Repository 32bit  Forum
Repository 64bit  Wiki

Official patches for Slackware-14.1

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.

New patches for slackware-14.1 on Thu, 24 Jul 2014 02:50:42

Messaggioda Slacky BOT Packager » gio lug 24, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Jul 23 23:00:34 UTC 2014
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  *) SECURITY: CVE-2014-0117 (cve.mitre.org)
     mod_proxy: Fix crash in Connection header handling which
     allowed a denial of service attack against a reverse proxy
     with a threaded MPM.  [Ben Reser]
  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to
     avoid denial of sevice via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
  *) SECURITY: CVE-2014-0226 (cve.mitre.org)
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener]
  *) SECURITY: CVE-2014-0231 (cve.mitre.org)
     mod_cgid: Fix a denial of service against CGI scripts that do
     not consume stdin that could lead to lingering HTTPD child processes
     filling up the scoreboard and eventually hanging the server.  By
     default, the client I/O timeout (Timeout directive) now applies to
     communication with scripts.  The CGIDScriptTimeout directive can be
     used to set a different timeout for communication with scripts.
     [Rainer Jung, Eric Covener, Yann Ylavic]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
  (* Security fix *)
patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Fri, 01 Aug 2014 23:13:18

Messaggioda Slacky BOT Packager » sab ago 02, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Aug  1 21:13:18 UTC 2014
patches/packages/dhcpcd-6.0.5-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes a security issue where a specially crafted packet
  received from a malicious DHCP server causes dhcpcd to enter an infinite
  loop causing a denial of service.
  Thanks to Tobias Stoeckmann for the bug report.
  (* Security fix *)
patches/packages/samba-4.1.11-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a remote code execution attack on unauthenticated nmbd
  NetBIOS name services.  A malicious browser can send packets that may
  overwrite the heap of the target nmbd NetBIOS name services daemon.
  It may be possible to use this to generate a remote code execution
  vulnerability as the superuser (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
  (* Security fix *)
patches/packages/xscreensaver-5.29-i486-1_slack14.1.txz:  Upgraded.
  Disabled nag screen that says "This version of XScreenSaver is very old!
  Please upgrade!" when the age of the software exceeds 12 months.
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Fri, 08 Aug 2014 21:02:50

Messaggioda Slacky BOT Packager » sab ago 09, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Aug  8 19:02:50 UTC 2014
patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
  Double Free when processing DTLS packets (CVE-2014-3505)
  DTLS memory exhaustion (CVE-2014-3506)
  DTLS memory leak from zero-length fragments (CVE-2014-3507)
  Information leak in pretty printing functions (CVE-2014-3508)
  Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
  OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
  OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
  SRP buffer overrun (CVE-2014-3512)
  Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
  For more information, see:
    https://www.openssl.org/news/secadv_20140806.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz:  Upgraded.
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Fri, 29 Aug 2014 01:17:47

Messaggioda Slacky BOT Packager » ven ago 29, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 28 23:17:47 UTC 2014
patches/packages/mozilla-nss-3.16.4-i486-1.txz:  Upgraded.
  Upgraded to nss-3.16.4 and nspr-4.10.7.
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Thu, 04 Sep 2014 21:43:26

Messaggioda Slacky BOT Packager » ven set 05, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Sep  4 19:43:25 UTC 2014
patches/packages/mozilla-firefox-24.8.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.8.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/php-5.4.32-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Tue, 09 Sep 2014 20:01:06

Messaggioda Slacky BOT Packager » mer set 10, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Tue Sep  9 18:01:05 UTC 2014
patches/packages/seamonkey-2.29-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  (* Security fix *)
patches/packages/seamonkey-solibs-2.29-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Thu, 25 Sep 2014 00:52:54

Messaggioda Slacky BOT Packager » gio set 25, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Sep 24 22:52:53 UTC 2014
patches/packages/bash-4.2.048-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a vulnerability in bash related to how environment
  variables are processed:  trailing code in function definitions was
  executed, independent of the variable name.  In many common configurations
  (such as the use of CGI scripts), this vulnerability is exploitable over
  the network.  Thanks to Stephane Chazelas for discovering this issue.
  For more information, see:
    http://seclists.org/oss-sec/2014/q3/650
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
  (* Security fix *)
patches/packages/mozilla-nss-3.16.5-i486-1_slack14.1.txz:  Upgraded.
  Fixed an RSA Signature Forgery vulnerability.
  For more information, see:
    https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Thu, 25 Sep 2014 21:55:13

Messaggioda Slacky BOT Packager » ven set 26, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Sep 25 19:55:13 UTC 2014
patches/packages/bash-4.2.048-i486-2_slack14.1.txz:  Rebuilt.
  Patched an additional trailing string processing vulnerability discovered
  by Tavis Ormandy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Sat, 27 Sep 2014 00:23:33

Messaggioda Slacky BOT Packager » sab set 27, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Sep 26 22:23:32 UTC 2014
patches/packages/bash-4.2.049-i486-1_slack14.1.txz:  Upgraded.
  This is essentially a rebuild as the preliminary patch for CVE-2014-7169
  has been accepted by upstream and is now signed.  This also bumps the
  patchlevel, making it easy to tell this is the fixed version.
  Possibly more changes to come, given the ongoing discussions on oss-sec.
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Mon, 29 Sep 2014 01:07:39

Messaggioda Slacky BOT Packager » lun set 29, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Sun Sep 28 23:07:39 UTC 2014
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.8.1-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.29.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.29.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Mon, 29 Sep 2014 20:41:23

Messaggioda Slacky BOT Packager » mar set 30, 2014 5:02

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Mon Sep 29 18:41:23 UTC 2014
patches/packages/bash-4.2.050-i486-1_slack14.1.txz:  Upgraded.
  Another bash update.  Here's some information included with the patch:
    "This patch changes the encoding bash uses for exported functions to avoid
    clashes with shell variables and to avoid depending only on an environment
    variable's contents to determine whether or not to interpret it as a shell
    function."
  After this update, an environment variable will not go through the parser
  unless it follows this naming structure:  BASH_FUNC_*%%
  Most scripts never expected to import functions from environment variables,
  so this change (although not backwards compatible) is not likely to break
  many existing scripts.  It will, however, close off access to the parser as
  an attack surface in the vast majority of cases.  There's already another
  vulnerability similar to CVE-2014-6271 for which there is not yet a fix,
  but this hardening patch prevents it (and likely many more similar ones).
  Thanks to Florian Weimer and Chet Ramey.
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Wed, 15 Oct 2014 19:28:59

Messaggioda Slacky BOT Packager » gio ott 16, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Oct 15 17:28:59 UTC 2014
patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz:  Upgraded.
  (* Security fix *)
patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
  SRTP Memory Leak (CVE-2014-3513):
    A flaw in the DTLS SRTP extension parsing code allows an attacker, who
    sends a carefully crafted handshake message, to cause OpenSSL to fail
    to free up to 64k of memory causing a memory leak. This could be
    exploited in a Denial Of Service attack.
  Session Ticket Memory Leak (CVE-2014-3567):
    When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
    integrity of that ticket is first verified. In the event of a session
    ticket integrity check failing, OpenSSL will fail to free memory
    causing a memory leak. By sending a large number of invalid session
    tickets an attacker could exploit this issue in a Denial Of Service
    attack.
  SSL 3.0 Fallback protection:
    OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
    to block the ability for a MITM attacker to force a protocol
    downgrade.
    Some client applications (such as browsers) will reconnect using a
    downgraded protocol to work around interoperability bugs in older
    servers. This could be exploited by an active man-in-the-middle to
    downgrade connections to SSL 3.0 even if both sides of the connection
    support higher protocols. SSL 3.0 contains a number of weaknesses
    including POODLE (CVE-2014-3566).
  Build option no-ssl3 is incomplete (CVE-2014-3568):
    When OpenSSL is configured with "no-ssl3" as a build option, servers
    could accept and complete a SSL 3.0 handshake, and clients could be
    configured to send them.
  For more information, see:
    https://www.openssl.org/news/secadv_20141015.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Tue, 21 Oct 2014 00:21:45

Messaggioda Slacky BOT Packager » mar ott 21, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Mon Oct 20 22:21:45 UTC 2014
patches/packages/openssh-6.7p1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue that allows remote servers to trigger
  the skipping of SSHFP DNS RR checking by presenting an unacceptable
  HostCertificate.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Fri, 24 Oct 2014 23:11:15

Messaggioda Slacky BOT Packager » sab ott 25, 2014 5:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Oct 24 21:11:15 UTC 2014
patches/packages/glibc-2.17-i486-9_slack14.1.txz:  Rebuilt.
  Rebuilt using --enable-kernel=2.6.32 for better compatibility with
  host kernels when running Slackware in a VM or container.
  Thanks to Vincent Batts and Eric Hameleers.
patches/packages/glibc-i18n-2.17-i486-9_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-9_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-9_slack14.1.txz:  Rebuilt.
+--------------------------+
Fri Oct 24 04:55:44 UTC 2014
patches/packages/glibc-2.17-i486-8_slack14.1.txz:  Rebuilt.
  This update fixes several security issues, and adds an extra security
  hardening patch from Florian Weimer.  Thanks to mancha for help with
  tracking and backporting patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-8_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz:  Upgraded.
  Upgraded to tzcode2014i and tzdata2014i.
pidgin-2.10.10-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
  Insufficient SSL certificate validation (CVE-2014-3694)
  Remote crash parsing malformed MXit emoticon (CVE-2014-3695)
  Remote crash parsing malformed Groupwise message (CVE-2014-3696)
  Malicious smiley themes could alter arbitrary files (CVE-2014-3697)
  Potential information leak from XMPP (CVE-2014-3698)
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3694
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3695
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3696
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3697
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3698
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

New patches for slackware-14.1 on Wed, 29 Oct 2014 19:21:12

Messaggioda Slacky BOT Packager » gio ott 30, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Oct 29 18:21:12 UTC 2014
patches/packages/wget-1.14-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes a symlink vulnerability that could allow an attacker
  to write outside of the expected directory.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager
Slacky BOT Packager
Linux 2.6
Linux 2.6
 
Messaggi: 635
Iscritto il: mar giu 19, 2012 10:18

PrecedenteProssimo

Torna a Slackware

Chi c’è in linea

Visitano il forum: Google [Bot] e 3 ospiti