Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 23 Jul 2016, 19:21
21.07.2016.
Svezi php i gimp paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/gimp-2.8.18-i586-1_slack14.2.txz: Upgraded.
This release fixes a security issue:
Use-after-free vulnerability in the xcf_load_image function in
app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of
service (program crash) or possibly execute arbitrary code via a crafted
XCF file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
(* Security fix *)
Code: Select all
patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.24
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 23 Jul 2016, 19:22
22.07.2016.
Novi bind paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, i -current:
Code: Select all
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named with lwres configured if when
combined with a search list entry the resulting name is too long.
(CVE-2016-2775) [RT #42694]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 07 Aug 2016, 15:59
06.08.2016.
Sveži paketi openssh, stunnel i curl za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/openssh-7.3p1-i586-1_slack14.2.txz: Upgraded.
This is primarily a bugfix release, and also addresses security issues.
sshd(8): Mitigate a potential denial-of-service attack against the system's
crypt(3) function via sshd(8).
sshd(8): Mitigate timing differences in password authentication that could
be used to discern valid from invalid account names when long passwords were
sent and particular password hashing algorithms are in use on the server.
ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle
countermeasures.
ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC
before decrypting any ciphertext.
sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes.
For more information, see:
http://www.openssh.com/txt/release-7.3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
(* Security fix *)
Code: Select all
patches/packages/stunnel-5.35-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
Fixed malfunctioning "verify = 4".
Fixed incorrectly enforced client certificate requests.
(* Security fix *)
Code: Select all
patches/packages/curl-7.50.1-i586-1_slack14.2.txz: Upgraded.
This release fixes security issues:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
For more information, see:
https://curl.haxx.se/docs/adv_20160803A.html
https://curl.haxx.se/docs/adv_20160803B.html
https://curl.haxx.se/docs/adv_20160803C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
(* Security fix *)
Sveži firefox paketi za Slackware 14.1 i 14.2:
Code: Select all
patches/packages/mozilla-firefox-45.3.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 28 Aug 2016, 10:07
23.08.2016.
Svezi gnupg i libgcrypt paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/libgcrypt-1.7.3-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially predict the next
20 bytes of output. (This is according to the NEWS file included in the
source. According to the annoucement linked below, an attacker who obtains
4640 bits from the RNG can trivially predict the next 160 bits of output.)
Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
For more information, see:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
(* Security fix *)
Code: Select all
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially predict the next
20 bytes of output. (This is according to the NEWS file included in the
source. According to the annoucement linked below, an attacker who obtains
4640 bits from the RNG can trivially predict the next 160 bits of output.)
Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
For more information, see:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
(* Security fix *)
Svez linux kernel za Slackware 14.2 i -current:
Code: Select all
patches/packages/linux-4.4.19/*: Upgraded.
A flaw was found in the implementation of the Linux kernels handling of
networking challenge ack where an attacker is able to determine the shared
counter. This may allow an attacker located on different subnet to inject
or take over a TCP connection between a server and client without having to
be a traditional Man In the Middle (MITM) style attack.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5389
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 2168
- Joined: 08 Jun 2010, 13:28
- Location: Centralna Srbija Kraljevo
-
Contact:
Post
Napisano: 30 Aug 2016, 12:59
Tih što mi ovo ide na živce
, taman sredim
nVidia Optimus sa Bumblebee skriptom, prilično se namučim da proradi i Bumblebeed i Primus, i sad sve mora jovo nanovo zbog kernela, jer neće da učita 4.4.19.
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 03 Sep 2016, 19:45
@Broker
imaš li realnu potrebu da radiš update kernela
samo ga ćušni u blacklist i uživaj.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 2168
- Joined: 08 Jun 2010, 13:28
- Location: Centralna Srbija Kraljevo
-
Contact:
Post
Napisano: 04 Sep 2016, 23:20
Nisam imao potrebe, nego nisam ni gledao šta ima od paketa za ažuriranje, a to mi se ne dešava često da samo pustim update, već sve prekostrolišem, sada sam to izostavio.
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 02 Nov 2016, 06:45
Slackware 64-bit
Code: Select all
Mon Oct 31 23:38:24 UTC 2016
patches/packages/libX11-1.6.4-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory read in XGetImage() or write in XListFonts().
Affected versions libX11 <= 1.6.3.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
(* Security fix *)
patches/packages/libXfixes-5.0.3-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause an integer
overflow on 32 bit architectures.
Affected versions : libXfixes <= 5.0.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
(* Security fix *)
patches/packages/libXi-1.7.8-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected versions libXi <= 1.7.6.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
(* Security fix *)
patches/packages/libXrandr-1.5.1-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected versions: libXrandr <= 1.5.0.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
(* Security fix *)
patches/packages/libXrender-0.9.10-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected version: libXrender <= 0.9.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
(* Security fix *)
patches/packages/libXtst-1.2.3-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected version libXtst <= 1.2.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
(* Security fix *)
patches/packages/libXv-1.0.11-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory and memory corruption.
Affected version libXv <= 1.0.10.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
(* Security fix *)
patches/packages/libXvMC-1.0.10-x86_64-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause a one byte buffer
read underrun.
Affected version: libXvMC <= 1.0.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
(* Security fix *)
patches/packages/linux-4.4.29/*: Upgraded.
This kernel fixes a security issue known as "Dirty COW". A race condition
was found in the way the Linux kernel's memory subsystem handled the
copy-on-write (COW) breakage of private read-only memory mappings. An
unprivileged local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://dirtycow.ninja/
https://www.kb.cert.org/vuls/id/243144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
(* Security fix *)
patches/packages/mariadb-10.0.28-x86_64-1_slack14.2.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
(* Security fix *)
patches/packages/php-5.6.27-x86_64-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.27
(* Security fix *)
patches/packages/xscreensaver-5.36-x86_64-1_slack14.2.txz: Upgraded.
Here's an upgrade to the latest xscreensaver.
Slackware 32-bit
Code: Select all
Mon Oct 31 23:38:24 UTC 2016
patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory read in XGetImage() or write in XListFonts().
Affected versions libX11 <= 1.6.3.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
(* Security fix *)
patches/packages/libXfixes-5.0.3-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause an integer
overflow on 32 bit architectures.
Affected versions : libXfixes <= 5.0.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
(* Security fix *)
patches/packages/libXi-1.7.8-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected versions libXi <= 1.7.6.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
(* Security fix *)
patches/packages/libXrandr-1.5.1-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected versions: libXrandr <= 1.5.0.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
(* Security fix *)
patches/packages/libXrender-0.9.10-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected version: libXrender <= 0.9.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
(* Security fix *)
patches/packages/libXtst-1.2.3-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected version libXtst <= 1.2.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
(* Security fix *)
patches/packages/libXv-1.0.11-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory and memory corruption.
Affected version libXv <= 1.0.10.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
(* Security fix *)
patches/packages/libXvMC-1.0.10-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause a one byte buffer
read underrun.
Affected version: libXvMC <= 1.0.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
(* Security fix *)
patches/packages/linux-4.4.29/*: Upgraded.
This kernel fixes a security issue known as "Dirty COW". A race condition
was found in the way the Linux kernel's memory subsystem handled the
copy-on-write (COW) breakage of private read-only memory mappings. An
unprivileged local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://dirtycow.ninja/
https://www.kb.cert.org/vuls/id/243144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
(* Security fix *)
patches/packages/mariadb-10.0.28-i586-1_slack14.2.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
(* Security fix *)
patches/packages/php-5.6.27-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.27
(* Security fix *)
patches/packages/xscreensaver-5.36-i586-1_slack14.2.txz: Upgraded.
Here's an upgrade to the latest xscreensaver.
-
- Posts: 1680
- Joined: 07 Jun 2012, 18:01
- Location: Najlipši grad na svitu :)
Post
Napisano: 06 Nov 2016, 19:56
Slackware 64-bit
Code: Select all
Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.10.4_P4-x86_64-1_slack14.2.txz: Upgraded.
This update fixes a denial-of-service vulnerability. A defect in BIND's
handling of responses containing a DNAME answer can cause a resolver to exit
after encountering an assertion failure in db.c or resolver.c. A server
encountering either of these error conditions will stop, resulting in denial
of service to clients. The risk to authoritative servers is minimal;
recursive servers are chiefly at risk.
For more information, see:
https://kb.isc.org/article/AA-01434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
(* Security fix *)
patches/packages/curl-7.51.0-x86_64-1_slack14.2.txz: Upgraded.
This release fixes security issues:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
For more information, see:
https://curl.haxx.se/docs/adv_20161102A.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
https://curl.haxx.se/docs/adv_20161102B.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
https://curl.haxx.se/docs/adv_20161102C.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
https://curl.haxx.se/docs/adv_20161102D.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
https://curl.haxx.se/docs/adv_20161102E.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
https://curl.haxx.se/docs/adv_20161102F.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
https://curl.haxx.se/docs/adv_20161102G.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
https://curl.haxx.se/docs/adv_20161102H.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
https://curl.haxx.se/docs/adv_20161102I.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
https://curl.haxx.se/docs/adv_20161102J.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
https://curl.haxx.se/docs/adv_20161102K.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
(* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.2.txz: Upgraded.
This package provides the latest timezone updates.
Slackware 32-bit
Code: Select all
Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.10.4_P4-i586-1_slack14.2.txz: Upgraded.
This update fixes a denial-of-service vulnerability. A defect in BIND's
handling of responses containing a DNAME answer can cause a resolver to exit
after encountering an assertion failure in db.c or resolver.c. A server
encountering either of these error conditions will stop, resulting in denial
of service to clients. The risk to authoritative servers is minimal;
recursive servers are chiefly at risk.
For more information, see:
https://kb.isc.org/article/AA-01434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
(* Security fix *)
patches/packages/curl-7.51.0-i586-1_slack14.2.txz: Upgraded.
This release fixes security issues:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
For more information, see:
https://curl.haxx.se/docs/adv_20161102A.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
https://curl.haxx.se/docs/adv_20161102B.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
https://curl.haxx.se/docs/adv_20161102C.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
https://curl.haxx.se/docs/adv_20161102D.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
https://curl.haxx.se/docs/adv_20161102E.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
https://curl.haxx.se/docs/adv_20161102F.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
https://curl.haxx.se/docs/adv_20161102G.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
https://curl.haxx.se/docs/adv_20161102H.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
https://curl.haxx.se/docs/adv_20161102I.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
https://curl.haxx.se/docs/adv_20161102J.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
https://curl.haxx.se/docs/adv_20161102K.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
(* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.2.txz: Upgraded.
This package provides the latest timezone updates.
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 24 Dec 2016, 10:40
18.11.2016.
Svezi mozilla-firefox paketi za Slackware 14.1, 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-45.5.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 63 guests