Jump to content


Slackware Updates and Other News

slackware updates bruno v.t. eric layton

  • Please log in to reply
197 replies to this topic

#176 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 23 December 2014 - 06:15 PM

[slackware-security]  ntp (SSA:2014-356-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several high-severity vulnerabilities discovered by Neel Mehta
  and Stephen Roettger of the Google Security Team.
  For more information, see:
    https://www.kb.cert.org/vuls/id/852879
    http://cve.mitre.org...e=CVE-2014-9293
    http://cve.mitre.org...e=CVE-2014-9294
    http://cve.mitre.org...e=CVE-2014-9295
    http://cve.mitre.org...e=CVE-2014-9296
  (* Security fix *)
+--------------------------+

[slackware-security]  php (SSA:2014-356-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.36-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68545 (NULL pointer dereference in unserialize.c).
  #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-3710
    http://cve.mitre.org...e=CVE-2014-8142
  (* Security fix *)
+--------------------------+



[slackware-security]  xorg-server (SSA:2014-356-03)

New xorg-server packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes many security issues discovered by Ilja van Sprundel,
  a security researcher with IOActive.
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-8091
    http://cve.mitre.org...e=CVE-2014-8092
    http://cve.mitre.org...e=CVE-2014-8093
    http://cve.mitre.org...e=CVE-2014-8094
    http://cve.mitre.org...e=CVE-2014-8095
    http://cve.mitre.org...e=CVE-2014-8096
    http://cve.mitre.org...e=CVE-2014-8097
    http://cve.mitre.org...e=CVE-2014-8098
    http://cve.mitre.org...e=CVE-2014-8099
    http://cve.mitre.org...e=CVE-2014-8100
    http://cve.mitre.org...e=CVE-2014-8101
    http://cve.mitre.org...e=CVE-2014-8102
    http://cve.mitre.org...e=CVE-2014-8103
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
+--------------------------+

#177 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 09 January 2015 - 11:54 PM

[slackware-security]  openssl (SSA:2015-009-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl....dv_20150108.txt
    http://cve.mitre.org...e=CVE-2014-3571
    http://cve.mitre.org...e=CVE-2015-0206
    http://cve.mitre.org...e=CVE-2014-3569
    http://cve.mitre.org...e=CVE-2014-3572
    http://cve.mitre.org...e=CVE-2015-0204
    http://cve.mitre.org...e=CVE-2015-0205
    http://cve.mitre.org...e=CVE-2014-8275
    http://cve.mitre.org...e=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

#178 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 17 January 2015 - 08:41 PM

[slackware-security]  freetype (SSA:2015-016-01)

New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/freetype-2.5.5-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug that could cause freetype to crash
  or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-2240
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-firefox (SSA:2015-016-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.4.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2015-016-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.4.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2015-016-04)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.32-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

#179 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 28 January 2015 - 10:27 PM

[slackware-security]  glibc (SSA:2015-028-01)

New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
and 14.1 to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.17-i486-10_slack14.1.txz:  Rebuilt.
  This update patches a security issue __nss_hostname_digits_dots() function
  of glibc which may be triggered through the gethostbyname*() set of
  functions.  This flaw could allow local or remote attackers to take control
  of a machine running a vulnerable version of glibc.  Thanks to Qualys for
  discovering this issue (also known as the GHOST vulnerability.)
  For more information, see:
    https://www.qualys.c...E-2015-0235.txt
    http://cve.mitre.org...e=CVE-2015-0235
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014j and tzdata2014j.
+--------------------------+

#180 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 16 February 2015 - 11:56 PM

[slackware-security]  patch (SSA:2015-047-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/patch-2.7.4-i486-1_slack14.1.txz:  Upgraded.
  Patch no longer follows symbolic links to input and output files.  This
  ensures that symbolic links created by git-style patches cannot cause
  patch to write outside the working directory.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-1196
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2015-047-02)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.32.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

[slackware-security]  sudo (SSA:2015-047-03)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/sudo-1.8.12-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a potential security issue by only passing the TZ
  environment variable it is considered safe.  This prevents exploiting bugs
  in glibc's TZ parser that could be used to read files that the user does
  not have access to, or to cause a denial of service.
  For more information, see:
    http://www.sudo.ws/sudo/alerts/tz.html
    http://cve.mitre.org...e=CVE-2014-9680
  (* Security fix *)
+--------------------------+

#181 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 26 February 2015 - 05:16 PM

[slackware-security]  mozilla-firefox (SSA:2015-056-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.5.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2015-056-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

#182 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 05 March 2015 - 11:28 PM

[slackware-security]  samba (SSA:2015-064-01)

New samba packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.17-i486-1_slack14.1.txz:  Upgraded.
  This package fixes security issues since the last update:
    BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
    in netlogon server could lead to security vulnerability.
    BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
    a NULL pointer.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-0240
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

#183 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 23 April 2015 - 09:22 PM

Numerous Slack updates today... too numerous for me to cut and paste each synopsis.

