Official patches for Slackware-14.2

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 23 Dec 2015 23:44:58

Messaggioda Slacky BOT Packager » gio dic 24, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Dec 23 22:44:58 UTC 2015
patches/packages/mozilla-thunderbird-38.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+
Wed Dec 23 05:20:09 UTC 2015
patches/packages/blueman-r708-i486-4_slack14.1.txz:  Rebuilt.
  This update fixes a local privilege escalation vulnerability.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8612
  (* Security fix *)
patches/packages/mozilla-firefox-38.5.2esr-i486-1_slack14.1.txz:  Upgraded.
  This is a bugfix release.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 13 Jan 2016 01:01:24

Messaggioda Slacky BOT Packager » mer gen 13, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Jan 13 00:01:23 UTC 2016
patches/packages/dhcp-4.3.3_P1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a denial-of-service vulnerability.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605
  (* Security fix *)
patches/packages/mozilla-thunderbird-38.5.1-i486-1_slack14.1.txz:  Upgraded.
  This is a bugfix release.
patches/packages/xscreensaver-5.34-i486-1_slack14.1.txz:  Upgraded.
  I promised jwz that I'd keep this updated in -stable when I removed (against
  his wishes) the nag screen that complains if a year has passed since that
  version was released.  So, here's the latest one.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Fri, 15 Jan 2016 03:29:54

Messaggioda Slacky BOT Packager » sab gen 16, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jan 15 02:29:54 UTC 2016
patches/packages/openssh-7.1p2-i486-1_slack14.1.txz:  Upgraded.
  This update fixes an information leak and a buffer overflow.  In particular,
  the information leak allows a malicious SSH server to steal the client's
  private keys.  Thanks to Qualys for reporting this issue.
  For more information, see:
    https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
  *****************************************************************
  * IMPORTANT:  READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *
  *****************************************************************
  Rather than backport the fix for the information leak (which is the only
  hazardous flaw), we have upgraded to the latest OpenSSH.  As of version
  7.0, OpenSSH has deprecated some older (and presumably less secure)
  algorithms, and also (by default) only allows root login by public-key,
  hostbased and GSSAPI authentication.  Make sure that your keys and
  authentication method will allow you to continue accessing your system
  after the upgrade.
  The release notes for OpenSSH 7.0 list the following incompatible changes
  to be aware of:
  * Support for the legacy SSH version 1 protocol is disabled by
    default at compile time.
  * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
    is disabled by default at run-time. It may be re-enabled using
    the instructions at http://www.openssh.com/legacy.html
  * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
    by default at run-time. These may be re-enabled using the
    instructions at http://www.openssh.com/legacy.html
  * Support for the legacy v00 cert format has been removed.
  * The default for the sshd_config(5) PermitRootLogin option has
    changed from "yes" to "prohibit-password".
  * PermitRootLogin=without-password/prohibit-password now bans all
    interactive authentication methods, allowing only public-key,
    hostbased and GSSAPI authentication (previously it permitted
    keyboard-interactive and password-less authentication if those
    were enabled).
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 03 Feb 2016 23:39:25

Messaggioda Slacky BOT Packager » gio feb 04, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Feb  3 22:39:25 UTC 2016
patches/packages/glibc-zoneinfo-2016a-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/mozilla-firefox-38.6.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz:  Upgraded.
  This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release.
  The bundled ffmpeg has been upgraded to 2.8.5, which fixes two security
  issues by which a remote attacker may conduct a cross-origin attack and read
  arbitrary files on the system.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1897
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1898
  (* Security fix *)
patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issue:
  SSLv2 doesn't block disabled ciphers (CVE-2015-3197).
  For more information, see:
    https://openssl.org/news/secadv/20160128.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.6.17-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  *****************************************************************
  * IMPORTANT:  READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *
  *****************************************************************
  PHP 5.4.x has been declared EOL (end of life) and is no longer receiving
  upstream support.  PHP 5.5.x is also no longer on active support status and
  security fixes will continue only until 5 months from now.  For this reason
  we have provided PHP 5.6 packages as security updates.  Be aware that PHP
  5.6 is not 100% compatible with PHP 5.4, and some changes may be required
  to existing web pages written for PHP 5.4.
  For information on how to migrate from PHP 5.4, please see:
    http://php.net/manual/en/migration55.php
    http://php.net/manual/en/migration56.php
  The final PHP 5.4 packages may be found in /pasture in case there is a need
  to revert this update.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Mon, 08 Feb 2016 23:08:35

Messaggioda Slacky BOT Packager » mar feb 09, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Feb  8 22:08:35 UTC 2016
patches/packages/curl-7.47.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where NTLM credentials are not checked
  for proxy connection reuse.  The effects of this flaw is that the application
  could be reusing a proxy connection using the previously used credentials
  and thus it could be given to or prevented access from resources that it
  wasn't intended to.  Thanks to Isaac Boukris.
  For more information, see:
    https://curl.haxx.se/docs/adv_20160127A.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755
  (* Security fix *)
patches/packages/flac-1.3.1-i486-1_slack14.1.txz:  Upgraded.
  This update is needed by the latest version of libsndfile.
patches/packages/libsndfile-1.0.26-i486-1_slack14.1.txz:  Upgraded.
  This release fixes security issues which may allow attackers to cause
  a denial of service, or possibly execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9756
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7805
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 11 Feb 2016 22:56:21

