8cb788caf436335b9f3
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
  (* Security fix *)
patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz:  Rebuilt.
patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz:  Rebuilt.
  (* Security fix *)
patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz:  Rebuilt.
  (* Security fix *)

Code: Select all

patches/packages/linux-4.4.75/*:  Upgraded.
  This kernel fixes security issues that include possible stack exhaustion,
  memory corruption, and arbitrary code execution.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7482
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:39


03.07.2017.

Sveži kernel paketi za Slackware 14.0:

Code: Select all

patches/packages/linux-3.2.90/*:  Upgraded.
  This kernel fixes security issues (including "Stack Clash"). The issues
  may result in denial-of-service conditions or may allow attackers to
  execute arbitrary code with elevated privileges.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  For more information, see:
    https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7482
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:41


07.07.2017.

Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/php-5.6.31-i586-1_slack14.2.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    https://php.net/ChangeLog-5.php#5.6.31
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:42


09.07.2017.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.4-i586-1_slack14.2.txz:  Upgraded.
  This release fixes two remote crash issues as well as a few bugs.
  For more information, see:
    https://irssi.org/security/irssi_sa_2017_07.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:43


10.07.2017.

Sveži libtirpc i rpcbind paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libtirpc-1.0.1-i586-3_slack14.2.txz:  Rebuilt.
  Patched a bug which can cause a denial of service through memory exhaustion.
  Thanks to Robby Workman.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
  (* Security fix *)

Code: Select all

patches/packages/rpcbind-0.2.4-i586-1_slack14.2.txz:  Upgraded.
  Patched a bug which can cause a denial of service through memory exhaustion.
  Thanks to Robby Workman.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Aug 2017, 18:44


13.07.2017.

Sveži httpd paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.27-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two security issues:
  Read after free in mod_http2 (CVE-2017-9789)
  Uninitialized memory reflection in mod_auth_digest (CVE-2017-9788)
  Thanks to Robert Swiecki for reporting these issues.
  For more information, see:
    https://httpd.apache.org/security/vulnerabilities_24.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests