Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Oct 2017, 08:45


23.10.2017.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.56.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  IMAP FETCH response out of bounds read may cause a crash or information leak.
  For more information, see:
    https://curl.haxx.se/docs/adv_20171023.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Oct 2017, 08:45


25.10.2017.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes some remote denial of service issues.
  For more information, see:
    https://irssi.org/security/irssi_sa_2017_10.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15721
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15723
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15722
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Oct 2017, 01:32


27.10.2017.

Sveži wget paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/wget-1.19.2-i586-1_slack14.2.txz:  Upgraded.
  This update fixes stack and heap overflows in in HTTP protocol handling.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
  (* Security fix *)
Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/php-5.6.32-i586-1_slack14.2.txz:  Upgraded.
  Several security bugs were fixed in this release:
  Out of bounds read in timelib_meridian().
  The arcfour encryption stream filter crashes PHP.
  Applied upstream patch for PCRE (CVE-2016-1283).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Nov 2017, 20:19


02.11.2017.

Sveži mariadb paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://jira.mariadb.org/browse/MDEV-13819
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
  (* Security fix *)
Sveži openssl paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  There is a carry propagating bug in the x64 Montgomery squaring procedure.
  No EC algorithms are affected. Analysis suggests that attacks against RSA
  and DSA as a result of this defect would be very difficult to perform and
  are not believed likely. Attacks against DH are considered just feasible
  (although very difficult) because most of the work necessary to deduce
  information about a private key may be performed offline. The amount of
  resources required for such an attack would be very significant and likely
  only accessible to a limited number of attackers. An attacker would
  additionally need online access to an unpatched system using the target
  private key in a scenario with persistent DH parameters and a private
  key that is shared between multiple clients.
  This only affects processors that support the BMI1, BMI2 and ADX extensions
  like Intel Broadwell (5th generation) and later or AMD Ryzen.
  For more information, see:
    https://www.openssl.org/news/secadv/20171102.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Nov 2017, 17:32


16.11.2017.

Sveži mozilla-firefox i libplist paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.5.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/libplist-2.0.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6440
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6438
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5836
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Nov 2017, 16:21


20.11.2017.

Sveži libtiff paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libtiff-4.0.9-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 28 Nov 2017, 16:15


27.11.2017.

Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/samba-4.4.16-i586-2_slack14.2.txz:  Rebuilt.
  This is a security update in order to patch the following defects:
  CVE-2017-14746 (Use-after-free vulnerability.)
    All versions of Samba from 4.0.0 onwards are vulnerable to a use after
    free vulnerability, where a malicious SMB1 request can be used to
    control the contents of heap memory via a deallocated heap pointer. It
    is possible this may be used to compromise the SMB server.
  CVE-2017-15275 (Server heap memory information leak.)
    All versions of Samba from 3.6.0 onwards are vulnerable to a heap
    memory information leak, where server allocated heap memory may be
    returned to the client without being cleared.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2017-14746.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
    https://www.samba.org/samba/security/CVE-2017-15275.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2017, 00:24


29.11.2017.

Sveži libXcursor i libXfont paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libXcursor-1.1.15-i586-1_slack14.2.txz:  Upgraded.
  Fix heap overflows when parsing malicious files. (CVE-2017-16612)
  It is possible to trigger heap overflows due to an integer overflow
  while parsing images and a signedness issue while parsing comments.
  The integer overflow occurs because the chosen limit 0x10000 for
  dimensions is too large for 32 bit systems, because each pixel takes
  4 bytes. Properly chosen values allow an overflow which in turn will
  lead to less allocated memory than needed for subsequent reads.
  The signedness bug is triggered by reading the length of a comment
  as unsigned int, but casting it to int when calling the function
  XcursorCommentCreate. Turning length into a negative value allows the
  check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
  addition of sizeof (XcursorComment) + 1 makes it possible to allocate
  less memory than needed for subsequent reads.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
  (* Security fix *)

Code: Select all

patches/packages/libXfont-1.5.1-i486-2_slack14.2.txz:  Rebuilt.
  Open files with O_NOFOLLOW. (CVE-2017-16611)
  A non-privileged X client can instruct X server running under root
  to open any file by creating own directory with "fonts.dir",
  "fonts.alias" or any font file being a symbolic link to any other
  file in the system. X server will then open it. This can be issue
  with special files such as /dev/watchdog (which could then reboot
  the system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2502
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Dec 2017, 00:25


29.11.2017.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.57.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  SSL out of buffer access
  FTP wildcard out of bounds read
  NTLM buffer overflow via integer overflow
  For more information, see:
    https://curl.haxx.se/docs/adv_2017-af0a.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818
    https://curl.haxx.se/docs/adv_2017-ae72.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
    https://curl.haxx.se/docs/adv_2017-12e7.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests