Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:14


13.04.2017.

Sveži bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/bind-9.10.4_P8-i586-1_slack14.2.txz:  Upgraded.
  Fixed denial of service security issues.
  For more information, see:
    https://kb.isc.org/article/AA-01465
    https://kb.isc.org/article/AA-01466
    https://kb.isc.org/article/AA-01471
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:15


18.04.2017.

Sveži minicom paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/minicom-2.7.1-i586-1_slack14.2.txz:  Upgraded.
  Fix an out of bounds data access that can lead to remote code execution.
  This issue was found by Solar Designer of Openwall during a security audit
  of the Virtuozzo 7 product, which contains derived downstream code in its
  prl-vzvncserver component.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:18


22.04.2017.

Sveži firefox paketi za Slackware 14.1

Code: Select all

patches/packages/mozilla-firefox-45.9.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  Also, switching back to the 45.x ESR branch due to instabilty of the
  52.x ESR branch on Slackware 14.1.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Sveži ntp paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes security
  issues of medium and low severity:
  Denial of Service via Malformed Config (Medium)
  Authenticated DoS via Malicious Config Option (Medium)
  Potential Overflows in ctl_put() functions (Medium)
  Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
  0rigin DoS (Medium)
  Buffer Overflow in DPTS Clock (Low)
  Improper use of snprintf() in mx4200_send() (Low)
  The following issues do not apply to Linux systems:
  Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
  Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
  Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459
  (* Security fix *)
Sveži proftpd paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz:  Upgraded.
  This release fixes a security issue:
  AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:19


24.04.2017.

Sveži firefox paketi za Slackware 14.2 i -current

Code: Select all

patches/packages/mozilla-firefox-52.1.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 May 2017, 10:20


01.05.2017.

Sveži rxvt paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current

Code: Select all

patches/packages/rxvt-2.7.10-i586-5_slack14.2.txz:  Rebuilt.
  Patched an integer overflow that can crash rxvt with an escape sequence,
  or possibly have unspecified other impact.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7483
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 May 2017, 10:05


16.05.2017.

Sveži freetype paketi za Slackware 13.0, 13.37, 14.0, 14.1, 14.2, i -current

Code: Select all

patches/packages/freetype-2.6.3-i586-2_slack14.2.txz:  Rebuilt.
  This update fixes an out-of-bounds write caused by a heap-based buffer
  overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
  (* Security fix *)
Sveži kdelibs paketi za Slackware 13.37, 14.0, 14.1, 14.2, i -current

Code: Select all

patches/packages/kdelibs-4.14.32-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue with KAuth that can lead to gaining
  root from an unprivileged account.
  For more information, see:
    http://www.openwall.com/lists/oss-security/2017/05/10/3
    https://www.kde.org/info/security/advisory-20170510-1.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8422
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jun 2017, 19:13


24.05.2017.

Sveži samba paketi za Slackware 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/samba-4.4.14-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a remote code execution vulnerability, allowing a
  malicious client to upload a shared library to a writable share, and
  then cause the server to load and execute it.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2017-7494.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jun 2017, 19:14


30.05.2017.

Sveži sudo paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/sudo-1.8.20p1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a potential overwrite of arbitrary system files.
  This bug was discovered and analyzed by Qualys, Inc.
  For more information, see:
    https://www.sudo.ws/alerts/linux_tty.html
    http://www.openwall.com/lists/oss-security/2017/05/30/16
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jun 2017, 19:15


07.06.2017.

Sveži irssi paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.3-i586-1_slack14.2.txz:  Upgraded.
  Fixed security issues that may result in a denial of service.
  For more information, see:
    https://irssi.org/security/irssi_sa_2017_06.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Jun 2017, 19:17


14.06.2017.

Sveži bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.10.5_P1-i586-1_slack14.2.txz:  Upgraded.
  Fixed denial of service security issue:
  Some RPZ configurations could go into an infinite query loop when
  encountering responses with TTL=0.
  For more information, see:
    https://kb.isc.org/article/AA-01495
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3140
  (* Security fix *)
Sveži mozilla-firefox paketi za Slackware 14.2:

Code: Select all

patches/packages/mozilla-firefox-52.2.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 28 guests