Jump to content


Slackware Updates and Other News

slackware updates bruno v.t. eric layton

  • Please log in to reply
206 replies to this topic

#201 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 29 September 2017 - 03:44 PM

[slackware-security]  mozilla-firefox (SSA:2017-271-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.4.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla....firefoxESR.html
  (* Security fix *)
+--------------------------+

#202 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 03 October 2017 - 03:00 PM

[slackware-security]  dnsmasq (SSA:2017-275-01)

New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and remotely exploitable security issues that may
  have impacts including denial of service, information leak, and execution
  of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana,
  Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team.
  For more information, see:
    https://security.goo...s-and-dhcp.html
    https://cve.mitre.or...=CVE-2017-13704
    https://cve.mitre.or...=CVE-2017-14491
    https://cve.mitre.or...=CVE-2017-14492
    https://cve.mitre.or...=CVE-2017-14493
    https://cve.mitre.or...=CVE-2017-14494
    https://cve.mitre.or...=CVE-2017-14495
    https://cve.mitre.or...=CVE-2017-14496
  (* Security fix *)
+--------------------------+

#203 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 06 October 2017 - 05:59 PM

[slackware-security]  curl (SSA:2017-279-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.56.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  libcurl may read outside of a heap allocated buffer when doing FTP.
  For more information, see:
    https://curl.haxx.se...v_20171004.html
    https://cve.mitre.or...VE-2017-1000254
  (* Security fix *)
+--------------------------+


[slackware-security]  openjpeg (SSA:2017-279-02)

New openjpeg packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues which may lead to a denial of service
  or possibly remote code execution.
  For more information, see:
    https://cve.mitre.or...e=CVE-2016-9572
    https://cve.mitre.or...e=CVE-2016-9573
    https://cve.mitre.or...e=CVE-2016-9580
    https://cve.mitre.or...e=CVE-2016-9581
    https://cve.mitre.or...=CVE-2017-12982
    https://cve.mitre.or...=CVE-2017-14039
    https://cve.mitre.or...=CVE-2017-14040
    https://cve.mitre.or...=CVE-2017-14041
    https://cve.mitre.or...=CVE-2017-14151
    https://cve.mitre.or...=CVE-2017-14152
    https://cve.mitre.or...=CVE-2017-14164
  (* Security fix *)
+--------------------------+



[slackware-security]  xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
  This update fixes two security issues:
  Xext/shm: Validate shmseg resource id, otherwise it can belong to a
  non-existing client and abort X server with FatalError "client not
  in use", or overwrite existing segment of another existing client.
  Generating strings for XKB data used a single shared static buffer,
  which offered several opportunities for errors. Use a ring of
  resizable buffers instead, to avoid problems when strings end up
  longer than anticipated.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-13721
    https://cve.mitre.or...=CVE-2017-13723
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz:  Rebuilt.
+--------------------------+

#204 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 19 October 2017 - 07:50 PM

[slackware-security]  libXres (SSA:2017-291-01)

New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz:  Upgraded.
  Integer overflows may allow X servers to trigger allocation of insufficient
  memory and a buffer overflow via vectors related to the (1)
  XResQueryClients and (2) XResQueryClientResources functions.
  For more information, see:
    https://cve.mitre.or...e=CVE-2013-1988
  (* Security fix *)
+--------------------------+

[slackware-security]  wpa_supplicant (SSA:2017-291-02)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded.
  This update includes patches to mitigate the WPA2 protocol issues known
  as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
  hijack TCP connections, and to forge and inject packets. This is the
  list of vulnerabilities that are addressed here:
  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
    4-way handshake.
  CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
    handshake.
  CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
    handshake.
  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
    key handshake.
  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
    while processing it.
  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake.
  CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame.
  CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  For more information, see:
    https://www.krackattacks.com/
    https://w1.fi/securi...ed-messages.txt
    https://cve.mitre.or...=CVE-2017-13077
    https://cve.mitre.or...=CVE-2017-13078
    https://cve.mitre.or...=CVE-2017-13079
    https://cve.mitre.or...=CVE-2017-13080
    https://cve.mitre.or...=CVE-2017-13081
    https://cve.mitre.or...=CVE-2017-13082
    https://cve.mitre.or...=CVE-2017-13084
    https://cve.mitre.or...=CVE-2017-13086
    https://cve.mitre.or...=CVE-2017-13087
    https://cve.mitre.or...=CVE-2017-13088
  (* Security fix *)
+--------------------------+

[slackware-security]  xorg-server (SSA:2017-291-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz:  Rebuilt.
  This update fixes integer overflows and other possible security issues.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-12176
    https://cve.mitre.or...=CVE-2017-12177
    https://cve.mitre.or...=CVE-2017-12178
    https://cve.mitre.or...=CVE-2017-12179
    https://cve.mitre.or...=CVE-2017-12180
    https://cve.mitre.or...=CVE-2017-12181
    https://cve.mitre.or...=CVE-2017-12182
    https://cve.mitre.or...=CVE-2017-12183
    https://cve.mitre.or...=CVE-2017-12184
    https://cve.mitre.or...=CVE-2017-12185
    https://cve.mitre.or...=CVE-2017-12186
    https://cve.mitre.or...=CVE-2017-12187
  (* Security fix *)
+--------------------------+

#205 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 24 October 2017 - 07:25 PM

[slackware-security]  curl (SSA:2017-297-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.56.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  IMAP FETCH response out of bounds read may cause a crash or information leak.
  For more information, see:
    https://curl.haxx.se...v_20171023.html
    https://cve.mitre.or...VE-2017-1000257
  (* Security fix *)
+--------------------------+

#206 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 03 November 2017 - 06:59 PM

[slackware-security]  mariadb (SSA:2017-306-01)

New mariadb packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://jira.mariadb...owse/MDEV-13819
    https://cve.mitre.or...=CVE-2017-10268
    https://cve.mitre.or...=CVE-2017-10378
  (* Security fix *)
+--------------------------+

[slackware-security]  openssl (SSA:2017-306-02)

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  There is a carry propagating bug in the x64 Montgomery squaring procedure.
  No EC algorithms are affected. Analysis suggests that attacks against RSA
  and DSA as a result of this defect would be very difficult to perform and
  are not believed likely. Attacks against DH are considered just feasible
  (although very difficult) because most of the work necessary to deduce
  information about a private key may be performed offline. The amount of
  resources required for such an attack would be very significant and likely
  only accessible to a limited number of attackers. An attacker would
  additionally need online access to an unpatched system using the target
  private key in a scenario with persistent DH parameters and a private
  key that is shared between multiple clients.
  This only affects processors that support the BMI1, BMI2 and ADX extensions
  like Intel Broadwell (5th generation) and later or AMD Ryzen.
  For more information, see:
    https://www.openssl....dv/20171102.txt
    https://cve.mitre.or...e=CVE-2017-3736
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
+--------------------------+

#207 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,222 posts

Posted 17 November 2017 - 11:08 AM

[slackware-security]  libplist (SSA:2017-320-01)

New libplist packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libplist-2.0.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes several security issues.
  For more information, see:
    https://cve.mitre.or...e=CVE-2017-6440
    https://cve.mitre.or...e=CVE-2017-6439
    https://cve.mitre.or...e=CVE-2017-6438
    https://cve.mitre.or...e=CVE-2017-6437
    https://cve.mitre.or...e=CVE-2017-6436
    https://cve.mitre.or...e=CVE-2017-6435
    https://cve.mitre.or...e=CVE-2017-5836
    https://cve.mitre.or...e=CVE-2017-5835
    https://cve.mitre.or...e=CVE-2017-5834
    https://cve.mitre.or...e=CVE-2017-5545
    https://cve.mitre.or...e=CVE-2017-5209
  (* Security fix *)
+--------------------------+


[slackware-security]  mozilla-firefox (SSA:2017-320-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.5.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla....firefoxESR.html
  (* Security fix *)
+--------------------------+





Also tagged with one or more of these keywords: slackware, updates, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users