Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 26 Apr 2016, 16:52
26.04.2016.
Slackware 64bit:
Code: Select all
Tue Apr 26 05:16:02 UTC 2016
ap/lxc-2.0.0-x86_64-2.txz: Rebuilt.
rc.lxc: Stop containers with lxc-stop rather than having lxc-attach call
/sbin/halt. Thanks to linuxxer and Matteo Bernardini.
xfce/xfce4-weather-plugin-0.8.7-x86_64-1.txz: Upgraded.
Slackware 32bit:
Code: Select all
ap/lxc-2.0.0-i586-2.txz: Rebuilt.
rc.lxc: Stop containers with lxc-stop rather than having lxc-attach call
/sbin/halt. Thanks to linuxxer and Matteo Bernardini.
xfce/xfce4-weather-plugin-0.8.7-i586-1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 01 May 2016, 18:38
Slackware 64-bit
Code: Select all
Sat Apr 30 20:28:33 UTC 2016
a/aaa_elflibs-14.2-x86_64-13.txz: Rebuilt.
a/lvm2-2.02.152-x86_64-1.txz: Upgraded.
ap/gphoto2-2.5.10-x86_64-1.txz: Upgraded.
ap/mariadb-10.0.25-x86_64-1.txz: Upgraded.
ap/vim-7.4.1811-x86_64-1.txz: Upgraded.
d/git-2.8.2-x86_64-1.txz: Upgraded.
d/ruby-2.2.5-x86_64-1.txz: Upgraded.
d/subversion-1.9.4-x86_64-1.txz: Upgraded.
This release fixes two security issues:
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check.
For more information, see:
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
(* Security fix *)
l/libgphoto2-2.5.10-x86_64-1.txz: Upgraded.
n/whois-5.2.12-x86_64-1.txz: Upgraded.
n/yptools-2.14-x86_64-6.txz: Rebuilt.
Don't remove unmerged .new config files. Thanks to christian laubscher.
x/xf86-input-evdev-2.10.2-x86_64-1.txz: Upgraded.
xap/vim-gvim-7.4.1811-x86_64-1.txz: Upgraded.
+--------------------------+
Sat Apr 30 05:51:33 UTC 2016
d/perl-5.22.2-x86_64-1.txz: Upgraded.
+--------------------------+
Fri Apr 29 20:54:01 UTC 2016
ap/cups-filters-1.8.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-0.43.0.
kde/calligra-2.9.11-x86_64-3.txz: Rebuilt.
Recompiled against poppler-0.43.0.
l/poppler-0.43.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/ntp-4.2.8p7-x86_64-1.txz: Upgraded.
This release patches several low and medium severity security issues:
CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
AKA: ntp-sybil - MITIGATION ONLY
CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
botch
CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
properly validated
CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
MATCH_ASSOC
CVE-2016-2519: ctl_getitem() return value not always checked
CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
CVE-2015-7704: KoD fix: peer associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode is broken
CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
(* Security fix *)
n/php-5.6.21-x86_64-1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.21
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
(* Security fix *)
x/libdrm-2.4.68-x86_64-1.txz: Upgraded.
xfce/tumbler-0.1.31-x86_64-6.txz: Rebuilt.
Recompiled against poppler-0.43.0.
+--------------------------+
Wed Apr 27 21:16:37 UTC 2016
n/yptools-2.14-x86_64-5.txz: Rebuilt.
Use /usr/lib$LIBDIRSUFFIX/yp in /var/yp/Makefile.new. Thanks to alex14641.
xap/mozilla-firefox-45.1.0esr-x86_64-2.txz: Rebuilt.
Fixed $RELEASEVER to avoid installing extra files and placing a few files in
the wrong location. Thanks to Mikhail Zotov.
xfce/xfce4-settings-4.12.0-x86_64-3.txz: Rebuilt.
Patched a bug that may prevent a display from waking up from standby mode
when running a 4.4.x (or newer) kernel. Thanks to Matthias Schuster.
+--------------------------+
Wed Apr 27 04:20:57 UTC 2016
xap/mozilla-firefox-45.1.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+
Slackware 32-bit
Code: Select all
Sat Apr 30 20:28:33 UTC 2016
a/aaa_elflibs-14.2-i586-13.txz: Rebuilt.
a/lvm2-2.02.152-i586-1.txz: Upgraded.
ap/gphoto2-2.5.10-i586-1.txz: Upgraded.
ap/mariadb-10.0.25-i586-1.txz: Upgraded.
ap/vim-7.4.1811-i586-1.txz: Upgraded.
d/git-2.8.2-i586-1.txz: Upgraded.
d/ruby-2.2.5-i586-1.txz: Upgraded.
d/subversion-1.9.4-i586-1.txz: Upgraded.
This release fixes two security issues:
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check.
For more information, see:
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
(* Security fix *)
l/libgphoto2-2.5.10-i586-1.txz: Upgraded.
n/whois-5.2.12-i586-1.txz: Upgraded.
n/yptools-2.14-i586-6.txz: Rebuilt.
Don't remove unmerged .new config files. Thanks to christian laubscher.
x/xf86-input-evdev-2.10.2-i586-1.txz: Upgraded.
xap/vim-gvim-7.4.1811-i586-1.txz: Upgraded.
+--------------------------+
Sat Apr 30 05:51:33 UTC 2016
d/perl-5.22.2-i586-1.txz: Upgraded.
+--------------------------+
Fri Apr 29 20:54:01 UTC 2016
ap/cups-filters-1.8.3-i586-2.txz: Rebuilt.
Recompiled against poppler-0.43.0.
kde/calligra-2.9.11-i586-3.txz: Rebuilt.
Recompiled against poppler-0.43.0.
l/poppler-0.43.0-i586-1.txz: Upgraded.
Shared library .so-version bump.
n/ntp-4.2.8p7-i586-1.txz: Upgraded.
This release patches several low and medium severity security issues:
CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
AKA: ntp-sybil - MITIGATION ONLY
CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
botch
CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
properly validated
CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
MATCH_ASSOC
CVE-2016-2519: ctl_getitem() return value not always checked
CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
CVE-2015-7704: KoD fix: peer associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode is broken
CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
(* Security fix *)
n/php-5.6.21-i586-1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.21
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
(* Security fix *)
x/libdrm-2.4.68-i586-1.txz: Upgraded.
xfce/tumbler-0.1.31-i586-6.txz: Rebuilt.
Recompiled against poppler-0.43.0.
+--------------------------+
Wed Apr 27 21:16:37 UTC 2016
n/yptools-2.14-i586-5.txz: Rebuilt.
Use /usr/lib$LIBDIRSUFFIX/yp in /var/yp/Makefile.new. Thanks to alex14641.
xap/mozilla-firefox-45.1.0esr-i586-2.txz: Rebuilt.
Fixed $RELEASEVER to avoid installing extra files and placing a few files in
the wrong location. Thanks to Mikhail Zotov.
xfce/xfce4-settings-4.12.0-i586-3.txz: Rebuilt.
Patched a bug that may prevent a display from waking up from standby mode
when running a 4.4.x (or newer) kernel. Thanks to Matthias Schuster.
+--------------------------+
Wed Apr 27 04:20:57 UTC 2016
xap/mozilla-firefox-45.1.0esr-i586-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 03 May 2016, 07:58
02.05.2016.
Slackware 64bit:
Code: Select all
Mon May 2 19:42:54 UTC 2016
ap/tmux-2.1-i586-2.txz: Rebuilt.
Reverted to tmux-2.1, because tmux-2.2 has dropped support for non-UTF8
character sets "since supporting multiple character sets is a pain".
Thanks to Dan Church for the bug report.
d/mercurial-3.8.1-i586-1.txz: Upgraded.
This update fixes possible arbitrary code execution when converting Git
repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
the convert extension on Git repos with hostile names. This could affect
automated code conversion services that allow arbitrary repository names.
This is a further side-effect of Git CVE-2015-7545.
Reported and fixed by Blake Burkhart.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
(* Security fix *)
l/icu4c-56.1-i586-2.txz: Rebuilt.
Patched pkgdata crash when using "-m". Thanks to Fabio Bas.
l/librsvg-2.40.15-i586-2.txz: Rebuilt.
Reverted upstream patch that broke the rsvg-convert scaling functionality.
Thanks to haary.
n/samba-4.4.3-i586-1.txz: Upgraded.
xap/imagemagick-6.9.3_9-i586-1.txz: Upgraded.
Slackware 32bit:
Code: Select all
ap/tmux-2.1-i586-2.txz: Rebuilt.
Reverted to tmux-2.1, because tmux-2.2 has dropped support for non-UTF8
character sets "since supporting multiple character sets is a pain".
Thanks to Dan Church for the bug report.
d/mercurial-3.8.1-i586-1.txz: Upgraded.
This update fixes possible arbitrary code execution when converting Git
repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
the convert extension on Git repos with hostile names. This could affect
automated code conversion services that allow arbitrary repository names.
This is a further side-effect of Git CVE-2015-7545.
Reported and fixed by Blake Burkhart.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
(* Security fix *)
l/icu4c-56.1-i586-2.txz: Rebuilt.
Patched pkgdata crash when using "-m". Thanks to Fabio Bas.
l/librsvg-2.40.15-i586-2.txz: Rebuilt.
Reverted upstream patch that broke the rsvg-convert scaling functionality.
Thanks to haary.
n/samba-4.4.3-i586-1.txz: Upgraded.
xap/imagemagick-6.9.3_9-i586-1.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 May 2016, 06:39
03.05.2016.
Slackware 64bit:
Code: Select all
Tue May 3 20:30:53 UTC 2016
a/openssl-solibs-1.0.2h-x86_64-1.txz: Upgraded.
n/bind-9.10.4-x86_64-1.txz: Upgraded.
n/openssl-1.0.2h-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
EVP_EncodeUpdate overflow (CVE-2016-2105)
EVP_EncryptUpdate overflow (CVE-2016-2106)
ASN.1 BIO excessive memory allocation (CVE-2016-2109)
EBCDIC overread (CVE-2016-2176)
For more information, see:
https://www.openssl.org/news/secadv/20160503.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
(* Security fix *)
xap/hexchat-2.12.1-x86_64-1.txz: Upgraded.
testing/packages/tmux-2.2-x86_64-1.txz: Added.
For those using a UTF8 locale, I'm adding back the latest tmux in /testing.
Most likely we'll throw the switch on "UTF8 by default" shortly into the
next development cycle, but now isn't the time for it.
Slackware 32bit:
Code: Select all
a/openssl-solibs-1.0.2h-i586-1.txz: Upgraded.
n/bind-9.10.4-i586-1.txz: Upgraded.
n/openssl-1.0.2h-i586-1.txz: Upgraded.
This update fixes the following security issues:
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
EVP_EncodeUpdate overflow (CVE-2016-2105)
EVP_EncryptUpdate overflow (CVE-2016-2106)
ASN.1 BIO excessive memory allocation (CVE-2016-2109)
EBCDIC overread (CVE-2016-2176)
For more information, see:
https://www.openssl.org/news/secadv/20160503.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
(* Security fix *)
xap/hexchat-2.12.1-i586-1.txz: Upgraded.
testing/packages/tmux-2.2-i586-1.txz: Added.
For those using a UTF8 locale, I'm adding back the latest tmux in /testing.
Most likely we'll throw the switch on "UTF8 by default" shortly into the
next development cycle, but now isn't the time for it.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 05 May 2016, 07:38
Slackware 64-bit
Code: Select all
Wed May 4 19:24:29 UTC 2016
ap/hplip-3.16.5-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-45.1.1esr-x86_64-1.txz: Upgraded.
Slackware 32-bit
Code: Select all
Wed May 4 19:24:29 UTC 2016
ap/hplip-3.16.5-i586-1.txz: Upgraded.
xap/mozilla-firefox-45.1.1esr-i586-1.txz: Upgraded.
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 05 May 2016, 09:47
Slackware 64-bit
Code: Select all
Thu May 5 05:17:19 UTC 2016
a/kernel-generic-4.4.9-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.9-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.9-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-2.0-noarch-31.txz: Rebuilt.
In rc.M, bluetooth must start before NetworkManager (like it did in Slackware
14.1) in order to enable bluetooth networking. Thanks to James Marca.
ap/lxc-2.0.0-x86_64-3.txz: Rebuilt.
Merged rc.M changes.
d/kernel-headers-4.4.9-x86-1.txz: Upgraded.
k/kernel-source-4.4.9-noarch-1.txz: Upgraded.
n/mutt-1.6.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Slackware 32-bit
Code: Select all
Thu May 5 05:17:19 UTC 2016
a/kernel-generic-4.4.9-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.9-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.9-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/sysvinit-scripts-2.0-noarch-31.txz: Rebuilt.
In rc.M, bluetooth must start before NetworkManager (like it did in Slackware
14.1) in order to enable bluetooth networking. Thanks to James Marca.
ap/lxc-2.0.0-i586-3.txz: Rebuilt.
Merged rc.M changes.
d/kernel-headers-4.4.9_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.9_smp-noarch-1.txz: Upgraded.
n/mutt-1.6.1-i586-1.txz: Upgraded.
extra/linux-4.4.9-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 11 May 2016, 10:25
Slackware 64-bit
Code: Select all
Current (pre-release) ChangeLog for x86_64
Wed May 11 05:20:01 UTC 2016
a/dcron-4.5-x86_64-5.txz: Rebuilt.
Patched bug where cron.update is not picked up while jobs are still running.
Thanks to Jeroen Hendriks.
ap/lxc-2.0.0-x86_64-4.txz: Rebuilt.
Applied "[PATCH] cgfsng: don't require that systemd subsystem be mounted".
Thanks to Johannes Schöpfer.
ap/moc-2.5.1-x86_64-1.txz: Upgraded.
ap/slackpkg-2.82.1-noarch-1.txz: Upgraded.
Updated x86* mirrors lists for Slackware 14.2.
n/openvpn-2.3.11-x86_64-1.txz: Upgraded.
x/mesa-11.2.2-x86_64-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-x86_64-1.txz: Upgraded.
This release addresses several security issues in ImageMagick, including:
Insufficient shell characters filtering allows code execution (CVE-2016-3714)
Server Side Request Forgery (CVE-2016-3718)
File deletion (CVE-2016-3715)
File moving (CVE-2016-3716)
Local file read (CVE-2016-3717)
In addition, the default policy.xml config file has been modified to disable
all of the previously vulnerable coders, and to disable indirect reads.
For more information, see:
https://imagetragick.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
(* Security fix *)
Slackware 32-bit
Code: Select all
Wed May 11 05:20:01 UTC 2016
a/dcron-4.5-i586-5.txz: Rebuilt.
Patched bug where cron.update is not picked up while jobs are still running.
Thanks to Jeroen Hendriks.
ap/lxc-2.0.0-i586-4.txz: Rebuilt.
Applied "[PATCH] cgfsng: don't require that systemd subsystem be mounted".
Thanks to Johannes Schöpfer.
ap/moc-2.5.1-i586-1.txz: Upgraded.
ap/slackpkg-2.82.1-noarch-1.txz: Upgraded.
Updated x86* mirrors lists for Slackware 14.2.
n/openvpn-2.3.11-i586-1.txz: Upgraded.
x/mesa-11.2.2-i586-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-i586-1.txz: Upgraded.
This release addresses several security issues in ImageMagick, including:
Insufficient shell characters filtering allows code execution (CVE-2016-3714)
Server Side Request Forgery (CVE-2016-3718)
File deletion (CVE-2016-3715)
File moving (CVE-2016-3716)
Local file read (CVE-2016-3717)
In addition, the default policy.xml config file has been modified to disable
all of the previously vulnerable coders, and to disable indirect reads.
For more information, see:
https://imagetragick.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
(* Security fix *)
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 12 May 2016, 12:00
Slackware 64-bit
Code: Select all
Thu May 12 01:50:21 UTC 2016
a/kernel-firmware-20160511git-noarch-1.txz: Upgraded.
a/kernel-generic-4.4.10-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.10-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.10-x86_64-1.txz: Upgraded.
ap/man-pages-4.06-noarch-1.txz: Upgraded.
d/kernel-headers-4.4.10-x86-1.txz: Upgraded.
k/kernel-source-4.4.10-noarch-1.txz: Upgraded.
n/NetworkManager-1.2.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-45.1.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
xap/network-manager-applet-1.2.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Slackware 32-bit
Code: Select all
Thu May 12 01:50:21 UTC 2016
a/kernel-firmware-20160511git-noarch-1.txz: Upgraded.
a/kernel-generic-4.4.10-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.10_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.10-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.10_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.10-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.10_smp-i686-1.txz: Upgraded.
ap/man-pages-4.06-noarch-1.txz: Upgraded.
d/kernel-headers-4.4.10_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.10_smp-noarch-1.txz: Upgraded.
n/NetworkManager-1.2.2-i586-1.txz: Upgraded.
xap/mozilla-thunderbird-45.1.0-i586-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
xap/network-manager-applet-1.2.2-i586-1.txz: Upgraded.
extra/linux-4.4.10-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 17 May 2016, 16:18
Slackware 64-bit
Code: Select all
Tue May 17 05:06:44 UTC 2016
a/aaa_elflibs-14.2-x86_64-14.txz: Rebuilt.
d/mercurial-3.8.2-x86_64-1.txz: Upgraded.
l/gdbm-1.12-x86_64-1.txz: Upgraded.
l/libmtp-1.1.11-x86_64-1.txz: Upgraded.
n/libndp-1.6-x86_64-1.txz: Upgraded.
This update fixes a security issue. It was found that libndp did
not properly validate and check the origin of Neighbor Discovery
Protocol (NDP) messages. An attacker on a non-local network could
use this flaw to advertise a node as a router, allowing them to
perform man-in-the-middle attacks on a connecting client, or
disrupt the network connectivity of that client.
Thanks to Julien Bernard (Viagénie) for reporting this issue.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698
(* Security fix *)
xap/gnuplot-5.0.3-x86_64-2.txz: Rebuilt.
Added libcaca support. Thanks to Andrew Clemons.
a/kernel-firmware-20160516git-noarch-1.txz: Upgraded.
a/lvm2-2.02.154-x86_64-1.txz: Upgraded.
d/python-setuptools-21.0.0-x86_64-1.txz: Upgraded.
n/lftp-4.7.1-x86_64-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-x86_64-2.txz: Rebuilt.
Fixed .new config file installation. Thanks to ivandi.
testing/source/linux-4.5.4-configs/*: Added.
testing/source/linux-4.6-configs/*: Added.
Slackware 32-bit
Code: Select all
Tue May 17 05:06:44 UTC 2016
a/aaa_elflibs-14.2-i586-14.txz: Rebuilt.
d/mercurial-3.8.2-i586-1.txz: Upgraded.
l/gdbm-1.12-i586-1.txz: Upgraded.
l/libmtp-1.1.11-i586-1.txz: Upgraded.
n/libndp-1.6-i586-1.txz: Upgraded.
This update fixes a security issue. It was found that libndp did
not properly validate and check the origin of Neighbor Discovery
Protocol (NDP) messages. An attacker on a non-local network could
use this flaw to advertise a node as a router, allowing them to
perform man-in-the-middle attacks on a connecting client, or
disrupt the network connectivity of that client.
Thanks to Julien Bernard (Viagénie) for reporting this issue.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698
(* Security fix *)
xap/gnuplot-5.0.3-i586-2.txz: Rebuilt.
Added libcaca support. Thanks to Andrew Clemons.
a/kernel-firmware-20160516git-noarch-1.txz: Upgraded.
a/lvm2-2.02.154-i586-1.txz: Upgraded.
d/python-setuptools-21.0.0-i586-1.txz: Upgraded.
n/lftp-4.7.1-i586-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-i586-2.txz: Rebuilt.
Fixed .new config file installation. Thanks to ivandi.
testing/source/linux-4.5.4-configs/*: Added.
testing/source/linux-4.6-configs/*: Added.
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 21 May 2016, 10:10
Slackware 64-bit
Code: Select all
Fri May 20 21:20:29 UTC 2016
a/aaa_base-14.2-x86_64-2.txz: Rebuilt.
Updated your your initial email. ;-)
Thanks to Tonus for the typo report.
a/aaa_elflibs-14.2-x86_64-15.txz: Rebuilt.
a/btrfs-progs-v4.5.3-x86_64-1.txz: Upgraded.
a/e2fsprogs-1.43-x86_64-1.txz: Upgraded.
a/gzip-1.8-x86_64-1.txz: Upgraded.
a/kernel-generic-4.4.11-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.11-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.11-x86_64-1.txz: Upgraded.
a/tar-1.29-x86_64-1.txz: Upgraded.
ap/lxc-2.0.1-x86_64-1.txz: Upgraded.
ap/sqlite-3.13.0-x86_64-1.txz: Upgraded.
ap/vim-7.4.1832-x86_64-1.txz: Upgraded.
d/kernel-headers-4.4.11-x86-1.txz: Upgraded.
k/kernel-source-4.4.11-noarch-1.txz: Upgraded.
n/curl-7.49.0-x86_64-1.txz: Upgraded.
Fixed a TLS certificate check bypass with mbedTLS/PolarSSL.
For more information, see:
https://curl.haxx.se/docs/adv_20160518.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739
(* Security fix *)
n/dnsmasq-2.76-x86_64-1.txz: Upgraded.
n/lftp-4.7.2-x86_64-1.txz: Upgraded.
xap/vim-gvim-7.4.1832-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Slackware 32-bit
Code: Select all
Fri May 20 21:20:29 UTC 2016
a/aaa_base-14.2-i586-2.txz: Rebuilt.
Updated your your initial email. ;-)
Thanks to Tonus for the typo report.
a/aaa_elflibs-14.2-i586-15.txz: Rebuilt.
a/btrfs-progs-v4.5.3-i586-1.txz: Upgraded.
a/e2fsprogs-1.43-i586-1.txz: Upgraded.
a/gzip-1.8-i586-1.txz: Upgraded.
a/kernel-generic-4.4.11-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.11-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.11-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/tar-1.29-i586-1.txz: Upgraded.
ap/lxc-2.0.1-i586-1.txz: Upgraded.
ap/sqlite-3.13.0-i586-1.txz: Upgraded.
ap/vim-7.4.1832-i586-1.txz: Upgraded.
d/kernel-headers-4.4.11_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.11_smp-noarch-1.txz: Upgraded.
n/curl-7.49.0-i586-1.txz: Upgraded.
Fixed a TLS certificate check bypass with mbedTLS/PolarSSL.
For more information, see:
https://curl.haxx.se/docs/adv_20160518.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739
(* Security fix *)
n/dnsmasq-2.76-i586-1.txz: Upgraded.
n/lftp-4.7.2-i586-1.txz: Upgraded.
xap/vim-gvim-7.4.1832-i586-1.txz: Upgraded.
extra/linux-4.4.11-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Who is online
Users browsing this forum: No registered users and 59 guests