2015-04-21 - [slackware-security] openssl (SSA:2015-111-09)
2015-04-21 - [slackware-security] httpd (SSA:2015-111-03)
2015-04-21 - [slackware-security] bind (SSA:2015-111-01)
2015-04-21 - [slackware-security] ntp (SSA:2015-111-08)
2015-04-21 - [slackware-security] gnupg (SSA:2015-111-02)
2015-04-21 - [slackware-security] proftpd (SSA:2015-111-12)
2015-04-21 - [slackware-security] ppp (SSA:2015-111-11)
2015-04-21 - [slackware-security] seamonkey (SSA:2015-111-14)
2015-04-21 - [slackware-security] php (SSA:2015-111-10)
2015-04-21 - [slackware-security] mutt (SSA:2015-111-07)
2015-04-21 - [slackware-security] libssh (SSA:2015-111-04)
2015-04-21 - [slackware-security] mozilla-thunderbird (SSA:2015-111-06)
2015-04-21 - [slackware-security] qt (SSA:2015-111-13)
2015-04-21 - [slackware-security] mozilla-firefox (SSA:2015-111-05)*

* copied from http://www.slackware...security&y=2015

#184 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 12 May 2015 - 05:48 PM

[slackware-security]  mariadb (SSA:2015-132-01)

New mariadb packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-2568
    http://cve.mitre.org...e=CVE-2015-2573
    http://cve.mitre.org...e=CVE-2015-0433
    http://cve.mitre.org...e=CVE-2015-0441
    http://cve.mitre.org...e=CVE-2015-0501
    http://cve.mitre.org...e=CVE-2015-2571
    http://cve.mitre.org...e=CVE-2015-0505
    http://cve.mitre.org...e=CVE-2015-0499
  (* Security fix *)
+--------------------------+

[slackware-security]  mysql (SSA:2015-132-02)

New mysql packages are available for Slackware 14.0 to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mysql-5.5.43-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-2568
    http://cve.mitre.org...e=CVE-2015-2573
    http://cve.mitre.org...e=CVE-2015-0433
    http://cve.mitre.org...e=CVE-2015-0441
    http://cve.mitre.org...e=CVE-2015-0501
    http://cve.mitre.org...e=CVE-2015-2571
    http://cve.mitre.org...e=CVE-2015-0505
    http://cve.mitre.org...e=CVE-2015-0499
  (* Security fix *)
+--------------------------+

[slackware-security]  wpa_supplicant (SSA:2015-132-03)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes potential denial of service issues.
  For more information, see:
    http://w1.fi/securit...id-overflow.txt
    http://w1.fi/securit...er-encoding.txt
    http://w1.fi/securit...ction-frame.txt
    http://w1.fi/securit...-validation.txt
    http://cve.mitre.org...e=CVE-2015-1863
  (* Security fix *)
+--------------------------+

#185 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 13 May 2015 - 05:32 PM

[slackware-security]  mozilla-firefox (SSA:2015-132-04)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

#186 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 17 May 2015 - 06:43 PM

[slackware-security]  mozilla-thunderbird (SSA:2015-137-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.7.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+


#187 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 12 June 2015 - 04:33 PM

[slackware-security]  openssl (SSA:2015-162-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Malformed ECParameters causes infinite loop (CVE-2015-1788)
   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
   o Race condition handling NewSessionTicket (CVE-2015-1791)
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-1788
    http://cve.mitre.org...e=CVE-2015-1789
    http://cve.mitre.org...e=CVE-2015-1790
    http://cve.mitre.org...e=CVE-2015-1792
    http://cve.mitre.org...e=CVE-2015-1791
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+
[slackware-security]  php (SSA:2015-162-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded.
  This update fixes some bugs and security issues.
  For more information, see:
    http://cve.mitre.org...e=CVE-2006-7243
    http://cve.mitre.org...e=CVE-2015-2325
    http://cve.mitre.org...e=CVE-2015-2326
    http://cve.mitre.org...e=CVE-2015-4021
    http://cve.mitre.org...e=CVE-2015-4022
    http://cve.mitre.org...e=CVE-2015-4024
    http://cve.mitre.org...e=CVE-2015-4025
    http://cve.mitre.org...e=CVE-2015-4026
  (* Security fix *)
+--------------------------+

#188 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 12 July 2015 - 05:40 PM

-- NOTICE --


Postings of Slackware updates will no longer be updated in this area of the board.

Those who are interested can find all updates for Slackware at the followinjng URL:


http://www.slackware.com/security/


Keep on Slackin'!


~Eric



#189 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 27 April 2017 - 11:05 AM

Slackware News


SlackBuilds.org - New Server Soon
As detailed on our -users mailing list here:
https://lists.slackb....il/019032.html

We have a new server donated from our colo host (Onxylight.net is awesome), but we have to buy drives and some more memory, so we're trying to raise a bit of money for that. See the mailing list post linked above for more information and a donation link if you're so inclined.

Thanks much!
__________________
Robby Workman
http://slackware.com/~rworkman/
http://rlworkman.net
http://slackbuilds.org

*the above from an LQ.org posting.

#190 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 26 July 2017 - 06:02 PM

View PostV.T. Eric Layton, on 12 July 2015 - 05:40 PM, said:

-- NOTICE --


Postings of Slackware updates will no longer be updated in this area of the board.

Those who are interested can find all updates for Slackware at the followinjng URL:


http://www.slackware.com/security/


Keep on Slackin'!


~Eric


I had posted this a while back because I didn't think there was anyone here concerned with Slackware updates anymore, but it's possible that a couple of you out there might still find the updates interesting and informative, so I think I'll try to remember to post the updates here like I used to do.

Stay tuned...

#191 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 26 July 2017 - 06:05 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  expat (SSA:2017-199-01)

New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.2.2-i586-1_slack14.2.txz:  Upgraded.
  Fixes security issues including:
  External entity infinite loop DoS
  For more information, see:
    https://cve.mitre.or...e=CVE-2017-9233
    https://libexpat.git.../cve-2017-9233/
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.2-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.2-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.2-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.2-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.2-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.2-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.2-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.2-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.2-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
7f9f98e2fbfdb2d7e92d2a74767f379b  expat-2.2.2-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
ad390855001c2a32e8a01b1021ee0402  expat-2.2.2-x86_64-1_slack13.0.txz

Slackware 13.1 package:
aa73dc57c604e1b6c788c599b80561f0  expat-2.2.2-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
ab9dfe8b2afeb19b29f8e42f045b5284  expat-2.2.2-x86_64-1_slack13.1.txz

Slackware 13.37 package:
c2e3ca3e858afcd4ee5da8cb5c43d8eb  expat-2.2.2-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
6e96f6eeec6c60d7b4215280cec27560  expat-2.2.2-x86_64-1_slack13.37.txz

Slackware 14.0 package:
afbae121e3ad167426ee9965e876e67b  expat-2.2.2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
edbbcbe637294edbeefe7e2697bd2fb1  expat-2.2.2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
8b24088cba47ee63104354dbdb84e504  expat-2.2.2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
45ce0de8ae651851826e509ba0c490e3  expat-2.2.2-x86_64-1_slack14.1.txz

Slackware 14.2 package:
f8c21c6bd6c0503ac90ccfdc932bec05  expat-2.2.2-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c2237eb21e2c700d4582bfcca7908cbd  expat-2.2.2-x86_64-1_slack14.2.txz

Slackware -current package:
0abebd7b1a8294d4a8cb4f4373576fec  l/expat-2.2.2-i586-1.txz

Slackware x86_64 -current package:
fa3206d73e042332ea4e7950525cc4f6  l/expat-2.2.2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg expat-2.2.2-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAllujGcACgkQakRjwEAQIjO5WgCfY2tdp2bPoc4uw5Au0rwUd4Vs
fTwAn3loJ9+eG9cW6gjbtjcXpPMbkDC9
=9/gp
-----END PGP SIGNATURE-----

===

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gd (SSA:2017-199-02)

New gd packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gd-2.2.4-i586-1_slack14.2.txz:  Upgraded.
  Fixes security issues:
  gdImageCreate() doesn't check for oversized images and as such is prone to
  DoS vulnerabilities. (CVE-2016-9317)
  double-free in gdImageWebPtr() (CVE-2016-6912)
  potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
  DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
  Signed Integer Overflow gd_io.c (CVE-2016-10168)
  For more information, see:
    https://cve.mitre.or...e=CVE-2016-9317
    https://cve.mitre.or...e=CVE-2016-6912
    https://cve.mitre.or...=CVE-2016-10166
    https://cve.mitre.or...=CVE-2016-10167
    https://cve.mitre.or...=CVE-2016-10168
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gd-2.2.4-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gd-2.2.4-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.2.4-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gd-2.2.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
21e9b5cb669f9d5ab687520335c0c2ab  gd-2.2.4-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
86429d33e59bd6f819c0757c923d58c7  gd-2.2.4-x86_64-1_slack14.2.txz

Slackware -current package:
3c2e50dcc5cbd4f895186cf096500a9f  l/gd-2.2.4-i586-1.txz

Slackware x86_64 -current package:
26cd09da8385e8607795aaedfdb5758a  l/gd-2.2.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gd-2.2.4-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAllujGkACgkQakRjwEAQIjPHOgCfd6asK9vSbcoGsp0DeeVH4pZN
dTMAoIoIUbQJwwDthCzhzDY9exq8LJQA
=RMrq
-----END PGP SIGNATURE-----


===

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  seamonkey (SSA:2017-202-01)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.48-i586-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.seamonkey...s/seamonkey2.48
  (* Security fix *)
patches/packages/seamonkey-solibs-2.48-i586-1_slack14.2.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-2.48-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-solibs-2.48-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-2.48-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-solibs-2.48-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.48-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.48-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.48-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.48-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 packages:
c9dd64c844533e67601e0da8873aa484  seamonkey-2.48-i586-1_slack14.2.txz
347d5d6f5dd1dcfec9adc8d63424c20f  seamonkey-solibs-2.48-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
791011ec05e35d6204243203dcbeefbc  seamonkey-2.48-x86_64-1_slack14.2.txz
40d47645a1c990f83d227ab2c3445501  seamonkey-solibs-2.48-x86_64-1_slack14.2.txz

Slackware -current packages:
e9bc2cffe13c240af3e7dfb463b972f4  l/seamonkey-solibs-2.48-i586-1.txz
58e7f9716d92d700400f87faddbd7635  xap/seamonkey-2.48-i586-1.txz

Slackware x86_64 -current packages:
0b673105f48fe108d0c5ce1e6c7d5fd0  l/seamonkey-solibs-2.48-x86_64-1.txz
190a4a9bf2c3fae01971a85306fff628  xap/seamonkey-2.48-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg seamonkey-2.48-i586-1_slack14.2.txz seamonkey-solibs-2.48-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAllyX/8ACgkQakRjwEAQIjMGKwCfQm9zv7u5n0x9y8pv+2IYhpIO
bdIAnArKGli6q0BrBSEbBq/eOG7c/0iP
=lslr
-----END PGP SIGNATURE-----

===

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  tcpdump (SSA:2017-205-01)

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes an issue where tcpdump 4.9.0 allows remote attackers
  to cause a denial of service (heap-based buffer over-read and application
  crash) via crafted packet data.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-11108
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/tcpdump-4.9.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/tcpdump-4.9.1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.37 package:
9a5fe67f214fa1b11f9145e863b3c745  tcpdump-4.9.1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
d6ff914dbc9371173346d33035618c0b  tcpdump-4.9.1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
db3c17f626370399d08c450481395bd1  tcpdump-4.9.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
676c246841f82a885fd1140e3d5682d8  tcpdump-4.9.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
5bf8605c4bb148bb5efdc8f58f4d6fae  tcpdump-4.9.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
db08fcc0b32edfbcee57bed3fe92aacf  tcpdump-4.9.1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
e4118a207372df0170dd1bd337392d31  tcpdump-4.9.1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7fd6f286dc3402d3ae5e14352d6ea7b7  tcpdump-4.9.1-x86_64-1_slack14.2.txz

Slackware -current package:
ad5ccf382c3579e011139a600200eda2  n/tcpdump-4.9.1-i586-1.txz

Slackware x86_64 -current package:
36da99a1c72d25d9c3a3779342920889  n/tcpdump-4.9.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg tcpdump-4.9.1-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAll2YFkACgkQakRjwEAQIjN7ggCfTG5epctzdCQM1bUxLD6KyYDh
+7MAnipjCQVr4McNPd63Fm6hsVUd0tKt
=NA42
-----END PGP SIGNATURE-----

#192 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 29 July 2017 - 01:09 PM

[slackware-security]  squashfs-tools (SSA:2017-209-01)

New squashfs-tools packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/squashfs-tools-4.3-i586-2_slack14.2.txz:  Rebuilt.
  Patched a couple of denial of service issues and other bugs.
  For more information, see:
    https://cve.mitre.or...e=CVE-2015-4645
    https://cve.mitre.or...e=CVE-2015-4646
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/squashfs-tools-4.3-i586-2_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/squashfs-tools-4.3-x86_64-2_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/squashfs-tools-4.3-i586-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/squashfs-tools-4.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
2c56a6bcd946acfedfa84b5edd2eb261  squashfs-tools-4.3-i586-2_slack14.2.txz

Slackware x86_64 14.2 package:
012fa8db56e0c1a12af39db629d00438  squashfs-tools-4.3-x86_64-2_slack14.2.txz

Slackware -current package:
3c17a62f74b91a8e1c44a09129b96015  ap/squashfs-tools-4.3-i586-2.txz

Slackware x86_64 -current package:
905e8ec1a6045dc3741a85e57df8c156  ap/squashfs-tools-4.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg squashfs-tools-4.3-i586-2_slack14.2.txz

#193 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 02 August 2017 - 10:47 AM

[slackware-security]  gnupg (SSA:2017-213-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.22-i586-1_slack14.2.txz:  Upgraded.
  Mitigate a flush+reload side-channel attack on RSA secret keys dubbed
  "Sliding right into disaster".
  For more information, see:
    https://eprint.iacr.org/2017/627
    https://cve.mitre.or...e=CVE-2017-7526
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.22-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.22-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.22-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.22-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.22-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.22-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.22-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.22-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.22-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.22-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.22-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.22-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.22-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.22-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
b2f6469a30e705f26803c72dfbb2c15d  gnupg-1.4.22-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
742e44fea11b8c8fef156a89bfab4d6d  gnupg-1.4.22-x86_64-1_slack13.0.txz

Slackware 13.1 package:
6817a7682cb5b3283dab8037351fbecb  gnupg-1.4.22-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
07c910c3675914481ddf4a5e34c83dd2  gnupg-1.4.22-x86_64-1_slack13.1.txz

Slackware 13.37 package:
4453520ea77d60db00bcf4618373eeb6  gnupg-1.4.22-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
18b4648560ed1275c3bf11f4a6e64507  gnupg-1.4.22-x86_64-1_slack13.37.txz

Slackware 14.0 package:
3fc2e39130de65a1620e751998449fc2  gnupg-1.4.22-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
eab56a3f23a8a64c7c143ed8e6693977  gnupg-1.4.22-x86_64-1_slack14.0.txz

Slackware 14.1 package:
ec4f533375a2b252f183f0481732ddd5  gnupg-1.4.22-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
e07559c72d1846fa4c7765f094f3bb09  gnupg-1.4.22-x86_64-1_slack14.1.txz

Slackware 14.2 package:
7d043e91bb764c239a084f8c47a57a68  gnupg-1.4.22-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7fc66cac3f7c6d66989e1f9712a8ab79  gnupg-1.4.22-x86_64-1_slack14.2.txz

Slackware -current package:
733a02f58b77047d3b36e4d6453e4587  n/gnupg-1.4.22-i586-1.txz

Slackware x86_64 -current package:
d730df9ab12b2f15905bcba9ffe61ea9  n/gnupg-1.4.22-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gnupg-1.4.22-i586-1_slack14.2.txz


+-----+

#194 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 10 August 2017 - 07:38 PM

[slackware-security]  curl (SSA:2017-221-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.55.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes three security issues:
  URL globbing out of bounds read
  TFTP sends more than buffer size
  FILE buffer read out of bounds
  For more information, see:
    https://curl.haxx.se..._20170809A.html
    https://curl.haxx.se..._20170809B.html
    https://curl.haxx.se..._20170809C.html
    https://cve.mitre.or...VE-2017-1000101
    https://cve.mitre.or...VE-2017-1000100
    https://cve.mitre.or...VE-2017-1000099
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.55.0-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.55.0-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.55.0-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.55.0-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.55.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.55.0-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.55.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.55.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.55.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.55.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.55.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.55.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.55.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.55.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
cd2da3b2f3b5f82dc65f9d059cf1e218  curl-7.55.0-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
2d4196ad8fca7d47e98abc8509edcbb9  curl-7.55.0-x86_64-1_slack13.0.txz

Slackware 13.1 package:
3761487e1a01dd6dc6a7380a562ee063  curl-7.55.0-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
cb1a111bf84e4fa83b7b1f6c513edc2b  curl-7.55.0-x86_64-1_slack13.1.txz

Slackware 13.37 package:
0211314fd5e14089f2f9e343fc43d11f  curl-7.55.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
b9d8bf85e21e1ae75dcee5024252bd2a  curl-7.55.0-x86_64-1_slack13.37.txz

Slackware 14.0 package:
86e0cbb23b946d6dbf80502780ee2e6b  curl-7.55.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
9587b1e01071e3f0273f59af9314fa1a  curl-7.55.0-x86_64-1_slack14.0.txz

Slackware 14.1 package:
ebdcc7de218cd7d5a17bf155ae2e176f  curl-7.55.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
452baffbd32f0f39092750e9cacc194d  curl-7.55.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
38407eb05a8c2b4b0c43b6e545a87298  curl-7.55.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
30a06330c38cdab72b1dfa73fcd425ef  curl-7.55.0-x86_64-1_slack14.2.txz

Slackware -current package:
0e9db7d8fc7d5e272e5406225307c030  n/curl-7.55.0-i586-1.txz

Slackware x86_64 -current package:
830246f0db066b1417556fff89199cb3  n/curl-7.55.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg curl-7.55.0-i586-1_slack14.2.txz


+-----+

[slackware-security]  mozilla-firefox (SSA:2017-221-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla....firefoxESR.html
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-52.3.0esr-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-52.3.0esr-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-52.3.0esr-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
692b81a7d0f906f08d7e8b5a2638b422  mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
57bc2b420d84a7a0c6762063aca2e6dd  mozilla-firefox-52.3.0esr-x86_64-1_slack14.2.txz

Slackware -current package:
9be3b8d587f7df13c5f8cfea4d80d882  xap/mozilla-firefox-52.3.0esr-i586-1.txz

Slackware x86_64 -current package:
f88e60c7c6b739803a0ebc6e521caeb5  xap/mozilla-firefox-52.3.0esr-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz


+-----+

#195 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 14 August 2017 - 11:14 PM

[slackware-security]  libsoup (SSA:2017-223-02)

New libsoup packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz:  Rebuilt.
  Fixed a chunked decoding buffer overrun that could be exploited against
  either clients or servers.
  For more information, see:
    https://cve.mitre.or...e=CVE-2017-2885
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libsoup-2.42.2-i486-2_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libsoup-2.42.2-x86_64-2_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libsoup-2.52.2-x86_64-3_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libsoup-2.58.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libsoup-2.58.2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
8f24024c05fce40e41c489e54ec925c5  libsoup-2.42.2-i486-2_slack14.1.txz

Slackware x86_64 14.1 package:
cd61c03801be0232ee54ec8bd17bbda3  libsoup-2.42.2-x86_64-2_slack14.1.txz

Slackware 14.2 package:
bb1cb37da83b6bca49acd4d724c4f6a4  libsoup-2.52.2-i586-3_slack14.2.txz

Slackware x86_64 14.2 package:
c09f4ec321943ad66e26761e13266271  libsoup-2.52.2-x86_64-3_slack14.2.txz

Slackware -current package:
5e2c65829523cfc426291bbbcee6f3f0  l/libsoup-2.58.2-i586-1.txz

Slackware x86_64 -current package:
1dfde8ba37ef626288b7cb793c4e9420  l/libsoup-2.58.2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libsoup-2.52.2-i586-3_slack14.2.txz

#196 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 16 August 2017 - 10:58 AM

[slackware-security]  xorg-server (SSA:2017-227-01)

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
  This update fixes two security issues:
  A user authenticated to an X Session could crash or execute code in the
  context of the X Server by exploiting a stack overflow in the endianness
  conversion of X Events.
  Uninitialized data in endianness conversion in the XEvent handling of the
  X.Org X Server allowed authenticated malicious users to access potentially
  privileged data from the X server.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-10971
    https://cve.mitre.or...=CVE-2017-10972
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
86275ce224cc6b605cd48e265f7b3431  xorg-server-1.6.3-i486-4_slack13.0.txz
09e08405768eaf3c7d9fa7483e3645ec  xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
000e88cd1d2a651a2469151b6f6792cd  xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ead15ed6cd55bd4b3d66dcf55902f156  xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Slackware x86_64 13.0 packages:
aaba854c38f7059a9c5f4811fc87356b  xorg-server-1.6.3-x86_64-4_slack13.0.txz
09c25303eb9d9ca066fc2a26d617ed22  xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
37a856e4f5642946a1ecbeebf5f5df46  xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
9368c95fa1271c2bac3ea25539d005f3  xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Slackware 13.1 packages:
c892f89f02f7561fed97f7358cd4c956  xorg-server-1.7.7-i486-4_slack13.1.txz
f8dc5a4d3fd03ceb5f7453c1fc90b9bd  xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
029ab43b662196f6d051332343275ad4  xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
c06a34fa65acff4801d9cc0de19a47a8  xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Slackware x86_64 13.1 packages:
c6b1665a39ad87e0e092c3210d159b34  xorg-server-1.7.7-x86_64-4_slack13.1.txz
755050374c936ced68848097fbacaf44  xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
348eab0e16fdbf55730e5e052849e399  xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
e478efdc4209d9cb056fce65cf9d7b27  xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Slackware 13.37 packages:
7d74fae08b08419ecb8d103c45620321  xorg-server-1.9.5-i486-4_slack13.37.txz
76e400a6b2cc65d5f2366da70644c5fb  xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
80b0fe9ed222ad834a17b69e17ba91a9  xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
bd65bda294e5d883a395afa51ab9b754  xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Slackware x86_64 13.37 packages:
e331047bb1428f32cc38d2f1e28f71b4  xorg-server-1.9.5-x86_64-4_slack13.37.txz
961812b1733ed1ac152b6e6ab8c66499  xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ab7433d9233f843c6bbccd4f00e3cdde  xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
a754270b3a41beed70c8dfc6c69d3970  xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Slackware 14.0 packages:
61be1d15444a5f7c44cc3eb85269ccd9  xorg-server-1.12.4-i486-3_slack14.0.txz
ab80d7a22de7606800cf6569d4695d5b  xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
58e97ad8e541731e7cd4ff21d8fa0522  xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
a238fd09707afc39d8ce49386b359fc9  xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Slackware x86_64 14.0 packages:
fa2ebac60bf90265a9b68259e563c329  xorg-server-1.12.4-x86_64-3_slack14.0.txz
b2d68e907981ba071cd218e7158a974b  xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
742974e60afd5c4342c993bc3694b18d  xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
6b5ce7aa0445ada3ba1e92a9081c57e0  xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Slackware 14.1 packages:
09ab341882ee152edd38a9cff87aa3e5  xorg-server-1.14.3-i486-4_slack14.1.txz
88331b2e020467180ac48f58d8760716  xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
05b3987f24334485feeec64ab0ea15ed  xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ed4af26a340db3b1ad3544905e7cccba  xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Slackware x86_64 14.1 packages:
1d10548567dbd16d22db20910f8e97fa  xorg-server-1.14.3-x86_64-4_slack14.1.txz
6440fab1b258eddd3c6425fd5e7a3d9e  xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
5c336b83dca66baf0a1e3438da5a1955  xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
1f5140f0ea717fb53785f83e0e43eb98  xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Slackware 14.2 packages:
1bc5d7586c9531815d33ef714cc52e2b  xorg-server-1.18.3-i586-3_slack14.2.txz
47ca0a793625e08bd6dc55310561ab68  xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
4408fd987a6f20d24c82bdb0fa5e47c2  xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
5f636be733db15fbd8242585fee74500  xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Slackware x86_64 14.2 packages:
852a94da7873a3634b540c1436e63e9d  xorg-server-1.18.3-x86_64-3_slack14.2.txz
3eadfffee3a9749b26a74c4efe67d83e  xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
e9364a469b7ea00cbc9b6723201e8039  xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
6c2d01bbf136cdef4549a2b856fd01ca  xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Slackware -current packages:
190b901651bfc22666836632e390fe94  x/xorg-server-1.19.3-i586-2.txz
6c991c9a7b4c96557b1ef3965ad4a18a  x/xorg-server-xephyr-1.19.3-i586-2.txz
e398ad8306d65105c1c2206782ff5cb2  x/xorg-server-xnest-1.19.3-i586-2.txz
3726206c8e2f11086145dbb9b14b1f6c  x/xorg-server-xvfb-1.19.3-i586-2.txz

Slackware x86_64 -current packages:
08857b3f3fc3e4e9d936f8129bb431b8  x/xorg-server-1.19.3-x86_64-2.txz
c3121263fbff67c0012417a96700d6c5  x/xorg-server-xephyr-1.19.3-x86_64-2.txz
3775079d48f00753ebb01f1bfa8b1a62  x/xorg-server-xnest-1.19.3-x86_64-2.txz
c3f783bce65bd1cfa1859e7d3b105d53  x/xorg-server-xvfb-1.19.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz


+-----+

#197 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 14 September 2017 - 10:12 PM

[slackware-security]  bash (SSA:2017-251-01)

New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2
to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bash-4.3.048-i586-1_slack14.2.txz:  Upgraded.
  This update fixes two security issues found in bash before 4.4:
  The expansion of '\h' in the prompt string allows remote authenticated users
  to execute arbitrary code via shell metacharacters placed in 'hostname' of a
  machine. The theoretical attack vector is a hostile DHCP server providing a
  crafted hostname, but this is unlikely to occur in a normal Slackware
  configuration as we ignore the hostname provided by DHCP.
  Specially crafted SHELLOPTS+PS4 environment variables used against bogus
  setuid binaries using system()/popen() allowed local attackers to execute
  arbitrary code as root.
  For more information, see:
    https://cve.mitre.or...e=CVE-2016-0634
    https://cve.mitre.or...e=CVE-2016-7543
  (* Security fix *)
+--------------------------+

[slackware-security]  mariadb (SSA:2017-251-02)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://cve.mitre.or...e=CVE-2017-3636
    https://cve.mitre.or...e=CVE-2017-3641
    https://cve.mitre.or...e=CVE-2017-3653
  (* Security fix *)
+--------------------------+


[slackware-security]  tcpdump (SSA:2017-251-03)

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/tcpdump-4.9.2-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and many security issues (see the included
  CHANGES file).
  For more information, see:
    https://cve.mitre.or...=CVE-2017-11541
    https://cve.mitre.or...=CVE-2017-11541
    https://cve.mitre.or...=CVE-2017-11542
    https://cve.mitre.or...=CVE-2017-11542
    https://cve.mitre.or...=CVE-2017-11543
    https://cve.mitre.or...=CVE-2017-11543
    https://cve.mitre.or...=CVE-2017-12893
    https://cve.mitre.or...=CVE-2017-12894
    https://cve.mitre.or...=CVE-2017-12895
    https://cve.mitre.or...=CVE-2017-12896
    https://cve.mitre.or...=CVE-2017-12897
    https://cve.mitre.or...=CVE-2017-12898
    https://cve.mitre.or...=CVE-2017-12899
    https://cve.mitre.or...=CVE-2017-12900
    https://cve.mitre.or...=CVE-2017-12901
    https://cve.mitre.or...=CVE-2017-12902
    https://cve.mitre.or...=CVE-2017-12985
    https://cve.mitre.or...=CVE-2017-12986
    https://cve.mitre.or...=CVE-2017-12987
    https://cve.mitre.or...=CVE-2017-12988
    https://cve.mitre.or...=CVE-2017-12989
    https://cve.mitre.or...=CVE-2017-12990
    https://cve.mitre.or...=CVE-2017-12991
    https://cve.mitre.or...=CVE-2017-12992
    https://cve.mitre.or...=CVE-2017-12993
    https://cve.mitre.or...=CVE-2017-12994
    https://cve.mitre.or...=CVE-2017-12995
    https://cve.mitre.or...=CVE-2017-12996
    https://cve.mitre.or...=CVE-2017-12997
    https://cve.mitre.or...=CVE-2017-12998
    https://cve.mitre.or...=CVE-2017-12999
    https://cve.mitre.or...=CVE-2017-13000
    https://cve.mitre.or...=CVE-2017-13001
    https://cve.mitre.or...=CVE-2017-13002
    https://cve.mitre.or...=CVE-2017-13003
    https://cve.mitre.or...=CVE-2017-13004
    https://cve.mitre.or...=CVE-2017-13005
    https://cve.mitre.or...=CVE-2017-13006
    https://cve.mitre.or...=CVE-2017-13007
    https://cve.mitre.or...=CVE-2017-13008
    https://cve.mitre.or...=CVE-2017-13009
    https://cve.mitre.or...=CVE-2017-13010
    https://cve.mitre.or...=CVE-2017-13011
    https://cve.mitre.or...=CVE-2017-13012
    https://cve.mitre.or...=CVE-2017-13013
    https://cve.mitre.or...=CVE-2017-13014
    https://cve.mitre.or...=CVE-2017-13015
    https://cve.mitre.or...=CVE-2017-13016
    https://cve.mitre.or...=CVE-2017-13017
    https://cve.mitre.or...=CVE-2017-13018
    https://cve.mitre.or...=CVE-2017-13019
    https://cve.mitre.or...=CVE-2017-13020
    https://cve.mitre.or...=CVE-2017-13021
    https://cve.mitre.or...=CVE-2017-13022
    https://cve.mitre.or...=CVE-2017-13023
    https://cve.mitre.or...=CVE-2017-13024
    https://cve.mitre.or...=CVE-2017-13025
    https://cve.mitre.or...=CVE-2017-13026
    https://cve.mitre.or...=CVE-2017-13027
    https://cve.mitre.or...=CVE-2017-13028
    https://cve.mitre.or...=CVE-2017-13029
    https://cve.mitre.or...=CVE-2017-13030
    https://cve.mitre.or...=CVE-2017-13031
    https://cve.mitre.or...=CVE-2017-13032
    https://cve.mitre.or...=CVE-2017-13033
    https://cve.mitre.or...=CVE-2017-13034
    https://cve.mitre.or...=CVE-2017-13035
    https://cve.mitre.or...=CVE-2017-13036
    https://cve.mitre.or...=CVE-2017-13037
    https://cve.mitre.or...=CVE-2017-13038
    https://cve.mitre.or...=CVE-2017-13039
    https://cve.mitre.or...=CVE-2017-13040
    https://cve.mitre.or...=CVE-2017-13041
    https://cve.mitre.or...=CVE-2017-13042
    https://cve.mitre.or...=CVE-2017-13043
    https://cve.mitre.or...=CVE-2017-13044
    https://cve.mitre.or...=CVE-2017-13045
    https://cve.mitre.or...=CVE-2017-13046
    https://cve.mitre.or...=CVE-2017-13047
    https://cve.mitre.or...=CVE-2017-13048
    https://cve.mitre.or...=CVE-2017-13049
    https://cve.mitre.or...=CVE-2017-13050
    https://cve.mitre.or...=CVE-2017-13051
    https://cve.mitre.or...=CVE-2017-13052
    https://cve.mitre.or...=CVE-2017-13053
    https://cve.mitre.or...=CVE-2017-13054
    https://cve.mitre.or...=CVE-2017-13055
    https://cve.mitre.or...=CVE-2017-13687
    https://cve.mitre.or...=CVE-2017-13688
    https://cve.mitre.or...=CVE-2017-13689
    https://cve.mitre.or...=CVE-2017-13690
    https://cve.mitre.or...=CVE-2017-13725
  (* Security fix *)
+--------------------------+

[slackware-security]  emacs (SSA:2017-255-01)

New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/emacs-25.3-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security vulnerability in Emacs. Gnus no longer
  supports "richtext" and "enriched" inline MIME objects. This support
  was disabled to avoid evaluation of arbitrary Lisp code contained in
  email messages and news articles.
  For more information, see:
    http://seclists.org/...sec/2017/q3/422
    https://bugs.gnu.org/28350
  (* Security fix *)
+--------------------------+

[slackware-security]  libzip (SSA:2017-255-02)

New libzip packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libzip-1.0.1-i586-3_slack14.2.txz:  Rebuilt.
  Fix a denial of service security issue.
  For more information, see:
    https://cve.mitre.or...=CVE-2017-14107
  (* Security fix *)
+--------------------------+

#198 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,165 posts

Posted 19 September 2017 - 11:19 AM

[slackware-security]  kernel (SSA:2017-258-02)

New kernel packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.88/*:  Upgraded.
  This update fixes the security vulnerability known as "BlueBorne".
  The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
  Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in
  the processing of L2CAP configuration responses resulting in remote
  code execution in kernel space.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
https://cve.mitre.or...VE-2017-1000251
https://www.armis.com/blueborne
  (* Security fix *)
+--------------------------+



[slackware-security]  httpd (SSA:2017-261-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.27-i586-2_slack14.2.txz:  Rebuilt.
  This update patches a security issue ("Optionsbleed") with the OPTIONS http
  method which may leak arbitrary pieces of memory to a potential attacker.
  Thanks to Hanno Bo:ck.
  For more information, see:
http://seclists.org/...sec/2017/q3/477
https://cve.mitre.or...e=CVE-2017-9798
  (* Security fix *)
+--------------------------+



[slackware-security]  libgcrypt (SSA:2017-261-02)

New libgcrypt packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz:  Upgraded.
  Mitigate a local side-channel attack on Curve25519 dubbed "May
  the Fourth be With You".
  For more information, see:
https://eprint.iacr.org/2017/806
https://cve.mitre.or...e=CVE-2017-0379
  (* Security fix *)
+--------------------------+



[slackware-security]  ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.8-i586-1_slack14.2.txz:  Upgraded.
  This release includes several security fixes.
  For more information, see:
https://cve.mitre.or...e=CVE-2017-0898
https://cve.mitre.or...e=CVE-2017-0899
https://cve.mitre.or...e=CVE-2017-0900
https://cve.mitre.or...e=CVE-2017-0901
https://cve.mitre.or...e=CVE-2017-0902
https://cve.mitre.or...=CVE-2017-10784
https://cve.mitre.or...=CVE-2017-14033
https://cve.mitre.or...=CVE-2017-14064
  (* Security fix *)
+--------------------------+





Also tagged with one or more of these keywords: slackware, updates, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users