V.T. Eric Layton Posted February 26, 2015 Posted February 26, 2015 [slackware-security] mozilla-firefox (SSA:2015-056-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-31.5.0esr-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--------------------------+ [slackware-security] mozilla-thunderbird (SSA:2015-056-02) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-31.5.0-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted March 6, 2015 Posted March 6, 2015 [slackware-security] samba (SSA:2015-064-01) New samba packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/samba-4.1.17-i486-1_slack14.1.txz: Upgraded. This package fixes security issues since the last update: BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference a NULL pointer. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+
V.T. Eric Layton Posted April 24, 2015 Posted April 24, 2015 Numerous Slack updates today... too numerous for me to cut and paste each synopsis. 2015-04-21 - [slackware-security] openssl (SSA:2015-111-09) 2015-04-21 - [slackware-security] httpd (SSA:2015-111-03) 2015-04-21 - [slackware-security] bind (SSA:2015-111-01) 2015-04-21 - [slackware-security] ntp (SSA:2015-111-08) 2015-04-21 - [slackware-security] gnupg (SSA:2015-111-02) 2015-04-21 - [slackware-security] proftpd (SSA:2015-111-12) 2015-04-21 - [slackware-security] ppp (SSA:2015-111-11) 2015-04-21 - [slackware-security] seamonkey (SSA:2015-111-14) 2015-04-21 - [slackware-security] php (SSA:2015-111-10) 2015-04-21 - [slackware-security] mutt (SSA:2015-111-07) 2015-04-21 - [slackware-security] libssh (SSA:2015-111-04) 2015-04-21 - [slackware-security] mozilla-thunderbird (SSA:2015-111-06) 2015-04-21 - [slackware-security] qt (SSA:2015-111-13) 2015-04-21 - [slackware-security] mozilla-firefox (SSA:2015-111-05) * * copied from http://www.slackware.com/security/list.php?l=slackware-security&y=2015
V.T. Eric Layton Posted May 12, 2015 Posted May 12, 2015 [slackware-security] mariadb (SSA:2015-132-01) New mariadb packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499 (* Security fix *) +--------------------------+ [slackware-security] mysql (SSA:2015-132-02) New mysql packages are available for Slackware 14.0 to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mysql-5.5.43-i486-1_slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499 (* Security fix *) +--------------------------+ [slackware-security] wpa_supplicant (SSA:2015-132-03) New wpa_supplicant packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.4-i486-1_slack14.1.txz: Upgraded. This update fixes potential denial of service issues. For more information, see: http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted May 13, 2015 Posted May 13, 2015 [slackware-security] mozilla-firefox (SSA:2015-132-04) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-31.7.0esr-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted May 17, 2015 Posted May 17, 2015 [slackware-security] mozilla-thunderbird (SSA:2015-137-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-31.7.0-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted June 12, 2015 Posted June 12, 2015 [slackware-security] openssl (SSA:2015-162-01) New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 (* Security fix *) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+ [slackware-security] php (SSA:2015-162-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded. This update fixes some bugs and security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted July 12, 2015 Posted July 12, 2015 -- NOTICE -- Postings of Slackware updates will no longer be updated in this area of the board. Those who are interested can find all updates for Slackware at the followinjng URL: http://www.slackware.com/security/ Keep on Slackin'! ~Eric
V.T. Eric Layton Posted April 27, 2017 Posted April 27, 2017 Slackware News SlackBuilds.org - New Server Soon As detailed on our -users mailing list here: https://lists.slackbuilds.org/piperm...il/019032.html We have a new server donated from our colo host (Onxylight.net is awesome), but we have to buy drives and some more memory, so we're trying to raise a bit of money for that. See the mailing list post linked above for more information and a donation link if you're so inclined. Thanks much! __________________ Robby Workman http://slackware.com/~rworkman/ http://rlworkman.net http://slackbuilds.org *the above from an LQ.org posting.
V.T. Eric Layton Posted July 26, 2017 Posted July 26, 2017 -- NOTICE -- Postings of Slackware updates will no longer be updated in this area of the board. Those who are interested can find all updates for Slackware at the followinjng URL: http://www.slackware.com/security/ Keep on Slackin'! ~Eric I had posted this a while back because I didn't think there was anyone here concerned with Slackware updates anymore, but it's possible that a couple of you out there might still find the updates interesting and informative, so I think I'll try to remember to post the updates here like I used to do. Stay tuned...
V.T. Eric Layton Posted July 26, 2017 Posted July 26, 2017 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] expat (SSA:2017-199-01) New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.2.2-i586-1_slack14.2.txz: Upgraded. Fixes security issues including: External entity infinite loop DoS For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233 https://libexpat.github.io/doc/cve-2017-9233/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.2-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.2-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.2-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.2-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.2-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 7f9f98e2fbfdb2d7e92d2a74767f379b expat-2.2.2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: ad390855001c2a32e8a01b1021ee0402 expat-2.2.2-x86_64-1_slack13.0.txz Slackware 13.1 package: aa73dc57c604e1b6c788c599b80561f0 expat-2.2.2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: ab9dfe8b2afeb19b29f8e42f045b5284 expat-2.2.2-x86_64-1_slack13.1.txz Slackware 13.37 package: c2e3ca3e858afcd4ee5da8cb5c43d8eb expat-2.2.2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 6e96f6eeec6c60d7b4215280cec27560 expat-2.2.2-x86_64-1_slack13.37.txz Slackware 14.0 package: afbae121e3ad167426ee9965e876e67b expat-2.2.2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: edbbcbe637294edbeefe7e2697bd2fb1 expat-2.2.2-x86_64-1_slack14.0.txz Slackware 14.1 package: 8b24088cba47ee63104354dbdb84e504 expat-2.2.2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 45ce0de8ae651851826e509ba0c490e3 expat-2.2.2-x86_64-1_slack14.1.txz Slackware 14.2 package: f8c21c6bd6c0503ac90ccfdc932bec05 expat-2.2.2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: c2237eb21e2c700d4582bfcca7908cbd expat-2.2.2-x86_64-1_slack14.2.txz Slackware -current package: 0abebd7b1a8294d4a8cb4f4373576fec l/expat-2.2.2-i586-1.txz Slackware x86_64 -current package: fa3206d73e042332ea4e7950525cc4f6 l/expat-2.2.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg expat-2.2.2-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAllujGcACgkQakRjwEAQIjO5WgCfY2tdp2bPoc4uw5Au0rwUd4Vs fTwAn3loJ9+eG9cW6gjbtjcXpPMbkDC9 =9/gp -----END PGP SIGNATURE----- === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gd (SSA:2017-199-02) New gd packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gd-2.2.4-i586-1_slack14.2.txz: Upgraded. Fixes security issues: gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) Signed Integer Overflow gd_io.c (CVE-2016-10168) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gd-2.2.4-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gd-2.2.4-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.2.4-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gd-2.2.4-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 21e9b5cb669f9d5ab687520335c0c2ab gd-2.2.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 86429d33e59bd6f819c0757c923d58c7 gd-2.2.4-x86_64-1_slack14.2.txz Slackware -current package: 3c2e50dcc5cbd4f895186cf096500a9f l/gd-2.2.4-i586-1.txz Slackware x86_64 -current package: 26cd09da8385e8607795aaedfdb5758a l/gd-2.2.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gd-2.2.4-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAllujGkACgkQakRjwEAQIjPHOgCfd6asK9vSbcoGsp0DeeVH4pZN dTMAoIoIUbQJwwDthCzhzDY9exq8LJQA =RMrq -----END PGP SIGNATURE----- === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2017-202-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.48-i586-1_slack14.2.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/seamonkey2.48 (* Security fix *) patches/packages/seamonkey-solibs-2.48-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-2.48-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-solibs-2.48-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-2.48-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-solibs-2.48-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.48-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.48-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.48-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.48-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: c9dd64c844533e67601e0da8873aa484 seamonkey-2.48-i586-1_slack14.2.txz 347d5d6f5dd1dcfec9adc8d63424c20f seamonkey-solibs-2.48-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 791011ec05e35d6204243203dcbeefbc seamonkey-2.48-x86_64-1_slack14.2.txz 40d47645a1c990f83d227ab2c3445501 seamonkey-solibs-2.48-x86_64-1_slack14.2.txz Slackware -current packages: e9bc2cffe13c240af3e7dfb463b972f4 l/seamonkey-solibs-2.48-i586-1.txz 58e7f9716d92d700400f87faddbd7635 xap/seamonkey-2.48-i586-1.txz Slackware x86_64 -current packages: 0b673105f48fe108d0c5ce1e6c7d5fd0 l/seamonkey-solibs-2.48-x86_64-1.txz 190a4a9bf2c3fae01971a85306fff628 xap/seamonkey-2.48-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg seamonkey-2.48-i586-1_slack14.2.txz seamonkey-solibs-2.48-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAllyX/8ACgkQakRjwEAQIjMGKwCfQm9zv7u5n0x9y8pv+2IYhpIO bdIAnArKGli6q0BrBSEbBq/eOG7c/0iP =lslr -----END PGP SIGNATURE----- === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tcpdump (SSA:2017-205-01) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz: Upgraded. This update fixes an issue where tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/tcpdump-4.9.1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/tcpdump-4.9.1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.37 package: 9a5fe67f214fa1b11f9145e863b3c745 tcpdump-4.9.1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: d6ff914dbc9371173346d33035618c0b tcpdump-4.9.1-x86_64-1_slack13.37.txz Slackware 14.0 package: db3c17f626370399d08c450481395bd1 tcpdump-4.9.1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 676c246841f82a885fd1140e3d5682d8 tcpdump-4.9.1-x86_64-1_slack14.0.txz Slackware 14.1 package: 5bf8605c4bb148bb5efdc8f58f4d6fae tcpdump-4.9.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: db08fcc0b32edfbcee57bed3fe92aacf tcpdump-4.9.1-x86_64-1_slack14.1.txz Slackware 14.2 package: e4118a207372df0170dd1bd337392d31 tcpdump-4.9.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7fd6f286dc3402d3ae5e14352d6ea7b7 tcpdump-4.9.1-x86_64-1_slack14.2.txz Slackware -current package: ad5ccf382c3579e011139a600200eda2 n/tcpdump-4.9.1-i586-1.txz Slackware x86_64 -current package: 36da99a1c72d25d9c3a3779342920889 n/tcpdump-4.9.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg tcpdump-4.9.1-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAll2YFkACgkQakRjwEAQIjN7ggCfTG5epctzdCQM1bUxLD6KyYDh +7MAnipjCQVr4McNPd63Fm6hsVUd0tKt =NA42 -----END PGP SIGNATURE-----
V.T. Eric Layton Posted July 29, 2017 Posted July 29, 2017 [slackware-security] squashfs-tools (SSA:2017-209-01) New squashfs-tools packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/squashfs-tools-4.3-i586-2_slack14.2.txz: Rebuilt. Patched a couple of denial of service issues and other bugs. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4645 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4646 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/squashfs-tools-4.3-i586-2_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/squashfs-tools-4.3-x86_64-2_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/squashfs-tools-4.3-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/squashfs-tools-4.3-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.2 package: 2c56a6bcd946acfedfa84b5edd2eb261 squashfs-tools-4.3-i586-2_slack14.2.txz Slackware x86_64 14.2 package: 012fa8db56e0c1a12af39db629d00438 squashfs-tools-4.3-x86_64-2_slack14.2.txz Slackware -current package: 3c17a62f74b91a8e1c44a09129b96015 ap/squashfs-tools-4.3-i586-2.txz Slackware x86_64 -current package: 905e8ec1a6045dc3741a85e57df8c156 ap/squashfs-tools-4.3-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg squashfs-tools-4.3-i586-2_slack14.2.txz
V.T. Eric Layton Posted August 2, 2017 Posted August 2, 2017 [slackware-security] gnupg (SSA:2017-213-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.22-i586-1_slack14.2.txz: Upgraded. Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For more information, see: https://eprint.iacr.org/2017/627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.22-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.22-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.22-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.22-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.22-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.22-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.22-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.22-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.22-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.22-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.22-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.22-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.22-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.22-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: b2f6469a30e705f26803c72dfbb2c15d gnupg-1.4.22-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 742e44fea11b8c8fef156a89bfab4d6d gnupg-1.4.22-x86_64-1_slack13.0.txz Slackware 13.1 package: 6817a7682cb5b3283dab8037351fbecb gnupg-1.4.22-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 07c910c3675914481ddf4a5e34c83dd2 gnupg-1.4.22-x86_64-1_slack13.1.txz Slackware 13.37 package: 4453520ea77d60db00bcf4618373eeb6 gnupg-1.4.22-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 18b4648560ed1275c3bf11f4a6e64507 gnupg-1.4.22-x86_64-1_slack13.37.txz Slackware 14.0 package: 3fc2e39130de65a1620e751998449fc2 gnupg-1.4.22-i486-1_slack14.0.txz Slackware x86_64 14.0 package: eab56a3f23a8a64c7c143ed8e6693977 gnupg-1.4.22-x86_64-1_slack14.0.txz Slackware 14.1 package: ec4f533375a2b252f183f0481732ddd5 gnupg-1.4.22-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e07559c72d1846fa4c7765f094f3bb09 gnupg-1.4.22-x86_64-1_slack14.1.txz Slackware 14.2 package: 7d043e91bb764c239a084f8c47a57a68 gnupg-1.4.22-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7fc66cac3f7c6d66989e1f9712a8ab79 gnupg-1.4.22-x86_64-1_slack14.2.txz Slackware -current package: 733a02f58b77047d3b36e4d6453e4587 n/gnupg-1.4.22-i586-1.txz Slackware x86_64 -current package: d730df9ab12b2f15905bcba9ffe61ea9 n/gnupg-1.4.22-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnupg-1.4.22-i586-1_slack14.2.txz +-----+
V.T. Eric Layton Posted August 10, 2017 Posted August 10, 2017 [slackware-security] curl (SSA:2017-221-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.55.0-i586-1_slack14.2.txz: Upgraded. This update fixes three security issues: URL globbing out of bounds read TFTP sends more than buffer size FILE buffer read out of bounds For more information, see: https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/docs/adv_20170809C.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000099 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.55.0-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.55.0-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.55.0-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.55.0-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.55.0-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.55.0-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.55.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.55.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.55.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.55.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.55.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.55.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.55.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.55.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: cd2da3b2f3b5f82dc65f9d059cf1e218 curl-7.55.0-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 2d4196ad8fca7d47e98abc8509edcbb9 curl-7.55.0-x86_64-1_slack13.0.txz Slackware 13.1 package: 3761487e1a01dd6dc6a7380a562ee063 curl-7.55.0-i486-1_slack13.1.txz Slackware x86_64 13.1 package: cb1a111bf84e4fa83b7b1f6c513edc2b curl-7.55.0-x86_64-1_slack13.1.txz Slackware 13.37 package: 0211314fd5e14089f2f9e343fc43d11f curl-7.55.0-i486-1_slack13.37.txz Slackware x86_64 13.37 package: b9d8bf85e21e1ae75dcee5024252bd2a curl-7.55.0-x86_64-1_slack13.37.txz Slackware 14.0 package: 86e0cbb23b946d6dbf80502780ee2e6b curl-7.55.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9587b1e01071e3f0273f59af9314fa1a curl-7.55.0-x86_64-1_slack14.0.txz Slackware 14.1 package: ebdcc7de218cd7d5a17bf155ae2e176f curl-7.55.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 452baffbd32f0f39092750e9cacc194d curl-7.55.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 38407eb05a8c2b4b0c43b6e545a87298 curl-7.55.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 30a06330c38cdab72b1dfa73fcd425ef curl-7.55.0-x86_64-1_slack14.2.txz Slackware -current package: 0e9db7d8fc7d5e272e5406225307c030 n/curl-7.55.0-i586-1.txz Slackware x86_64 -current package: 830246f0db066b1417556fff89199cb3 n/curl-7.55.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.55.0-i586-1_slack14.2.txz +-----+ [slackware-security] mozilla-firefox (SSA:2017-221-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-52.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-52.3.0esr-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-52.3.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 692b81a7d0f906f08d7e8b5a2638b422 mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 57bc2b420d84a7a0c6762063aca2e6dd mozilla-firefox-52.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: 9be3b8d587f7df13c5f8cfea4d80d882 xap/mozilla-firefox-52.3.0esr-i586-1.txz Slackware x86_64 -current package: f88e60c7c6b739803a0ebc6e521caeb5 xap/mozilla-firefox-52.3.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz +-----+
