Novosti u *current* -u

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Post Reply

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 Mar 2014, 18:22


06.03.2014.

Slackware 64bit:

Code: Select all

Thu Mar 6 04:14:23 UTC 2014
ap/sudo-1.8.9p5-x86_64-1.txz: Upgraded.
Slackware 32bit:

Code: Select all

ap/sudo-1.8.9p5-i486-1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 Mar 2014, 15:02


11.03.2014.

Slackware 64bit:

Code: Select all

Tue Mar 11 07:06:18 UTC 2014
a/udisks-1.0.5-x86_64-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
a/udisks2-2.1.3-x86_64-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
Slackware 32bit:

Code: Select all

a/udisks-1.0.5-i486-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
a/udisks2-2.1.3-i486-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 13 Mar 2014, 09:05


13.03.2014.

Slackware 64bit:

Code: Select all

Thu Mar 13 03:32:38 UTC 2014
n/mutt-1.5.23-x86_64-1.txz: Upgraded.
       This update fixes a buffer overflow where malformed RFC2047 header
       lines could result in denial of service or potentially the execution
       of arbitrary code as the user running mutt.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
       (* Security fix *)
Slackware 32bit:

Code: Select all

n/mutt-1.5.23-i486-1.txz: Upgraded.
       This update fixes a buffer overflow where malformed RFC2047 header
       lines could result in denial of service or potentially the execution
       of arbitrary code as the user running mutt.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Mar 2014, 09:32


14.03.2014.

Slackware 64bit:

Code: Select all

Fri Mar 14 00:44:48 UTC 2014
n/samba-4.1.6-x86_64-1.txz: Upgraded.
       This update fixes two security issues:
       CVE-2013-4496:
       Samba versions 3.4.0 and above allow the administrator to implement
       locking out Samba accounts after a number of bad password attempts.
       However, all released versions of Samba did not implement this check for
       password changes, such as are available over multiple SAMR and RAP
       interfaces, allowing password guessing attacks.
       CVE-2013-6442:
       Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
       smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
       command options it will remove the existing ACL on the object being
       modified, leaving the file or directory unprotected.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
       (* Security fix *)
Slackware 32bit:

Code: Select all

n/samba-4.1.6-i486-1.txz: Upgraded.
       This update fixes two security issues:
       CVE-2013-4496:
       Samba versions 3.4.0 and above allow the administrator to implement
       locking out Samba accounts after a number of bad password attempts.
       However, all released versions of Samba did not implement this check for
       password changes, such as are available over multiple SAMR and RAP
       interfaces, allowing password guessing attacks.
       CVE-2013-6442:
       Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
       smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
       command options it will remove the existing ACL on the object being
       modified, leaving the file or directory unprotected.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Mar 2014, 11:09


16.03.2014.

Slackware 64bit:

Code: Select all

Sun Mar 16 02:52:28 UTC 2014
n/php-5.4.26-x86_64-1.txz: Upgraded.
       This update fixes a flaw where a specially crafted data file may cause a
       segfault or 100% CPU consumption when a web page uses fileinfo() on it.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
       (* Security fix *)
Slackware 32bit:

Code: Select all

n/php-5.4.26-i486-1.txz: Upgraded.
       This update fixes a flaw where a specially crafted data file may cause a
       segfault or 100% CPU consumption when a web page uses fileinfo() on it.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Mar 2014, 10:48


28.03.2014.

Slackware 64bit:

Code: Select all

Fri Mar 28 03:43:11 UTC 2014
l/mozilla-nss-3.16-x86_64-1.txz: Upgraded.
       This update fixes a security issue:
       The cert_TestHostName function in lib/certdb/certdb.c in the
       certificate-checking implementation in Mozilla Network Security Services
       (NSS) before 3.16 accepts a wildcard character that is embedded in an
       internationalized domain name's U-label, which might allow man-in-the-middle
       attackers to spoof SSL servers via a crafted certificate.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
       (* Security fix *)
l/seamonkey-solibs-2.25-x86_64-1.txz: Upgraded.
n/curl-7.36.0-x86_64-1.txz: Upgraded.
       This update fixes four security issues.
       For more information, see:
       http://curl.haxx.se/docs/adv_20140326A.html
       http://curl.haxx.se/docs/adv_20140326B.html
       http://curl.haxx.se/docs/adv_20140326C.html
       http://curl.haxx.se/docs/adv_20140326D.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
       (* Security fix *)
n/httpd-2.4.9-x86_64-1.txz: Upgraded.
       This update addresses two security issues.
       Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
       when logging truncated cookies. Clean up the cookie logging parser to
       recognize only the cookie=value pairs, not valueless cookies.
       mod_dav: Keep track of length of cdata properly when removing leading
       spaces. Eliminates a potential denial of service from specifically crafted
       DAV WRITE requests.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
       (* Security fix *)
n/openssh-6.6p1-x86_64-1.txz: Upgraded.
       This update fixes a security issue when using environment passing with
       a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
       tricked into accepting any environment variable that contains the
       characters before the wildcard character.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
       (* Security fix *)
n/tin-2.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-28.0-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/mozilla-thunderbird-24.4.0-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.25-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
Slackware 32bit:

Code: Select all

l/mozilla-nss-3.16-i486-1.txz: Upgraded.
       This update fixes a security issue:
       The cert_TestHostName function in lib/certdb/certdb.c in the
       certificate-checking implementation in Mozilla Network Security Services
       (NSS) before 3.16 accepts a wildcard character that is embedded in an
       internationalized domain name's U-label, which might allow man-in-the-middle
       attackers to spoof SSL servers via a crafted certificate.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
       (* Security fix *)
l/seamonkey-solibs-2.25-i486-1.txz: Upgraded.
n/curl-7.36.0-i486-1.txz: Upgraded.
       This update fixes four security issues.
       For more information, see:
       http://curl.haxx.se/docs/adv_20140326A.html
       http://curl.haxx.se/docs/adv_20140326B.html
       http://curl.haxx.se/docs/adv_20140326C.html
       http://curl.haxx.se/docs/adv_20140326D.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
       (* Security fix *)
n/httpd-2.4.9-i486-1.txz: Upgraded.
       This update addresses two security issues.
       Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
       when logging truncated cookies. Clean up the cookie logging parser to
       recognize only the cookie=value pairs, not valueless cookies.
       mod_dav: Keep track of length of cdata properly when removing leading
       spaces. Eliminates a potential denial of service from specifically crafted
       DAV WRITE requests.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
       (* Security fix *)
n/openssh-6.6p1-i486-1.txz: Upgraded.
       This update fixes a security issue when using environment passing with
       a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
       tricked into accepting any environment variable that contains the
       characters before the wildcard character.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
       (* Security fix *)
n/tin-2.2.0-i486-1.txz: Upgraded.
xap/mozilla-firefox-28.0-i486-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/mozilla-thunderbird-24.4.0-i486-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.25-i486-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Apr 2014, 03:28


31.03.2014.

Slackware 64bit:

Code: Select all

Mon Mar 31 20:30:28 UTC 2014
l/apr-1.5.0-x86_64-1.txz: Upgraded.
l/apr-util-1.5.3-x86_64-1.txz: Upgraded.
n/httpd-2.4.9-x86_64-2.txz: Rebuilt.
       Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
Slackware 32bit:

Code: Select all

l/apr-1.5.0-i486-1.txz: Upgraded.
l/apr-util-1.5.3-i486-1.txz: Upgraded.
n/httpd-2.4.9-i486-2.txz: Rebuilt.
       Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Apr 2014, 18:33


08.04.2014.

Slackware 64bit:

Code: Select all

Tue Apr 8 14:19:51 UTC 2014
a/openssl-solibs-1.0.1g-x86_64-1.txz: Upgraded.
n/openssl-1.0.1g-x86_64-1.txz: Upgraded.
       This update fixes two security issues:
       A missing bounds check in the handling of the TLS heartbeat extension
       can be used to reveal up to 64k of memory to a connected client or server.
       Thanks for Neel Mehta of Google Security for discovering this bug and to
       Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
       preparing the fix.
       Fix for the attack described in the paper "Recovering OpenSSL
       ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
       by Yuval Yarom and Naomi Benger. Details can be obtained from:
       http://eprint.iacr.org/2014/140
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
       (* Security fix *)
Slackware 32bit:

Code: Select all

a/openssl-solibs-1.0.1g-i486-1.txz: Upgraded.
n/openssl-1.0.1g-i486-1.txz: Upgraded.
       This update fixes two security issues:
       A missing bounds check in the handling of the TLS heartbeat extension
       can be used to reveal up to 64k of memory to a connected client or server.
       Thanks for Neel Mehta of Google Security for discovering this bug and to
       Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
       preparing the fix.
       Fix for the attack described in the paper "Recovering OpenSSL
       ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
       by Yuval Yarom and Naomi Benger. Details can be obtained from:
       http://eprint.iacr.org/2014/140
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Apr 2014, 11:04


21.04.2014.

Slackware 64bit:

Code: Select all

Mon Apr 21 20:09:48 UTC 2014
l/libyaml-0.1.6-x86_64-1.txz: Upgraded.
       This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
       where a specially crafted string could cause a heap overflow leading to
       arbitrary code execution.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
       https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
       (* Security fix *)
n/php-5.4.27-x86_64-1.txz: Upgraded.
       This update fixes a security issue in the in the awk script detector
       which allows context-dependent attackers to cause a denial of service
       (CPU consumption) via a crafted ASCII file that triggers a large amount
       of backtracking.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
       (* Security fix *)
Slackware 32bit:

Code: Select all

l/libyaml-0.1.6-i486-1.txz: Upgraded.
       This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
       where a specially crafted string could cause a heap overflow leading to
       arbitrary code execution.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
       https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
       (* Security fix *)
n/php-5.4.27-i486-1.txz: Upgraded.
       This update fixes a security issue in the in the awk script detector
       which allows context-dependent attackers to cause a denial of service
       (CPU consumption) via a crafted ASCII file that triggers a large amount
       of backtracking.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
       (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Apr 2014, 00:56


22.04.2014.

Slackware 64bit:

Code: Select all

Tue Apr 22 17:31:48 UTC 2014
a/bash-4.3.011-x86_64-1.txz: Upgraded.
a/gawk-4.1.1-x86_64-1.txz: Upgraded.
a/grep-2.18-x86_64-1.txz: Upgraded.
ap/vim-7.4.258-x86_64-1.txz: Upgraded.
n/openssh-6.6p1-x86_64-2.txz: Rebuilt.
       Fixed a bug with curve25519-sha256 that caused a key exchange failure in
       about 1 in 512 connection attempts.
xap/vim-gvim-7.4.258-x86_64-1.txz: Upgraded.
Slackware 32bit:

Code: Select all

a/bash-4.3.011-i486-1.txz: Upgraded.
a/gawk-4.1.1-i486-1.txz: Upgraded.
a/grep-2.18-i486-1.txz: Upgraded.
ap/vim-7.4.258-i486-1.txz: Upgraded.
n/openssh-6.6p1-i486-2.txz: Rebuilt.
       Fixed a bug with curve25519-sha256 that caused a key exchange failure in
       about 1 in 512 connection attempts.
xap/vim-gvim-7.4.258-i486-1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Post Reply

Who is online

Users browsing this forum: No registered users and 47 guests