Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Feb 2016, 20:32


11.02.2016.

Osveženi firefox ESR paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-firefox-38.6.1esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Feb 2016, 15:39


14.02.2016.

Osveženi paket Mozilla Thunderbird za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-38.6.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Feb 2016, 21:48


23.02.2016.

Sveži ntp, libgcrypt i bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several low and medium severity vulnerabilities.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
  (* Security fix *)

Code: Select all

patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz:  Upgraded.
  Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
  Use ciphertext blinding for Elgamal decryption.
  For more information, see:
    http://www.cs.tau.ac.IL/~tromer/ecdh/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
  (* Security fix *)

Code: Select all

patches/packages/bind-9.9.8_P3-i486-1_slack14.1.txz:  Upgraded.
  This release fixes two possible denial-of-service issues:
    render_ecs errors were mishandled when printing out a OPT record resulting
    in a assertion failure.  (CVE-2015-8705) [RT #41397]
    Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
  (* Security fix *)

Sveži glibc paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/glibc-2.17-i486-11_slack14.1.txz:  Rebuilt.
  This update provides a patch to fix the stack-based buffer overflow in
  libresolv that could allow specially crafted DNS responses to seize
  control of execution flow in the DNS client (CVE-2015-7547).  However,
  due to a patch applied to Slackware's glibc back in 2009 (don't use the
  gethostbyname4() lookup method as it was causing some cheap routers to
  misbehave), we were not vulnerable to that issue.  Nevertheless it seems
  prudent to patch the overflows anyway even if we're not currently using
  the code in question.  Thanks to mancha for the backported patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Feb 2016, 13:03


26.02.2016

Osvežen libssh paket za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/libssh-0.7.3-i486-1_slack14.1.txz:  Upgraded.
  Fixed weak key generation.  Due to a bug in the ephemeral secret key
  generation for the diffie-hellman-group1 and diffie-hellman-group14
  methods, ephemeral secret keys of size 128 bits are generated, instead
  of the recommended sizes of 1024 and 2048 bits, giving a practical
  security of 63 bits.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Mar 2016, 19:41


03.03.2016.

Openssl i mailx osveženi paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/mailx-12.5-i486-2_slack14.1.txz:  Rebuilt.
  Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
  that could allow a local attacker to cause mailx to execute arbitrary
  shell commands through the use of a specially-crafted email address.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
  (* Security fix *)

Code: Select all

patches/packages/openssl-1.0.1s-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
  Double-free in DSA code (CVE-2016-0705)
  Memory leak in SRP database lookups (CVE-2016-0798)
  BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  Side channel attack on modular exponentiation (CVE-2016-0702)
  To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or
  weak ciphers have been removed.
  For more information, see:
    https://www.openssl.org/news/secadv/20160301.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.1.txz:  Upgraded.
PHP osveženi paket za Slackware 14.0, 14.1 i -current:

Code: Select all

patches/packages/php-5.6.18-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.18
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Mar 2016, 01:03


08.03.2016.

Samba i Firefox sveži paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/samba-4.1.23-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs, and two security issues:
  Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
  Out-of-bounds read in internal DNS server (CVE-2016-0771).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-38.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:12


10.03.2016.

Svež openssh paket za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/openssh-7.2p2-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug:
    sshd(8): sanitise X11 authentication credentials to avoid xauth
    command injection when X11Forwarding is enabled.
  For more information, see:
    http://www.openssh.com/txt/x11fwd.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:25


15.03.2016.

Sveži git paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/git-2.7.3-i486-1_slack14.1.txz:  Upgraded.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.1.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
Svež seamonkey paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/seamonkey-2.40-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.seamonkey-project.org/releases/seamonkey2.40
  (* Security fix *)
patches/packages/seamonkey-solibs-2.40-i486-1_slack14.1.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:26


17.03.2016.

Firefox paketi za Slackware 14.1 and -current:

Code: Select all

patches/packages/mozilla-firefox-38.7.1esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Apr 2016, 20:35


18.03.2016.

Osveženi git paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/git-2.7.4-i486-1_slack14.1.txz:  Upgraded.
  NOTE:  Issuing this patch again since the bug reporter listed the
  wrong git version (2.7.1) as fixed.  The vulnerability was actually
  patched in git-2.7.4.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.4.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
Sveži mozilla thunderbird paketi za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-38.7.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 52 guests