V.T. Eric Layton Posted August 15, 2017 Posted August 15, 2017 [slackware-security] libsoup (SSA:2017-223-02) New libsoup packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz: Rebuilt. Fixed a chunked decoding buffer overrun that could be exploited against either clients or servers. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2885 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libsoup-2.42.2-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libsoup-2.42.2-x86_64-2_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libsoup-2.52.2-x86_64-3_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libsoup-2.58.2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libsoup-2.58.2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 package: 8f24024c05fce40e41c489e54ec925c5 libsoup-2.42.2-i486-2_slack14.1.txz Slackware x86_64 14.1 package: cd61c03801be0232ee54ec8bd17bbda3 libsoup-2.42.2-x86_64-2_slack14.1.txz Slackware 14.2 package: bb1cb37da83b6bca49acd4d724c4f6a4 libsoup-2.52.2-i586-3_slack14.2.txz Slackware x86_64 14.2 package: c09f4ec321943ad66e26761e13266271 libsoup-2.52.2-x86_64-3_slack14.2.txz Slackware -current package: 5e2c65829523cfc426291bbbcee6f3f0 l/libsoup-2.58.2-i586-1.txz Slackware x86_64 -current package: 1dfde8ba37ef626288b7cb793c4e9420 l/libsoup-2.58.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libsoup-2.52.2-i586-3_slack14.2.txz
V.T. Eric Layton Posted August 16, 2017 Posted August 16, 2017 [slackware-security] xorg-server (SSA:2017-227-01) New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt. This update fixes two security issues: A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server allowed authenticated malicious users to access potentially privileged data from the X server. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972 (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz MD5 signatures: +-------------+ Slackware 13.0 packages: 86275ce224cc6b605cd48e265f7b3431 xorg-server-1.6.3-i486-4_slack13.0.txz 09e08405768eaf3c7d9fa7483e3645ec xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz 000e88cd1d2a651a2469151b6f6792cd xorg-server-xnest-1.6.3-i486-4_slack13.0.txz ead15ed6cd55bd4b3d66dcf55902f156 xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz Slackware x86_64 13.0 packages: aaba854c38f7059a9c5f4811fc87356b xorg-server-1.6.3-x86_64-4_slack13.0.txz 09c25303eb9d9ca066fc2a26d617ed22 xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz 37a856e4f5642946a1ecbeebf5f5df46 xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz 9368c95fa1271c2bac3ea25539d005f3 xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz Slackware 13.1 packages: c892f89f02f7561fed97f7358cd4c956 xorg-server-1.7.7-i486-4_slack13.1.txz f8dc5a4d3fd03ceb5f7453c1fc90b9bd xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz 029ab43b662196f6d051332343275ad4 xorg-server-xnest-1.7.7-i486-4_slack13.1.txz c06a34fa65acff4801d9cc0de19a47a8 xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz Slackware x86_64 13.1 packages: c6b1665a39ad87e0e092c3210d159b34 xorg-server-1.7.7-x86_64-4_slack13.1.txz 755050374c936ced68848097fbacaf44 xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz 348eab0e16fdbf55730e5e052849e399 xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz e478efdc4209d9cb056fce65cf9d7b27 xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz Slackware 13.37 packages: 7d74fae08b08419ecb8d103c45620321 xorg-server-1.9.5-i486-4_slack13.37.txz 76e400a6b2cc65d5f2366da70644c5fb xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz 80b0fe9ed222ad834a17b69e17ba91a9 xorg-server-xnest-1.9.5-i486-4_slack13.37.txz bd65bda294e5d883a395afa51ab9b754 xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz Slackware x86_64 13.37 packages: e331047bb1428f32cc38d2f1e28f71b4 xorg-server-1.9.5-x86_64-4_slack13.37.txz 961812b1733ed1ac152b6e6ab8c66499 xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz ab7433d9233f843c6bbccd4f00e3cdde xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz a754270b3a41beed70c8dfc6c69d3970 xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz Slackware 14.0 packages: 61be1d15444a5f7c44cc3eb85269ccd9 xorg-server-1.12.4-i486-3_slack14.0.txz ab80d7a22de7606800cf6569d4695d5b xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz 58e97ad8e541731e7cd4ff21d8fa0522 xorg-server-xnest-1.12.4-i486-3_slack14.0.txz a238fd09707afc39d8ce49386b359fc9 xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz Slackware x86_64 14.0 packages: fa2ebac60bf90265a9b68259e563c329 xorg-server-1.12.4-x86_64-3_slack14.0.txz b2d68e907981ba071cd218e7158a974b xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz 742974e60afd5c4342c993bc3694b18d xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz 6b5ce7aa0445ada3ba1e92a9081c57e0 xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz Slackware 14.1 packages: 09ab341882ee152edd38a9cff87aa3e5 xorg-server-1.14.3-i486-4_slack14.1.txz 