Jump to content


Slackware Updates and Other News

slackware updates bruno v.t. eric layton

  • Please log in to reply
203 replies to this topic

#201 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,201 posts

Posted 29 September 2017 - 03:44 PM

[slackware-security]  mozilla-firefox (SSA:2017-271-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.4.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla....firefoxESR.html
  (* Security fix *)
+--------------------------+

#202 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,201 posts

Posted 03 October 2017 - 03:00 PM

[slackware-security]  dnsmasq (SSA:2017-275-01)

New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and remotely exploitable security issues that may
  have impacts including denial of service, information leak, and execution
  of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana,
  Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team.
  For more information, see:
    https://security.goo...s-and-dhcp.html
    https://cve.mitre.or...=CVE-2017-13704
    https://cve.mitre.or...=CVE-2017-14491
    https://cve.mitre.or...=CVE-2017-14492
    https://cve.mitre.or...=CVE-2017-14493
    https://cve.mitre.or...=CVE-2017-14494
    https://cve.mitre.or...=CVE-2017-14495
    https://cve.mitre.or...=CVE-2017-14496
  (* Security fix *)
+--------------------------+

#203 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,201 posts

Posted 06 October 2017 - 05:59 PM

[slackware-security]  curl (SSA:2017-279-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.56.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  libcurl may read outside of a heap allocated buffer when doing FTP.
  For more information, see:
    https://curl.haxx.se...v_20171004.html
    https://cve.mitre.or...VE-2017-1000254
  (* Security fix *)
+--------------------------+


[slackware-security]  openjpeg (SSA:2017-279-02)

New openjpeg packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues which may lead to a denial of service
  or possibly remote code execution.
  For more information, see:
    https://cve.mitre.or...e=CVE-2016-9572
    https://cve.mitre.or...e=CVE-2016-9573
    https://cve.mitre.or...e=CVE-2016-9580
    https://cve.mitre.or...e=CVE-2016-9581
    https://cve.mitre.or...=CVE-2017-12982
    https://cve.mitre.or...=CVE-2017-14039
    https://cve.mitre.or...=CVE-2017-14040
    https://cve.mitre.or...=CVE-2017-14041
    https://cve.mitre.or...=CVE-2017-14151
    https://cve.mitre.or...=CVE-2017-14152
    https://cve.mitre.or...=CVE-2017-14164
  (* Security fix *)
+--------------------------+



[slackware-security]  xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
  This update fixes two security issues:
  Xext/shm: Validate shmseg resource id, otherwise it can belong to a
  non-existing client and abort X server with FatalError "client not
  in use", or overwrite existing segment of another existing client.
  Generating strings for XKB data used a single shared static buffer,
  which offered several opportunities for errors. Use a ring of
  resizable buffers instead, to avoid problems when strings end up
  longer than anticipated.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-13721
    https://cve.mitre.or...=CVE-2017-13723
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
+--------------------------+

#204 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,201 posts

Posted 19 October 2017 - 07:50 PM

[slackware-security]  libXres (SSA:2017-291-01)

New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz:  Upgraded.
  Integer overflows may allow X servers to trigger allocation of insufficient
  memory and a buffer overflow via vectors related to the (1)
  XResQueryClients and (2) XResQueryClientResources functions.
  For more information, see:
    https://cve.mitre.or...e=CVE-2013-1988
  (* Security fix *)
+--------------------------+

[slackware-security]  wpa_supplicant (SSA:2017-291-02)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded.
  This update includes patches to mitigate the WPA2 protocol issues known
  as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
  hijack TCP connections, and to forge and inject packets. This is the
  list of vulnerabilities that are addressed here:
  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
    4-way handshake.
  CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
    handshake.
  CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
    handshake.
  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
    key handshake.
  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
    while processing it.
  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake.
  CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame.
  CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  For more information, see:
    https://www.krackattacks.com/
    https://w1.fi/securi...ed-messages.txt
    https://cve.mitre.or...=CVE-2017-13077
    https://cve.mitre.or...=CVE-2017-13078
    https://cve.mitre.or...=CVE-2017-13079
    https://cve.mitre.or...=CVE-2017-13080
    https://cve.mitre.or...=CVE-2017-13081
    https://cve.mitre.or...=CVE-2017-13082
    https://cve.mitre.or...=CVE-2017-13084
    https://cve.mitre.or...=CVE-2017-13086
    https://cve.mitre.or...=CVE-2017-13087
    https://cve.mitre.or...=CVE-2017-13088
  (* Security fix *)
+--------------------------+

[slackware-security]  xorg-server (SSA:2017-291-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz:  Rebuilt.
  This update fixes integer overflows and other possible security issues.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-12176
    https://cve.mitre.or...=CVE-2017-12177
    https://cve.mitre.or...=CVE-2017-12178
    https://cve.mitre.or...=CVE-2017-12179
    https://cve.mitre.or...=CVE-2017-12180
    https://cve.mitre.or...=CVE-2017-12181
    https://cve.mitre.or...=CVE-2017-12182
    https://cve.mitre.or...=CVE-2017-12183
    https://cve.mitre.or...=CVE-2017-12184
    https://cve.mitre.or...=CVE-2017-12185
    https://cve.mitre.or...=CVE-2017-12186
    https://cve.mitre.or...=CVE-2017-12187
  (* Security fix *)
+--------------------------+





Also tagged with one or more of these keywords: slackware, updates, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users