Messaggioda Slacky BOT Packager » ven feb 12, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 11 21:56:21 UTC 2016
patches/packages/mozilla-firefox-38.6.1esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Sun, 14 Feb 2016 20:40:04

Messaggioda Slacky BOT Packager » lun feb 15, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Feb 14 19:40:04 UTC 2016
patches/packages/mozilla-thunderbird-38.6.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 23 Feb 2016 20:31:59

Messaggioda Slacky BOT Packager » mer feb 24, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Feb 23 19:31:59 UTC 2016
patches/packages/bind-9.9.8_P3-i486-1_slack14.1.txz:  Upgraded.
  This release fixes two possible denial-of-service issues:
    render_ecs errors were mishandled when printing out a OPT record resulting
    in a assertion failure.  (CVE-2015-8705) [RT #41397]
    Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
  (* Security fix *)
patches/packages/glibc-2.17-i486-11_slack14.1.txz:  Rebuilt.
  This update provides a patch to fix the stack-based buffer overflow in
  libresolv that could allow specially crafted DNS responses to seize
  control of execution flow in the DNS client (CVE-2015-7547).  However,
  due to a patch applied to Slackware's glibc back in 2009 (don't use the
  gethostbyname4() lookup method as it was causing some cheap routers to
  misbehave), we were not vulnerable to that issue.  Nevertheless it seems
  prudent to patch the overflows anyway even if we're not currently using
  the code in question.  Thanks to mancha for the backported patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz:  Rebuilt.
patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz:  Upgraded.
  Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
  Use ciphertext blinding for Elgamal decryption.
  For more information, see:
    http://www.cs.tau.ac.IL/~tromer/ecdh/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
  (* Security fix *)
patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several low and medium severity vulnerabilities.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Fri, 26 Feb 2016 23:54:05

Messaggioda Slacky BOT Packager » sab feb 27, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Feb 26 22:54:05 UTC 2016
patches/packages/libssh-0.7.3-i486-1_slack14.1.txz:  Upgraded.
  Fixed weak key generation.  Due to a bug in the ephemeral secret key
  generation for the diffie-hellman-group1 and diffie-hellman-group14
  methods, ephemeral secret keys of size 128 bits are generated, instead
  of the recommended sizes of 1024 and 2048 bits, giving a practical
  security of 63 bits.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 03 Mar 2016 06:41:26

Messaggioda Slacky BOT Packager » ven mar 04, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  3 05:41:26 UTC 2016
patches/packages/mailx-12.5-i486-2_slack14.1.txz:  Rebuilt.
  Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
  that could allow a local attacker to cause mailx to execute arbitrary
  shell commands through the use of a specially-crafted email address.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
  (* Security fix *)
patches/packages/openssl-1.0.1s-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
  Double-free in DSA code (CVE-2016-0705)
  Memory leak in SRP database lookups (CVE-2016-0798)
  BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  Side channel attack on modular exponentiation (CVE-2016-0702)
  To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or
  weak ciphers have been removed.
  For more information, see:
    https://www.openssl.org/news/secadv/20160301.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.6.18-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.18
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 08 Mar 2016 02:54:34

Messaggioda Slacky BOT Packager » mar mar 08, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 01:54:33 UTC 2016
patches/packages/php-5.6.19-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.19
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 08 Mar 2016 20:55:58

Messaggioda Slacky BOT Packager » mer mar 09, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 19:55:57 UTC 2016
patches/packages/mozilla-firefox-38.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/samba-4.1.23-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs, and two security issues:
  Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
  Out-of-bounds read in internal DNS server (CVE-2016-0771).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 10 Mar 2016 03:46:49

Messaggioda Slacky BOT Packager » gio mar 10, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 02:46:49 UTC 2016
patches/packages/bind-9.9.8_P4-i486-1_slack14.1.txz:  Upgraded.
  Fixed security issues:
  Fix resolver assertion failure due to improper DNAME handling when
    parsing fetch reply messages.  (CVE-2016-1286) [RT #41753]
  Malformed control messages can trigger assertions in named and rndc.
    (CVE-2016-1285) [RT #41666]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
  (* Security fix *)
patches/packages/mozilla-nss-3.23-i486-1_slack14.1.txz:  Upgraded.
  Upgraded to nss-3.23 and nspr-4.12.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/nss.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Fri, 11 Mar 2016 00:43:47

Messaggioda Slacky BOT Packager » ven mar 11, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 23:43:47 UTC 2016
patches/packages/openssh-7.2p2-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug:
    sshd(8): sanitise X11 authentication credentials to avoid xauth
    command injection when X11Forwarding is enabled.
  For more information, see:
    http://www.openssh.com/txt/x11fwd.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 15 Mar 2016 22:31:49

Messaggioda Slacky BOT Packager » mer mar 16, 2016 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 15 21:31:49 UTC 2016
patches/packages/git-2.7.3-i486-1_slack14.1.txz:  Upgraded.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.1.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
patches/packages/glibc-zoneinfo-2016b-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/seamonkey-2.40-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.seamonkey-project.org/releases/seamonkey2.40
  (* Security fix *)
patches/packages/seamonkey-solibs-2.40-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager