Slackware Security Advisories (sigurnosne nadogradnje)

Post Napisano: 19 Oct 2013, 12:29

19.10.2013.

Libtiff za Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0 i -current

patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz:  Upgraded.
  Patched overflows, crashes, and out of bounds writes.
  Thanks to mancha for the backported patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244
  (* Security fix *)

Hplip za Slackware 13.1, 13.37, 14.0 i -current

Code: Select all

patches/packages/hplip-3.12.9-i486-3_slack14.0.txz:  Rebuilt.
  This fixes a polkit race condition that could allow local users to bypass
  intended access restrictions.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325
  (* Security fix *)

Post Napisano: 03 Nov 2013, 10:46

03.11.2013.

Nadogradnja Thunderbird-a samo za Slackware 14:

Code: Select all

patches/packages/mozilla-thunderbird-17.0.10esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
  (* Security fix *)

Post Napisano: 19 Nov 2013, 15:28

18.11.2013.

Mozilla Firefox za Slackware 13.37, 14.0, 14.1 i -current

Code: Select all

patches/packages/mozilla-firefox-24.1.1esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

OpenSSH za Slackware 14.1 i -current

Code: Select all

patches/packages/openssh-6.4p1-i486-1_slack14.1.txz:  Upgraded.
  sshd(8): fix a memory corruption problem triggered during rekeying
  when an AES-GCM cipher is selected.
  For more information, see:
    http://www.openssh.com/txt/gcmrekey.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
  (* Security fix *)

Samba za Slackware 14.0, 14.1 i -current

Code: Select all

patches/packages/samba-4.1.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  * Samba versions 3.2.0 and above do not check the underlying file or
    directory ACL when opening an alternate data stream.
  * In setups which provide ldap(s) and/or https services, the private key
    for SSL/TLS encryption might be world readable.  This typically happens
    in active directory domain controller setups.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476
  (* Security fix *)
  Added tdb.h, tdb.pc, and a libtdb.so symlink.  Thanks to Matteo Bernardini.

Seamonkey za Slackware 14.0, 14.1 i -current

Code: Select all

patches/packages/seamonkey-2.22-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.22-i486-1_slack14.1.txz:  Upgraded.

Post Napisano: 06 Dec 2013, 11:23

05.12.2013.

Mozilla-nss za Slackware 14.0, 14.1 i current:

Code: Select all

patches/packages/mozilla-nss-3.15.3-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
  (* Security fix *)

Mozilla Thunderbird za Slackware 13.37, 14.0, 14.1 i current:

Code: Select all

patches/packages/mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)

Seamonkey 2.22.1 za Slackware 14.0.14.1 i current:

Code: Select all

patches/packages/seamonkey-2.22.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.1.txz:  Upgraded.

Hplip bezbedbosna nadogradnja paketa samo za Slackware 14.0:

Code: Select all

patches/packages/hplip-3.12.9-i486-4_slack14.0.txz:  Rebuilt.
  This update disables the automatic upgrade feature which can be easily
  fooled into downloading an arbitrary binary and executing it.  This
  issue affects only Slackware 14.0 (earlier versions do not have the
  feature, and newer ones had already disabled it).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427
  (* Security fix *)

Post Napisano: 17 Dec 2013, 10:28

16.12.2013.

Libjpeg nadogradnja za 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/libjpeg-v8a-i486-2_slack14.1.txz:  Rebuilt.
  Fix use of uninitialized memory when decoding images with missing SOS data
  for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
  This could allow remote attackers to obtain sensitive information from
  uninitialized memory locations via a crafted JPEG image.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
  (* Security fix *)

Libiodbc i ruby nadogradnje za Slackware 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

patches/packages/libiodbc-3.52.8-i486-1_slack14.1.txz:  Upgraded.
  This update fixes an rpath pointing to a location in /tmp that was found in
  two test programs (iodbctest and iodbctestw).  This could have allowed a
  local attacker with write access to /tmp to add modified libraries (and
  execute arbitrary code) as any user running the test programs.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)

Code: Select all

patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap overflow in floating point parsing.  A specially
  crafted string could cause a heap overflow leading to a denial of service
  attack via segmentation faults and possibly arbitrary code execution.
  For more information, see:
    https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
  (* Security fix *)

Seamonkey i llvm nadogradnje za Slackware 14.0, 14,1 i -current:

Code: Select all

patches/packages/seamonkey-2.23-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.23-i486-1_slack14.1.txz:  Upgraded.

Code: Select all

patches/packages/llvm-3.3-i486-3_slack14.1.txz:  Rebuilt.
  The LLVM package included binaries with an rpath pointing to the build
  location in /tmp.   This allows an attacker with write access to /tmp to
  add modified libraries (and execute arbitrary code) as any user running
  the LLVM binaries.  This updated package rebuilds LLVM to exclude the
  build directories from the rpath information.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)

Mozilla Firefox i Thunderbird nadogradnje za Slackware 14.1 i -current:

Code: Select all

patches/packages/mozilla-firefox-24.2.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-24.2.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
  (* Security fix *)

Post Napisano: 22 Dec 2013, 00:16

21.12.2013.

Gnupg bezbednosne nadogradnje za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current:

Code: Select all

  Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
  Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
  For more information, see:
    http://www.cs.tau.ac.il/~tromer/acoustic/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
  (* Security fix *)

Post Napisano: 15 Jan 2014, 00:15

13.01.2014.

Prva nadogradnja ove godine

Samba, php, openssl i libXfont

Samba nadogradnja za Slackware 14.1 i current:

Code: Select all

patches/packages/samba-4.1.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap-based buffer overflow that may allow AD domain
  controllers to execute arbitrary code via an invalid fragment length in
  a DCE-RPC packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
  (* Security fix *)

Php nadogradnja za Slackware 14.0, 14.1 i current:

Code: Select all

patches/packages/php-5.4.24-i486-1_slack14.1.txz:  Upgraded.
  The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
  5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
  parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
  which allows remote attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via a crafted certificate that is not
  properly handled by the openssl_x509_parse function.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
  (* Security fix *)

Openssl nadogradnja za Slackware 14.0, 14.1 i current:

Code: Select all

patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz:  Upgraded.

LibXfont nadogradnja za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i current:

Code: Select all

patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a stack overflow when reading a BDF font file containing
  a longer than expected string, which could lead to crashes or privilege
  escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
  (* Security fix *)

Post Napisano: 29 Jan 2014, 02:13

28.01.2014.

Nadogradnja mozilla-nss paketa dostupna je za Slackware 14.0, 14.1 i current:

Code: Select all

patches/packages/mozilla-nss-3.15.4-i486-1_slack14.1.txz:  Upgraded.
  Upgraded to nss-3.15.4 and nspr-4.10.3.
  Fixes a possible man-in-the-middle issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
  (* Security fix *)

Nadogradnja bind paketa dostupna je za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 current:

Code: Select all

patches/packages/bind-9.9.4_P2-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a defect in the handling of NSEC3-signed zones that can
  cause BIND to be crashed by a specific set of queries.
  NOTE:  According to the second link below, Slackware is probably not
  vulnerable since we aren't using glibc-2.18 yet.  Might as well fix it
  anyway, though.
  For more information, see:
    https://kb.isc.org/article/AA-01078
    https://kb.isc.org/article/AA-01085
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)

Post Napisano: 04 Feb 2014, 00:20

03.02.2014.

Nove nadogradnje za pidgin za Slackware 13.0, 13.1, 13.37, 14.0, 14.1 i -current

Code: Select all

patches/packages/pidgin-2.10.9-i486-1_slack14.1.txz:  Upgraded.
  This update fixes various security issues and other bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
  (* Security fix *)

Post Napisano: 09 Feb 2014, 04:25

08.02.2014.

Seamonkey za Slackware 14.0, 14.1 i -current
Firefox i Thunderbird za Slackware 14.1 i -current

Code: Select all

patches/packages/seamonkey-2.24-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.24-i486-1_slack14.1.txz:  Upgraded.

Code: Select all

patches/packages/mozilla-firefox-24.3.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-24.3.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)

Slackware Srbija

Slackware Security Advisories (sigurnosne nadogradnje)

Who is online