Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 17 Sep 2017, 09:47
15.09.2017.
Sveži bluez paketi za Slackware 13.1, 13.37, 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/bluez-5.47-i586-1_slack14.2.txz: Upgraded.
Fixed an information disclosure vulnerability which allows remote attackers
to obtain sensitive information from the bluetoothd process memory. This
vulnerability lies in the processing of SDP search attribute requests.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
(* Security fix *)
Sveži
kernel paketi za Slackware 14.1, 14.2 i -current:
Code: Select all
patches/packages/linux-4.4.88/*: Upgraded.
This update fixes the security vulnerability known as "BlueBorne".
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in
the processing of L2CAP configuration responses resulting in remote
code execution in kernel space.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
https://www.armis.com/blueborne
(* Security fix *)
^^
BlueBorn fix - vezan za bluetooth propust u bezbednosti koji je skoro otkriven a prisutan dosta dugo.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Sep 2017, 17:06
18.09.2017.
Sveži httpd paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current :
Code: Select all
patches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt.
This update patches a security issue ("Optionsbleed") with the OPTIONS http
method which may leak arbitrary pieces of memory to a potential attacker.
Thanks to Hanno Bo:ck.
For more information, see:
http://seclists.org/oss-sec/2017/q3/477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
(* Security fix *)
Sveži libgcrypt i ruby paketi za Slackware 14.2 i -current:
Code: Select all
patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz: Upgraded.
Mitigate a local side-channel attack on Curve25519 dubbed "May
the Fourth be With You".
For more information, see:
https://eprint.iacr.org/2017/806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379
(* Security fix *)
Code: Select all
patches/packages/ruby-2.2.8-i586-1_slack14.2.txz: Upgraded.
This release includes several security fixes.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Sep 2017, 17:08
20.09.2017.
Sveži samba paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/samba-4.4.16-i586-1_slack14.2.txz: Upgraded.
This is a security release in order to address the following defects:
SMB1/2/3 connections may not require signing where they should. A man in the
middle attack may hijack client connections.
SMB3 connections don't keep encryption across DFS redirects. A man in the
middle attack can read and may alter confidential documents transferred via
a client connection, which are reached via DFS redirect when the original
connection used SMB3.
Server memory information leak over SMB1. Client with write access to a share
can cause server memory contents to be written into a file or printer.
For more information, see:
https://www.samba.org/samba/security/CVE-2017-12150.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
https://www.samba.org/samba/security/CVE-2017-12151.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
https://www.samba.org/samba/security/CVE-2017-12163.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Sep 2017, 17:11
22.09.2017.
Sveži libxml2 i python paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/libxml2-2.9.5-i586-1_slack14.2.txz: Upgraded.
This release fixes some security issues:
Detect infinite recursion in parameter entities (Nick Wellnhofer),
Fix handling of parameter-entity references (Nick Wellnhofer),
Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),
Fix XPointer paths beginning with range-to (Nick Wellnhofer).
(* Security fix *)
Code: Select all
patches/packages/python-2.7.14-i586-1_slack14.2.txz: Upgraded.
Updated to the latest 2.7.x release.
This fixes some security issues related to the bundled expat library.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Sep 2017, 17:12
27.09.2017.
Sveži gegl paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/gegl-0.2.0-i586-4_slack14.2.txz: Rebuilt.
Patched integer overflows in operations/external/ppm-load.c that could allow
a denial of service (application crash) or possibly the execution of
arbitrary code via a large width or height value in a ppm image.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4433
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 30 Sep 2017, 17:13
28.09.2017.
Sveži mozilla-firefox za Slackware 14.2 i -current:
Code: Select all
patches/packages/mozilla-firefox-52.4.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 05 Oct 2017, 10:07
01.10.2017.
Sveži openexr paketi za Slackware 14.2 i -current
Code: Select all
patches/packages/openexr-2.2.0-i586-2_slack14.2.txz: Rebuilt.
Patched bugs that may lead to program crashes or possibly execution of
arbitrary code. Thanks to Thomas Choi for the patch.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 05 Oct 2017, 10:09
02.10.2017.
Osveženi dnsmasq paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current
Code: Select all
patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and remotely exploitable security issues that may
have impacts including denial of service, information leak, and execution
of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana,
Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team.
For more information, see:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Oct 2017, 17:21
05.10.2017.
Sveži curl i xorg-server paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/curl-7.56.0-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
libcurl may read outside of a heap allocated buffer when doing FTP.
For more information, see:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
(* Security fix *)
Code: Select all
patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz: Rebuilt.
This update fixes two security issues:
Xext/shm: Validate shmseg resource id, otherwise it can belong to a
non-existing client and abort X server with FatalError "client not
in use", or overwrite existing segment of another existing client.
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13723
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz: Rebuilt.
Sveži openjpeg paketi za Slacwkare 14.2 i -current:
Code: Select all
patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues which may lead to a denial of service
or possibly remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3468
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 21 Oct 2017, 09:23
18.10.2017.
Sveži libXres paketi za Slackware 14.1, 14.2 i -current:
Code: Select all
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)
XResQueryClients and (2) XResQueryClientResources functions.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
(* Security fix *)
Sveži wpa_supplicant i xorg-server za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.
This update includes patches to mitigate the WPA2 protocol issues known
as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
hijack TCP connections, and to forge and inject packets. This is the
list of vulnerabilities that are addressed here:
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame.
For more information, see:
https://www.krackattacks.com/
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
(* Security fix *)
Code: Select all
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz: Rebuilt.
This update fixes integer overflows and other possible security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 73 guests