Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 11 May 2018, 22:11


03.05.2018.

Sveži seamonkey paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/seamonkey-2.49.3-i586-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information (when it appears), see:
    http://www.seamonkey-project.org/releases/seamonkey2.49.3
  (* Security fix *)
patches/packages/seamonkey-solibs-2.49.3-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 11 May 2018, 22:12


04.05.2018.

Sveži python paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/python-2.7.15-i586-1_slack14.2.txz:  Upgraded.
  Updated to the latest 2.7.x release.
  This fixes some security issues in difflib and poplib (regexes vulnerable
  to denial of service attacks), as well as security issues with the bundled
  expat library.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 11 May 2018, 22:14


09.05.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.8.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/
  (* Security fix *)
Sveži wget paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/wget-1.19.5-i586-1_slack14.2.txz:  Upgraded.
  Fixed a security issue where a malicious web server could inject arbitrary
  cookies into the cookie jar file.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 11 May 2018, 22:14


10.05.2018.

Sveži maridb paketi za Slackware 14.1 i 14.2:

Code: Select all

patches/packages/mariadb-10.0.35-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 24 May 2018, 20:26


16.05.2018.

Sveži curl i php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.60.0-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes:
  FTP: shutdown response buffer overflow
  RTSP: bad headers buffer over-read
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
  (* Security fix *)

Code: Select all

patches/packages/php-5.6.36-i586-1_slack14.2.txz:  Upgraded.
  This fixes many bugs, including some security issues:
  Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  stream filter convert.iconv leads to infinite loop on invalid sequence
  Malicious LDAP-Server Response causes crash
  fix for CVE-2018-5712 may not be complete
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 24 May 2018, 20:28


22.05.2018.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.132/*:  Upgraded.
  This kernel upgrade is being provided primarily to fix a regression in the
  getsockopt() function, but it also contains fixes for two denial-of-service
  security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
  (* Security fix *)
Sveži mozilla-thunderbird i procps-ng paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-52.8.0-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/52.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/
  (* Security fix *)

Code: Select all

patches/packages/procps-ng-3.3.15-i586-1_slack14.2.txz:  Upgraded.
  Shared library .so-version bump.
  This update fixes bugs and security issues:
  library: Fix integer overflow and LPE in file2strvec
  library: Use size_t for alloc functions
  pgrep: Fix stack-based buffer overflow
  ps: Fix buffer overflow in output buffer, causing DOS
  top: Don't use cwd for location of config
  For more information, see:
    https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 02 Jun 2018, 12:49


01.06.2018.

Sveži git paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/git-2.14.4-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  Submodule "names" come from the untrusted .gitmodules file, but we
  blindly append them to $GIT_DIR/modules to create our on-disk repo
  paths. This means you can do bad things by putting "../" into the
  name. We now enforce some rules for submodule names which will cause
  Git to ignore these malicious names (CVE-2018-11235).
  Credit for finding this vulnerability and the proof of concept from
  which the test script was adapted goes to Etienne Stalmans.
  It was possible to trick the code that sanity-checks paths on NTFS
  into reading random piece of memory (CVE-2018-11233).
  Credit for fixing for these bugs goes to Jeff King, Johannes
  Schindelin and others.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 07 Jun 2018, 15:45


06.06.2018.

Sveži mozilla-firefox paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.8.1esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 16 Jun 2018, 19:38


08.06.2018.

Sveži gnupg2 paketi za Slackware 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz:  Upgraded.
  Sanitize the diagnostic output of the original file name in verbose mode.
  By using a made up file name in the message it was possible to fake status
  messages. Using this technique it was for example possible to fake the
  verification status of a signed mail.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2612
Joined: 01 Apr 2012, 13:50
Location: Mlečni put
Birthday

Post Napisano: 16 Jun 2018, 19:39


13.06.2018.

Sveži libgcrypt paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libgcrypt-1.7.10-i586-1_slack14.2.txz:  Upgraded.
  Use blinding for ECDSA signing to mitigate a novel side-channel attack.
  For more information, see:
    https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests