Jump to content


Slackware Updates and Other News

slackware updates bruno v.t. eric layton

  • Please log in to reply
206 replies to this topic

#76 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 24 August 2012 - 08:40 PM

[slackware-security]  dhcp (SSA:2012-237-01)

New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/dhcp-4.2.4_P1-i486-1_slack13.37.txz:  Upgraded.
  This fixes memory leaks, denial of service vulnerabilities, and
  disallows packets with zero length client ids (not valid according to
  RFC 2132 section 9.14).
  For more information, see:
    https://kb.isc.org/article/AA-00736
    http://cve.mitre.org...e=CVE-2011-4539
    http://cve.mitre.org...e=CVE-2011-4868
    http://cve.mitre.org...e=CVE-2012-3954
  (* Security fix *)
+--------------------------+

#77 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 31 August 2012 - 06:17 PM

[slackware-security]  slocate (SSA:2012-244-05)

New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
  Patched to use lstat64 and -D_LARGEFILE64_SOURCE.  Thanks to Mancha+.
  Patched to fix information leak of filenames in protected directories.
  For more information, see:
    http://cve.mitre.org...e=CVE-2007-0227
  (* Security fix *)
+--------------------------+


[slackware-security]  glibc (SSA:2012-244-01)

New glibc packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/glibc-2.13-i486-6_slack13.37.txz:  Rebuilt.
  Patched multiple integer overflows in the strtod, strtof, strtold, and
  strtod_l functions in stdlib in the GNU C Library allow local users to
  cause a denial of service (application crash) and possibly execute
  arbitrary code via a long string, which triggers a stack-based buffer
  overflow.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-3480
  (* Security fix *)
patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz:  Rebuilt.
+--------------------------+

[slackware-security]  mozilla-firefox (SSA:2012-244-02)

New mozilla-firefox packages are available for Slackware 13.37 and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...es/firefox.html
  (* Security fix *)
+--------------------------+


[slackware-security]  mozilla-thunderbird (SSA:2012-244-03)

New mozilla-thunderbird packages are available for Slackware 13.37 and -current
to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2012-244-04)

New seamonkey packages are available for Slackware 13.37 and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
+--------------------------+

#78 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 14 September 2012 - 11:43 AM

[slackware-security]  patch (SSA:2012-257-02)

New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/patch-2.7-i486-1_slack13.37.txz:  Upgraded.
  This version of patch ignores destination filenames that are absolute or
  that contain a component of "..", unless such a filename is provided as
  an argument.
  For more information, see:
    http://cve.mitre.org...e=CVE-2010-4651
  (* Security fix *)
+--------------------------+

[slackware-security]  bind (SSA:2012-257-01)

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/bind-9.7.6_P3-i486-1_slack13.37.txz:  Upgraded.
  This update fixes a security issue where named could crash on a specially
  crafted record.  [RT #30416]
  (* Security fix *)
+--------------------------+

#79 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 14 September 2012 - 09:57 PM

[slackware-security]  dhcp (SSA:2012-258-01)

New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/dhcp-4.2.4_P2-i486-1_slack13.37.txz:  Upgraded.
  An issue with the use of lease times was found and fixed.  Making certain
  changes to the end time of an IPv6 lease could cause the server to abort.
  Thanks to Glen Eustace of Massey University, New Zealand for finding this
  issue.  [ISC-Bugs #30281]
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-3955
  (* Security fix *)
+--------------------------+

#80 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 29 September 2012 - 05:49 PM

Yes, it is that time again!  After well over a year of planning,
development, and testing, the Slackware Linux Project is proud to
announce the latest stable release of the longest running distribution
of the Linux operating system, Slackware version 14.0!

    We are sure you'll enjoy the many improvements.  We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect.  Slackware is well known for its simplicity and the fact that we try to bring software to you in the condition that the authors intended.

    Slackware 14.0 brings many updates and enhancements, among which you'll find two of the most advanced desktop environments available today: Xfce 4.10.0, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 4.8.5, a recent stable release of the 4.8.x series of the award-winning KDE desktop environment. These desktops utilize udev, udisks, and udisks2, and many of the
specifications from freedesktop.org which allow the system administrator
to grant use of various hardware devices according to users' group
membership so that they will be able to use items such as USB flash
sticks, USB cameras that appear like USB storage, portable hard drives,
CD and DVD media, MP3 players, and more, all without requiring sudo, the
mount or umount command.  Just plug and play.  Slackware's desktop
should be suitable for any level of Linux experience.

    Slackware uses the 3.2.29 kernel bringing you advanced performance features such as journaling filesystems, SCSI and ATA RAID volume support, SATA support, Software RAID, LVM (the Logical Volume Manager), and encrypted filesystems.  Kernel support for X DRI (the Direct Rendering Interface) brings high-speed hardware accelerated 3D graphics to Linux.

    There are two kinds of kernels in Slackware.  First there are the huge kernels, which contain support for just about every driver in the Linux kernel. These are primarily intended to be used for installation, but there's no real reason that you couldn't continue to run them after you have installed.  The other type of kernel is the generic kernel, in which nearly every driver is built as a module.  To use a generic kernel you'll need to build an initrd to load your filesystem module and possibly your drive controller or other drivers needed at boot time, configure LILO to load the initrd at boot, and reinstall LILO.  See the docs in /boot after installing for more information.  Slackware's Linux kernels come in both SMP and non-SMP types now.  The SMP kernel supports multiple processors, multi-core CPUs, HyperThreading, and about every other optimization available.  In our own testing this kernel has proven to be fast, stable, and reliable.  We recommend using the SMP kernel even on single processor machines if it will run on them.  Note that on
x86_64 (64-bit), all the kernels are SMP capable.


Here are some of the advanced features of Slackware 14.0:

- - Runs the 3.2.29 version of the Linux kernel from ftp.kernel.org.
  The 3.2.x series is well-tested, offers good performance, and will be
  getting long term support from kernel.org.  For people interested in
  trying out newer kernels, we've provided sample configuration files
  for Linux 3.4.11, 3.5.4, and 3.6-rc4 under the /testing directory.

- - System binaries are linked with the GNU C Library, version 2.15.
  This version of glibc also has excellent compatibility with
  existing binaries.

- - X11 based on the X.Org Foundation's modular X Window System.
  This is X11R7.7, a new release, with many improvements in terms of
  performance and hardware support.

- - Installs gcc-4.7.1 as the default C, C++, Objective-C,
  Fortran-77/95/2003/2008, and Ada 95/2005/2012 compiler.

- - Support for NetworkManager for simple configuration of wired and
  wireless network connections, including mobile broadband, IPv6, VPN,
  and more.  Roam seamlessly between known networks, and quickly set
  up new connections.  We've retained full support for the traditional
  Slackware networking scripts and for the wicd network manager,
  offering choice and flexibility to all levels of users.

- - Support for fully encrypted network connections with OpenSSL,
  OpenSSH, OpenVPN, and GnuPG.

- - Apache (httpd) 2.4.3 web server with Dynamic Shared Object
  support, SSL, and PHP 5.4.7.

- - USB, IEEE 1394 (FireWire), and ACPI support, as well as legacy PCMCIA
  and Cardbus support.  This makes Slackware a great operating system
  for your laptop.

- - The udev dynamic device management system for Linux 3.x.
  This locates and configures most hardware automatically as it
  is added (or removed) from the system, loading kernel modules
  as needed.  It works along with the kernel's devtmpfs filesystem
  to create access nodes in the /dev directory.

- - New development tools, including Perl 5.16.1, Python 2.7.3,
  Ruby 1.9.3-p194, Subversion 1.7.6, git-1.7.12.1, mercurial-2.2.2,
  graphical tools like Qt designer and KDevelop, and much more.

- - Updated versions of the Slackware package management tools make it
  easy to add, remove, upgrade, and make your own Slackware packages.
  Package tracking makes it easy to upgrade from Slackware 13.37 to
  Slackware 14.0 (see UPGRADE.TXT and CHANGES_AND_HINTS.TXT).
  The slackpkg tool can also help update from an older version of
  Slackware to a newer one, and keep your Slackware system up to date.
  In addition, the slacktrack utility will help you build and maintain
  your own packages.

- - Web browsers galore!  Includes KDE's Konqueror 4.8.5, SeaMonkey 2.12.1
  (this is the replacement for the Mozilla Suite), Mozilla Firefox 15.0.1,
  as well as the Thunderbird 15.0.1 email and news client with advanced
  junk mail filtering.  A script is also available in /extra to repackage
  Google Chrome as a native Slackware package.

- - The KDE Software Compilation 4.8.5, a complete desktop environment.
  This includes the Calligra productivity suite (previously known as
  KOffice), networking tools, GUI development with KDevelop, multimedia
  tools (including the Amarok music player and K3B disc burning software),
  the Konqueror web browser and file manager, dozens of games and utilities,
  international language support, and more.

- - A collection of GTK+ based applications including pidgin-2.10.6,
   gimp-2.8.2 (with many improvements including a single window mode),
   gkrellm-2.3.5, xchat-2.8.8, xsane-0.998, and pan-0.139.

- - A repository of extra software packages compiled and ready to run
  in the /extra directory.

- - Many more improved and upgraded packages than we can list here.  For
  a complete list of core packages in Slackware 14.0, see this file:

    ftp://ftp.slackware.com/pub/slackware/slackware-14.0/PACKAGES.TXT


Downloading Slackware 14.0:
- ---------------------------

    The full version of Slackware Linux 14.0 is available for download from the central Slackware FTP site hosted by our friends at osuosl.org:

   ftp://ftp.slackware.com/pub/slackware/slackware-14.0/

If the sites are busy, see the list of official mirror sites here:

   http://mirrors.slackware.com

    We will be setting up BitTorrent downloads for the official ISO images.  Stay tuned to http://slackware.com for the latest updates.

    Instructions for burning the Slackware tree onto install discs may be found in the isolinux directory.


Purchasing Slackware on CD-ROM or DVD:
- --------------------------------------

    Or, please consider purchasing the Slackware Linux 14.0 six CD-ROM set or deluxe dual-sided DVD release directly from Slackware Linux, and you'll be helping to support the continued development of Slackware Linux!

    The DVD release has the 32-bit x86 Slackware 14.0 release on one side, and the 64-bit x86_64 Slackware 14.0 release on the other.  Both sides are bootable for easy installation, and includes everything from both releases of Slackware 14.0, including the complete source code trees.

    The 6 CD-ROM release of Slackware 14.0 is the 32-bit x86 edition. It includes a bootable first CD-ROM for easy installation.  The 6 CD-ROMs are labeled for easy reference.

    The Slackware 14.0 x86 6 CD-ROM set is $49.95 plus shipping, or choose the Slackware 14.0 x86/x86_64 dual-sided DVD (also $49.95 plus shipping).

    Slackware Linux is also available by subscription.  When we release a new version of Slackware (which is normally once or twice a year) we ship it to you and bill your credit card for a reduced subscription price ($32.99 for the CD-ROM set, or $39.95 for the DVD) plus shipping.

    For shipping options, see the Slackware store website.  Before ordering express shipping, you may wish to check that we have the product in stock. We make releases to the net at the same time as disc production begins, so there is a lag between the online release and the shipping of media. But, even if you download now you can still buy the official media later. You'll feel good, be helping the project, and have a great decorative item perfect for any computer room shelf.


Ordering Information:
- ---------------------

    You can order online at the Slackware Linux store:

    http://store.slackware.com

    Other Slackware items like t-shirts, caps, pins, and stickers can also be found here.  These will help you find and identify yourself to your fellow Slackware users.  There are still some 1337 T-shirts left,
and we'll also be unveiling a brand new T-shirt design soon for this new
release.

    Order inquiries (including questions about becoming a Slackware reseller) may be directed to this address:  info@slackware.com

Have fun! :^)  I hope you find Slackware to be useful, and thanks
very much for your support of this project over the years.

- ---
Patrick J. Volkerding    <volkerdi@slackware.com>

Visit us on the web at:  http://slackware.com

#81 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 11 October 2012 - 12:56 PM

[slackware-security]  bind (SSA:2012-284-01)

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.1_P4-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a security issue where a certain combination of records
  in the RBT could cause named to hang while populating the additional
  section of a response. [RT #31090]
  (* Security fix *)
+--------------------------+

#82 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 11 October 2012 - 09:59 PM

[slackware-security]  mozilla-firefox (SSA:2012-285-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-16.0.1-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a security vulnerability that could allow a malicious
  site to potentially determine which websites users have visited and have
  access to the URL or URL parameters.
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2012-285-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-16.0.1-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

#83 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 15 October 2012 - 05:37 PM

[slackware-security]  seamonkey (SSA:2012-288-01)

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to
fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.13.1-i486-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.13.1-i486-1.txz:  Upgraded.
+--------------------------+

#84 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 31 October 2012 - 05:38 PM

[slackware-security]  mozilla-thunderbird (SSA:2012-304-01)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-16.0.2-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2012-304-02)

New seamonkey packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-solibs-2.13.2-i486-1_slack14.0.txz:  Upgraded.
patches/packages/seamonkey-2.13.2-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
+--------------------------+

#85 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 22 November 2012 - 04:37 PM

[slackware-security]  seamonkey (SSA:2012-326-01)

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to
fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-solibs-2.14-i486-1_slack14.0.txz:  Upgraded.
patches/packages/seamonkey-2.14-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-firefox (SSA:2012-326-02)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-17.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
http://www.mozilla.o...es/firefox.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2012-326-03)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

#86 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 07 December 2012 - 11:49 AM

[slackware-security]  ruby (SSA:2012-341-04)

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p327-i486-1_slack14.0.txz:  Upgraded.
  This release fixes a hash-flooding DoS vulnerability and many other bugs.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-5371
  (* Security fix *)
+--------------------------+


[slackware-security]  libxml2 (SSA:2012-341-03)

New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz:  Rebuilt.
  Patched a heap-based buffer underflow in the xmlParseAttValueComplex
  function in parser.c in libxml2 2.9.0 and earlier that could allow a
  remote attacker to cause a denial of service or possibly execute
  arbitrary code via crafted entities in an XML document.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-5134
  (* Security fix *)
+--------------------------+


[slackware-security]  libssh (SSA:2012-341-02)

New libssh packages are available for Slackware 14.0, and -current to
fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/libssh-0.5.3-i486-1_slack14.0.txz:  Upgraded.
  This release fixes several security bugs.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-4559
    http://cve.mitre.org...e=CVE-2012-4560
    http://cve.mitre.org...e=CVE-2012-4561
    http://cve.mitre.org...e=CVE-2012-4562
  (* Security fix *)
+--------------------------+


[slackware-security]  bind (SSA:2012-341-01)

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz:  Upgraded.
  IMPORTANT NOTE:  This package updates BIND from 9.7.6_P4 to
  9.8.4_P1 since the 9.7 series is no longer supported.  It is
  possible that some changes may be required to your local
  configuration.
  This release addresses some denial-of-service and other bugs.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-5688
    http://cve.mitre.org...e=CVE-2012-5166
    http://cve.mitre.org...e=CVE-2012-3817
    http://cve.mitre.org...e=CVE-2012-1667
    http://cve.mitre.org...e=CVE-2012-3868
  (* Security fix *)
+--------------------------+

#87 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 10 January 2013 - 10:44 AM

[slackware-security]  mozilla-firefox (SSA:2013-009-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-18.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...es/firefox.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2013-009-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.2-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+


[slackware-security]  seamonkey (SSA:2013-009-03)

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to
fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.15-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.15-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

#88 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 16 January 2013 - 10:59 AM

[slackware-security]  freetype (SSA:2013-015-01)

New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1,
13.37, 14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.4.11-i486-1_slack14.0.txz:  Upgraded.
  This release fixes several security bugs that could cause freetype to
  crash or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-5668
    http://cve.mitre.org...e=CVE-2012-5669
    http://cve.mitre.org...e=CVE-2012-5670
  (* Security fix *)
+--------------------------+

#89 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 23 January 2013 - 11:12 AM

[slackware-security]  mysql (SSA:2013-022-01)

New mysql packages are available for 12.1, 12.2, 13.0, 13.1, 13.37, 14.0,
and -current to fix security and other issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mysql-5.5.29-i486-1_slack14.0.txz:  Upgraded.
  Upgraded to the latest upstream version to fix security issues and provide
  other bug fixes and improvements.  Note that some of the changes may
  possibly introduce incompatibilities with the previous package.
  (* Security fix *)
+--------------------------+

#90 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 08 February 2013 - 08:13 PM

[slackware-security]  curl (SSA:2013-038-01)

New curl packages are available for Slackware 14.0, and -current to
fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/curl-7.29.0-i486-1_slack14.0.txz:  Upgraded.
  When negotiating SASL DIGEST-MD5 authentication, the function
  Curl_sasl_create_digest_md5_message() uses the data provided from the
  server without doing the proper length checks and that data is then
  appended to a local fixed-size buffer on the stack.  This vulnerability
  can be exploited by someone who is in control of a server that a libcurl
  based program is accessing with POP3, SMTP or IMAP.  For applications
  that accept user provided URLs, it is also thinkable that a malicious
  user would feed an application with a URL to a server hosting code
  targeting this flaw.
  Affected versions: curl 7.26.0 to and including 7.28.1
  For more information, see:
    http://cve.mitre.org...e=CVE-2013-0249
  (* Security fix *)
+--------------------------+

#91 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 10 February 2013 - 02:40 PM

[slackware-security]  openssl (SSA:2013-040-01)

New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at: http://www.isg.rhul.ac.uk/tls/
  Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
  Security Group at Royal Holloway, University of London
  (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
  Emilia K?sper for the initial patch.
  (CVE-2013-0169)
  [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
    Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
  ciphersuites which can be exploited in a denial of service attack.
  Thanks go to and to Adam Langley <agl@chromium.org> for discovering
  and detecting this bug and to Wolfgang Ettlinger
  <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
  (CVE-2012-2686)
  [Adam Langley]
    Return an error when checking OCSP signatures when key is NULL.
  This fixes a DoS attack. (CVE-2013-0166)
  [Steve Henson]
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-2686
    http://cve.mitre.org...e=CVE-2013-0166
    http://cve.mitre.org...e=CVE-2013-0169
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
  (* Security fix *)
+--------------------------+

#92 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 12 February 2013 - 11:14 AM

[slackware-security]  openssl (SSA:2013-042-01)

New openssl packages are available for Slackware 14.0, and -current to
fix a bug in openssl-1.0.1d.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1e-i486-1_slack14.0.txz:  Upgraded.
  This release fixes a regression in openssl-1.0.1d, where the fix for
  CVE-2013-0169 caused data corruption on CPUs with AES-NI support.
patches/packages/openssl-solibs-1.0.1e-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

#93 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 14 February 2013 - 08:32 PM

[slackware-security]  pidgin (SSA:2013-044-01)

New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.10.7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes several security issues:
  Remote MXit user could specify local file path.
  MXit buffer overflow reading data from network.
  Sametime crash with long user IDs.
  Crash when receiving a UPnP response with abnormally long values.
  For more information, see:
    http://cve.mitre.org...e=CVE-2013-0271
    http://cve.mitre.org...e=CVE-2013-0272
    http://cve.mitre.org...e=CVE-2013-0273
    http://cve.mitre.org...e=CVE-2013-0274
  (* Security fix *)
+--------------------------+

#94 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 20 February 2013 - 08:58 PM

[slackware-security]  mozilla-firefox (SSA:2013-050-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-19.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...es/firefox.html
  (* Security fix *)
+--------------------------+


[slackware-security]  mozilla-thunderbird (SSA:2013-050-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

#95 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 25 February 2013 - 11:38 PM

[slackware-security]  seamonkey (SSA:2013-056-01)

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to
fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.16-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

#96 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 03 March 2013 - 08:55 PM

[slackware-security]  httpd (SSA:2013-062-01)

New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.4-i486-1_slack14.0.txz:  Upgraded.
  This update provides bugfixes and enhancements.
  Two security issues are fixed:
  *  Various XSS flaws due to unescaped hostnames and URIs HTML output in
     mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
  *  XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
     Niels Heinen <heinenn google com>]
  For more information, see:
    http://cve.mitre.org...e=CVE-2012-3499
    http://cve.mitre.org...e=CVE-2012-4558
  (* Security fix *)
+--------------------------+

#97 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 07 March 2013 - 05:37 AM

[slackware-security]  sudo (SSA:2013-065-01)

New sudo packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.8.6p7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes security issues that could allow a user to run commands
  without authenticating after the password timeout has already expired.
  Note that the vulnerability did not permit a user to run commands other
  than those allowed by the sudoers policy.
  For more information, see:
    http://cve.mitre.org...e=CVE-2013-1775
    http://cve.mitre.org...e=CVE-2013-1776
  (* Security fix *)
+--------------------------+

#98 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 09 March 2013 - 10:44 AM

[slackware-security]  mozilla-thunderbird (SSA:2013-068-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

=====

[slackware-security]  mozilla-firefox (SSA:2013-068-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-19.0.2-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...es/firefox.html
  (* Security fix *)
+--------------------------+

#99 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 14 March 2013 - 11:56 AM

[slackware-security]  seamonkey (SSA:2013-072-02)

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to
fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.16.1-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16.1-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+


[slackware-security]  perl (SSA:2013-072-01)

New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/perl-5.16.3-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a flaw in the rehashing code that can be exploited
  to carry out a denial of service attack against code that uses arbitrary
  user input as hash keys.
  For more information, see:
    http://cve.mitre.org...e=CVE-2013-1667
  (* Security fix *)
+--------------------------+

#100 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,224 posts

Posted 16 March 2013 - 12:28 PM

[slackware-security]  ruby (SSA:2013-075-01)

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p392-i486-1_slack14.0.txz:  Upgraded.
  This release includes security fixes about bundled JSON and REXML.
  For more information, see:
    http://cve.mitre.org...e=CVE-2013-0269
    http://cve.mitre.org...e=CVE-2013-1821
  (* Security fix *)
+--------------------------+






Also tagged with one or more of these keywords: slackware, updates, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users