88331b2e020467180ac48f58d8760716 xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz 05b3987f24334485feeec64ab0ea15ed xorg-server-xnest-1.14.3-i486-4_slack14.1.txz ed4af26a340db3b1ad3544905e7cccba xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz Slackware x86_64 14.1 packages: 1d10548567dbd16d22db20910f8e97fa xorg-server-1.14.3-x86_64-4_slack14.1.txz 6440fab1b258eddd3c6425fd5e7a3d9e xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz 5c336b83dca66baf0a1e3438da5a1955 xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz 1f5140f0ea717fb53785f83e0e43eb98 xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz Slackware 14.2 packages: 1bc5d7586c9531815d33ef714cc52e2b xorg-server-1.18.3-i586-3_slack14.2.txz 47ca0a793625e08bd6dc55310561ab68 xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz 4408fd987a6f20d24c82bdb0fa5e47c2 xorg-server-xnest-1.18.3-i586-3_slack14.2.txz 5f636be733db15fbd8242585fee74500 xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz Slackware x86_64 14.2 packages: 852a94da7873a3634b540c1436e63e9d xorg-server-1.18.3-x86_64-3_slack14.2.txz 3eadfffee3a9749b26a74c4efe67d83e xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz e9364a469b7ea00cbc9b6723201e8039 xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz 6c2d01bbf136cdef4549a2b856fd01ca xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz Slackware -current packages: 190b901651bfc22666836632e390fe94 x/xorg-server-1.19.3-i586-2.txz 6c991c9a7b4c96557b1ef3965ad4a18a x/xorg-server-xephyr-1.19.3-i586-2.txz e398ad8306d65105c1c2206782ff5cb2 x/xorg-server-xnest-1.19.3-i586-2.txz 3726206c8e2f11086145dbb9b14b1f6c x/xorg-server-xvfb-1.19.3-i586-2.txz Slackware x86_64 -current packages: 08857b3f3fc3e4e9d936f8129bb431b8 x/xorg-server-1.19.3-x86_64-2.txz c3121263fbff67c0012417a96700d6c5 x/xorg-server-xephyr-1.19.3-x86_64-2.txz 3775079d48f00753ebb01f1bfa8b1a62 x/xorg-server-xnest-1.19.3-x86_64-2.txz c3f783bce65bd1cfa1859e7d3b105d53 x/xorg-server-xvfb-1.19.3-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg xorg-server-*.txz +-----+
V.T. Eric Layton Posted September 15, 2017 Posted September 15, 2017 [slackware-security] bash (SSA:2017-251-01) New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bash-4.3.048-i586-1_slack14.2.txz: Upgraded. This update fixes two security issues found in bash before 4.4: The expansion of '\h' in the prompt string allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. The theoretical attack vector is a hostile DHCP server providing a crafted hostname, but this is unlikely to occur in a normal Slackware configuration as we ignore the hostname provided by DHCP. Specially crafted SHELLOPTS+PS4 environment variables used against bogus setuid binaries using system()/popen() allowed local attackers to execute arbitrary code as root. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543 (* Security fix *) +--------------------------+ [slackware-security] mariadb (SSA:2017-251-02) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653 (* Security fix *) +--------------------------+ [slackware-security] tcpdump (SSA:2017-251-03) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/tcpdump-4.9.2-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and many security issues (see the included CHANGES file). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725 (* Security fix *) +--------------------------+ [slackware-security] emacs (SSA:2017-255-01) New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/emacs-25.3-i586-1_slack14.2.txz: Upgraded. This update fixes a security vulnerability in Emacs. Gnus no longer supports "richtext" and "enriched" inline MIME objects. This support was disabled to avoid evaluation of arbitrary Lisp code contained in email messages and news articles. For more information, see: http://seclists.org/oss-sec/2017/q3/422 https://bugs.gnu.org/28350 (* Security fix *) +--------------------------+ [slackware-security] libzip (SSA:2017-255-02) New libzip packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libzip-1.0.1-i586-3_slack14.2.txz: Rebuilt. Fix a denial of service security issue. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14107 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 19, 2017 Posted September 19, 2017 [slackware-security] kernel (SSA:2017-258-02) New kernel packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.88/*: Upgraded. This update fixes the security vulnerability known as "BlueBorne". The native Bluetooth stack in the Linux Kernel (BlueZ), starting at Linux kernel version 3.3-rc1 is vulnerable to a stack overflow in the processing of L2CAP configuration responses resulting in remote code execution in kernel space. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.or...VE-2017-1000251 https://www.armis.com/blueborne (* Security fix *) +--------------------------+ [slackware-security] httpd (SSA:2017-261-01) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt. This update patches a security issue ("Optionsbleed") with the OPTIONS http method which may leak arbitrary pieces of memory to a potential attacker. Thanks to Hanno Bo:ck. For more information, see: http://seclists.org/...sec/2017/q3/477 https://cve.mitre.or...e=CVE-2017-9798 (* Security fix *) +--------------------------+ [slackware-security] libgcrypt (SSA:2017-261-02) New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz: Upgraded. Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". For more information, see: https://eprint.iacr.org/2017/806 https://cve.mitre.or...e=CVE-2017-0379 (* Security fix *) +--------------------------+ [slackware-security] ruby (SSA:2017-261-03) New ruby packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ruby-2.2.8-i586-1_slack14.2.txz: Upgraded. This release includes several security fixes. For more information, see: https://cve.mitre.or...e=CVE-2017-0898 https://cve.mitre.or...e=CVE-2017-0899 https://cve.mitre.or...e=CVE-2017-0900 https://cve.mitre.or...e=CVE-2017-0901 https://cve.mitre.or...e=CVE-2017-0902 https://cve.mitre.or...=CVE-2017-10784 https://cve.mitre.or...=CVE-2017-14033 https://cve.mitre.or...=CVE-2017-14064 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 24, 2017 Posted September 24, 2017 [slackware-security] samba (SSA:2017-263-01) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/samba-4.4.16-i586-1_slack14.2.txz: Upgraded. This is a security release in order to address the following defects: SMB1/2/3 connections may not require signing where they should. A man in the middle attack may hijack client connections. SMB3 connections don't keep encryption across DFS redirects. A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used SMB3. Server memory information leak over SMB1. Client with write access to a share can cause server memory contents to be written into a file or printer. For more information, see: https://www.samba.org/samba/security/CVE-2017-12150.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150 https://www.samba.org/samba/security/CVE-2017-12151.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151 https://www.samba.org/samba/security/CVE-2017-12163.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163 (* Security fix *) +--------------------------+ [slackware-security] libxml2 (SSA:2017-266-01) New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libxml2-2.9.5-i586-1_slack14.2.txz: Upgraded. This release fixes some security issues: Detect infinite recursion in parameter entities (Nick Wellnhofer), Fix handling of parameter-entity references (Nick Wellnhofer), Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), Fix XPointer paths beginning with range-to (Nick Wellnhofer). (* Security fix *) +--------------------------+ [slackware-security] python (SSA:2017-266-02) New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/python-2.7.14-i586-1_slack14.2.txz: Upgraded. Updated to the latest 2.7.x release. This fixes some security issues related to the bundled expat library. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 28, 2017 Posted September 28, 2017 [slackware-security] gegl (SSA:2017-270-01) New gegl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gegl-0.2.0-i586-4_slack14.2.txz: Rebuilt. Patched integer overflows in operations/external/ppm-load.c that could allow a denial of service (application crash) or possibly the execution of arbitrary code via a large width or height value in a ppm image. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4433 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 29, 2017 Posted September 29, 2017 [slackware-security] mozilla-firefox (SSA:2017-271-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.4.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted October 3, 2017 Posted October 3, 2017 [slackware-security] dnsmasq (SSA:2017-275-01) New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and remotely exploitable security issues that may have impacts including denial of service, information leak, and execution of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team. For more information, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted October 6, 2017 Posted October 6, 2017 [slackware-security] curl (SSA:2017-279-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.56.0-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: libcurl may read outside of a heap allocated buffer when doing FTP. For more information, see: https://curl.haxx.se/docs/adv_20171004.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254 (* Security fix *) +--------------------------+ [slackware-security] openjpeg (SSA:2017-279-02) New openjpeg packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz: Upgraded. This update fixes security issues which may lead to a denial of service or possibly remote code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164 (* Security fix *) +--------------------------+ [slackware-security] xorg-server (SSA:2017-279-03) New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz: Rebuilt. This update fixes two security issues: Xext/shm: Validate shmseg resource id, otherwise it can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client. Generating strings for XKB data used a single shared static buffer, which offered several opportunities for errors. Use a ring of resizable buffers instead, to avoid problems when strings end up longer than anticipated. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13723 (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz: Rebuilt. +--------------------------+
V.T. Eric Layton Posted October 19, 2017 Posted October 19, 2017 [slackware-security] libXres (SSA:2017-291-01) New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded. Integer overflows may allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988 (* Security fix *) +--------------------------+ [slackware-security] wpa_supplicant (SSA:2017-291-02) New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. This is the list of vulnerabilities that are addressed here: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ [slackware-security] xorg-server (SSA:2017-291-03) New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz: Rebuilt. This update fixes integer overflows and other possible security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted October 24, 2017 Posted October 24, 2017 [slackware-security] curl (SSA:2017-297-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.56.1-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: IMAP FETCH response out of bounds read may cause a crash or information leak. For more information, see: https://curl.haxx.se/docs/adv_20171023.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted November 3, 2017 Posted November 3, 2017 [slackware-security] mariadb (SSA:2017-306-01) New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://jira.mariadb.org/browse/MDEV-13819 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378 (* Security fix *) +--------------------------+ [slackware-security] openssl (SSA:2017-306-02) New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: There is a carry propagating bug in the x64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. For more information, see: https://www.openssl.org/news/secadv/20171102.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736 (* Security fix *) patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz: Upgraded. +--------------------------+
V.T. Eric Layton Posted November 17, 2017 Posted November 17, 2017 [slackware-security] libplist (SSA:2017-320-01) New libplist packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libplist-2.0.0-i586-1_slack14.2.txz: Upgraded. This update fixes several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6440 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6438 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5836 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209 (* Security fix *) +--------------------------+ [slackware-security] mozilla-firefox (SSA:2017-320-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.5.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted November 28, 2017 Posted November 28, 2017 [slackware-security] samba (SSA:2017-332-01) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/samba-4.4.16-i586-2_slack14.2.txz: Rebuilt. This is a security update in order to patch the following defects: CVE-2017-14746 (Use-after-free vulnerability.) All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. CVE-2017-15275 (Server heap memory information leak.) All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. For more information, see: https://www.samba.org/samba/security/CVE-2017-14746.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746 https://www.samba.org/samba/security/CVE-2017-15275.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted December 20, 2017 Posted December 20, 2017 [slackware-security] ruby (SSA:2017-353-01) New ruby packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ruby-2.2.9-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the pipe character "|", the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted January 9, 2018 Posted January 9, 2018 [slackware-security] irssi (SSA:2018-008-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/irssi-1.0.6-i586-1_slack14.2.txz: Upgraded. This update fixes multiple security vulnerabilities. For more information, see: https://irssi.org/security/irssi_sa_2018_01.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208 (* Security fix *) +--------------------------+
Recommended Posts