Jump to content


NEW UPDATES Slackware

slackware updates bruno v.t. eric layton

  • Please log in to reply
187 replies to this topic

#176 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 23 December 2014 - 06:15 PM

[slackware-security]  ntp (SSA:2014-356-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several high-severity vulnerabilities discovered by Neel Mehta
  and Stephen Roettger of the Google Security Team.
  For more information, see:
    https://www.kb.cert.org/vuls/id/852879
    http://cve.mitre.org...e=CVE-2014-9293
    http://cve.mitre.org...e=CVE-2014-9294
    http://cve.mitre.org...e=CVE-2014-9295
    http://cve.mitre.org...e=CVE-2014-9296
  (* Security fix *)
+--------------------------+

[slackware-security]  php (SSA:2014-356-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.36-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68545 (NULL pointer dereference in unserialize.c).
  #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-3710
    http://cve.mitre.org...e=CVE-2014-8142
  (* Security fix *)
+--------------------------+



[slackware-security]  xorg-server (SSA:2014-356-03)

New xorg-server packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes many security issues discovered by Ilja van Sprundel,
  a security researcher with IOActive.
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-8091
    http://cve.mitre.org...e=CVE-2014-8092
    http://cve.mitre.org...e=CVE-2014-8093
    http://cve.mitre.org...e=CVE-2014-8094
    http://cve.mitre.org...e=CVE-2014-8095
    http://cve.mitre.org...e=CVE-2014-8096
    http://cve.mitre.org...e=CVE-2014-8097
    http://cve.mitre.org...e=CVE-2014-8098
    http://cve.mitre.org...e=CVE-2014-8099
    http://cve.mitre.org...e=CVE-2014-8100
    http://cve.mitre.org...e=CVE-2014-8101
    http://cve.mitre.org...e=CVE-2014-8102
    http://cve.mitre.org...e=CVE-2014-8103
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
+--------------------------+

#177 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 09 January 2015 - 11:54 PM

[slackware-security]  openssl (SSA:2015-009-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl....dv_20150108.txt
    http://cve.mitre.org...e=CVE-2014-3571
    http://cve.mitre.org...e=CVE-2015-0206
    http://cve.mitre.org...e=CVE-2014-3569
    http://cve.mitre.org...e=CVE-2014-3572
    http://cve.mitre.org...e=CVE-2015-0204
    http://cve.mitre.org...e=CVE-2015-0205
    http://cve.mitre.org...e=CVE-2014-8275
    http://cve.mitre.org...e=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

#178 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 17 January 2015 - 08:41 PM

[slackware-security]  freetype (SSA:2015-016-01)

New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/freetype-2.5.5-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug that could cause freetype to crash
  or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org...e=CVE-2014-2240
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-firefox (SSA:2015-016-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.4.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2015-016-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.4.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2015-016-04)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.32-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

#179 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 28 January 2015 - 10:27 PM

[slackware-security]  glibc (SSA:2015-028-01)

New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
and 14.1 to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.17-i486-10_slack14.1.txz:  Rebuilt.
  This update patches a security issue __nss_hostname_digits_dots() function
  of glibc which may be triggered through the gethostbyname*() set of
  functions.  This flaw could allow local or remote attackers to take control
  of a machine running a vulnerable version of glibc.  Thanks to Qualys for
  discovering this issue (also known as the GHOST vulnerability.)
  For more information, see:
    https://www.qualys.c...E-2015-0235.txt
    http://cve.mitre.org...e=CVE-2015-0235
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014j and tzdata2014j.
+--------------------------+

#180 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 16 February 2015 - 11:56 PM

[slackware-security]  patch (SSA:2015-047-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/patch-2.7.4-i486-1_slack14.1.txz:  Upgraded.
  Patch no longer follows symbolic links to input and output files.  This
  ensures that symbolic links created by git-style patches cannot cause
  patch to write outside the working directory.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-1196
  (* Security fix *)
+--------------------------+

[slackware-security]  seamonkey (SSA:2015-047-02)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.32.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o.../seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

[slackware-security]  sudo (SSA:2015-047-03)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/sudo-1.8.12-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a potential security issue by only passing the TZ
  environment variable it is considered safe.  This prevents exploiting bugs
  in glibc's TZ parser that could be used to read files that the user does
  not have access to, or to cause a denial of service.
  For more information, see:
    http://www.sudo.ws/sudo/alerts/tz.html
    http://cve.mitre.org...e=CVE-2014-9680
  (* Security fix *)
+--------------------------+

#181 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 26 February 2015 - 05:16 PM

[slackware-security]  mozilla-firefox (SSA:2015-056-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.5.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

[slackware-security]  mozilla-thunderbird (SSA:2015-056-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+

#182 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 05 March 2015 - 11:28 PM

[slackware-security]  samba (SSA:2015-064-01)

New samba packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.17-i486-1_slack14.1.txz:  Upgraded.
  This package fixes security issues since the last update:
    BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
    in netlogon server could lead to security vulnerability.
    BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
    a NULL pointer.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-0240
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

#183 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 23 April 2015 - 09:22 PM

Numerous Slack updates today... too numerous for me to cut and paste each synopsis.

2015-04-21 - [slackware-security] openssl (SSA:2015-111-09)
2015-04-21 - [slackware-security] httpd (SSA:2015-111-03)
2015-04-21 - [slackware-security] bind (SSA:2015-111-01)
2015-04-21 - [slackware-security] ntp (SSA:2015-111-08)
2015-04-21 - [slackware-security] gnupg (SSA:2015-111-02)
2015-04-21 - [slackware-security] proftpd (SSA:2015-111-12)
2015-04-21 - [slackware-security] ppp (SSA:2015-111-11)
2015-04-21 - [slackware-security] seamonkey (SSA:2015-111-14)
2015-04-21 - [slackware-security] php (SSA:2015-111-10)
2015-04-21 - [slackware-security] mutt (SSA:2015-111-07)
2015-04-21 - [slackware-security] libssh (SSA:2015-111-04)
2015-04-21 - [slackware-security] mozilla-thunderbird (SSA:2015-111-06)
2015-04-21 - [slackware-security] qt (SSA:2015-111-13)
2015-04-21 - [slackware-security] mozilla-firefox (SSA:2015-111-05)*

* copied from http://www.slackware...security&y=2015

#184 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 12 May 2015 - 05:48 PM

[slackware-security]  mariadb (SSA:2015-132-01)

New mariadb packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-2568
    http://cve.mitre.org...e=CVE-2015-2573
    http://cve.mitre.org...e=CVE-2015-0433
    http://cve.mitre.org...e=CVE-2015-0441
    http://cve.mitre.org...e=CVE-2015-0501
    http://cve.mitre.org...e=CVE-2015-2571
    http://cve.mitre.org...e=CVE-2015-0505
    http://cve.mitre.org...e=CVE-2015-0499
  (* Security fix *)
+--------------------------+

[slackware-security]  mysql (SSA:2015-132-02)

New mysql packages are available for Slackware 14.0 to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mysql-5.5.43-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-2568
    http://cve.mitre.org...e=CVE-2015-2573
    http://cve.mitre.org...e=CVE-2015-0433
    http://cve.mitre.org...e=CVE-2015-0441
    http://cve.mitre.org...e=CVE-2015-0501
    http://cve.mitre.org...e=CVE-2015-2571
    http://cve.mitre.org...e=CVE-2015-0505
    http://cve.mitre.org...e=CVE-2015-0499
  (* Security fix *)
+--------------------------+

[slackware-security]  wpa_supplicant (SSA:2015-132-03)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes potential denial of service issues.
  For more information, see:
    http://w1.fi/securit...id-overflow.txt
    http://w1.fi/securit...er-encoding.txt
    http://w1.fi/securit...ction-frame.txt
    http://w1.fi/securit...-validation.txt
    http://cve.mitre.org...e=CVE-2015-1863
  (* Security fix *)
+--------------------------+

#185 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 13 May 2015 - 05:32 PM

[slackware-security]  mozilla-firefox (SSA:2015-132-04)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...firefoxESR.html
  (* Security fix *)
+--------------------------+

#186 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 17 May 2015 - 06:43 PM

[slackware-security]  mozilla-thunderbird (SSA:2015-137-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.7.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.o...hunderbird.html
  (* Security fix *)
+--------------------------+


#187 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 12 June 2015 - 04:33 PM

[slackware-security]  openssl (SSA:2015-162-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Malformed ECParameters causes infinite loop (CVE-2015-1788)
   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
   o Race condition handling NewSessionTicket (CVE-2015-1791)
  For more information, see:
    http://cve.mitre.org...e=CVE-2015-1788
    http://cve.mitre.org...e=CVE-2015-1789
    http://cve.mitre.org...e=CVE-2015-1790
    http://cve.mitre.org...e=CVE-2015-1792
    http://cve.mitre.org...e=CVE-2015-1791
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+
[slackware-security]  php (SSA:2015-162-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded.
  This update fixes some bugs and security issues.
  For more information, see:
    http://cve.mitre.org...e=CVE-2006-7243
    http://cve.mitre.org...e=CVE-2015-2325
    http://cve.mitre.org...e=CVE-2015-2326
    http://cve.mitre.org...e=CVE-2015-4021
    http://cve.mitre.org...e=CVE-2015-4022
    http://cve.mitre.org...e=CVE-2015-4024
    http://cve.mitre.org...e=CVE-2015-4025
    http://cve.mitre.org...e=CVE-2015-4026
  (* Security fix *)
+--------------------------+

#188 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,588 posts

Posted 12 July 2015 - 05:40 PM

-- NOTICE --


Postings of Slackware updates will no longer be updated in this area of the board.

Those who are interested can find all updates for Slackware at the followinjng URL:


http://www.slackware.com/security/


Keep on Slackin'!


~Eric







Also tagged with one or more of these keywords: slackware, updates, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users