Official patches for Slackware-14.2

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 04 Nov 2014 01:05:23

Messaggioda Slacky BOT Packager » mar nov 04, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Nov  4 00:05:23 UTC 2014
patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
  (* Security fix *)
patches/packages/mozilla-firefox-31.2.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/php-5.4.34-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
  #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
  #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
  (* Security fix *)
patches/packages/seamonkey-2.30-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.30-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Fri, 07 Nov 2014 22:02:55

Messaggioda Slacky BOT Packager » sab nov 08, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Nov  7 21:02:55 UTC 2014
patches/packages/bash-4.2.053-i486-1_slack14.1.txz:  Upgraded.
  Applied all upstream patches.  The previously applied patch requiring
  a specific prefix/suffix in order to parse variables for functions
  closed all of the known vulnerabilities anyway, but it's clear that
  until all the patches were applied that the "is this still vulnerable"
  questions were not going to end...
patches/packages/xfce4-weather-plugin-0.8.4-i486-1_slack14.1.txz:  Upgraded.
  Package upgraded to fix the API used to fetch weather data.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 13 Nov 2014 21:45:55

Messaggioda Slacky BOT Packager » ven nov 14, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Nov 13 20:45:54 UTC 2014
patches/packages/mariadb-5.5.40-i486-2_slack14.1.txz:  Rebuilt.
  Reverted change to my_config.h that breaks compiling many applications
  that link against the MariaDB libraries.
  Thanks to Willy Sudiarto Raharjo.
patches/packages/pidgin-2.10.10-i486-2_slack14.1.txz:  Rebuilt.
  Fix Gadu-Gadu protocol when GnuTLS is not used.  Thanks to mancha.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Sun, 16 Nov 2014 23:41:20

Messaggioda Slacky BOT Packager » lun nov 17, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Nov 16 22:41:20 UTC 2014
patches/packages/mozilla-thunderbird-31.2.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 03 Dec 2014 08:03:12

Messaggioda Slacky BOT Packager » gio dic 04, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Dec  3 07:03:12 UTC 2014
patches/packages/mozilla-thunderbird-31.3.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 11 Dec 2014 02:18:35

Messaggioda Slacky BOT Packager » gio dic 11, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Dec 11 01:18:35 UTC 2014
patches/packages/bind-9.9.6_P1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where a failure to place limits on
  delegation chaining can allow an attacker to crash BIND or cause memory
  exhaustion.
  For more information, see:
    https://kb.isc.org/article/AA-01216
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
  (* Security fix *)
patches/packages/mozilla-firefox-31.3.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/openssh-6.7p1-i486-2_slack14.1.txz:  Rebuilt.
  Restored support for tcpwrappers that was dropped by upstream.
  Thanks to mancha.
patches/packages/openvpn-2.3.6-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue that allows remote authenticated
  users to cause a denial of service (server crash) via a small control
  channel packet.
  For more information, see:
    https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
  (* Security fix *)
patches/packages/pidgin-2.10.11-i486-1_slack14.1.txz:  Upgraded.
  This update contains login fixes for MSN and some XMPP servers.
patches/packages/seamonkey-2.31-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.31-i486-1_slack14.1.txz:  Upgraded.
patches/packages/wpa_supplicant-2.3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a remote command-execution vulnerability caused by a
  failure to adequately sanitize user-supplied input.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Tue, 23 Dec 2014 01:05:24

Messaggioda Slacky BOT Packager » mer dic 24, 2014 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Dec 23 00:05:23 UTC 2014
patches/packages/ntp-4.2.8-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several high-severity vulnerabilities discovered by Neel Mehta
  and Stephen Roettger of the Google Security Team.
  For more information, see:
    https://www.kb.cert.org/vuls/id/852879
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
  (* Security fix *)
patches/packages/php-5.4.36-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68545 (NULL pointer dereference in unserialize.c).
  #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
  (* Security fix *)
patches/packages/xorg-server-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
  This update fixes many security issues discovered by Ilja van Sprundel,
  a security researcher with IOActive.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.14.3-i486-3_slack14.1.txz:  Rebuilt.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Fri, 09 Jan 2015 18:47:53

Messaggioda Slacky BOT Packager » sab gen 10, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jan  9 17:47:53 UTC 2015
patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl.org/news/secadv_20150108.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Sat, 17 Jan 2015 05:26:41

Messaggioda Slacky BOT Packager » dom gen 18, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Jan 17 04:26:41 UTC 2015
patches/packages/freetype-2.5.5-i486-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug that could cause freetype to crash
  or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240
  (* Security fix *)
patches/packages/mozilla-firefox-31.4.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.4.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.32-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 21 Jan 2015 04:10:02

Messaggioda Slacky BOT Packager » mer gen 21, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Jan 21 03:10:01 UTC 2015
patches/packages/samba-4.1.16-i486-1_slack14.1.txz:  Upgraded.
  This update is a security release in order to address CVE-2014-8143
  (Elevation of privilege to Active Directory Domain Controller).
  Samba's AD DC allows the administrator to delegate creation of user or
  computer accounts to specific users or groups.  However, all released
  versions of Samba's AD DC did not implement the additional required
  check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl
  attributes.  Most Samba deployments are not of the AD Domain Controller,
  but are of the classic domain controller, the file server or print server.
  Only the Active Directory Domain Controller is affected by this issue.
  Additionally, most sites running the AD Domain Controller do not configure
  delegation for the creation of user or computer accounts, and so are not
  vulnerable to this issue, as no writes are permitted to the
  userAccountControl attribute, no matter what the value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 28 Jan 2015 20:23:00

Messaggioda Slacky BOT Packager » gio gen 29, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Jan 28 19:23:00 UTC 2015
patches/packages/glibc-2.17-i486-10_slack14.1.txz:  Rebuilt.
  This update patches a security issue __nss_hostname_digits_dots() function
  of glibc which may be triggered through the gethostbyname*() set of
  functions.  This flaw could allow local or remote attackers to take control
  of a machine running a vulnerable version of glibc.  Thanks to Qualys for
  discovering this issue (also known as the GHOST vulnerability.)
  For more information, see:
    https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
  (* Security fix *)
patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014j and tzdata2014j.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Mon, 16 Feb 2015 21:15:52

Messaggioda Slacky BOT Packager » mar feb 17, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Feb 16 19:33:36 UTC 2015
patches/packages/btrfs-progs-20150213-i486-1.txz:  Upgraded.
  Added the header files to the package.  Thanks to Vincent Batts.
patches/packages/patch-2.7.4-i486-1_slack14.1.txz:  Upgraded.
  Patch no longer follows symbolic links to input and output files.  This
  ensures that symbolic links created by git-style patches cannot cause
  patch to write outside the working directory.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
  (* Security fix *)
patches/packages/seamonkey-2.32.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32.1-i486-1_slack14.1.txz:  Upgraded.
patches/packages/sudo-1.8.12-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a potential security issue by only passing the TZ
  environment variable it is considered safe.  This prevents exploiting bugs
  in glibc's TZ parser that could be used to read files that the user does
  not have access to, or to cause a denial of service.
  For more information, see:
    http://www.sudo.ws/sudo/alerts/tz.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 26 Feb 2015 02:06:11

Messaggioda Slacky BOT Packager » gio feb 26, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 26 01:06:11 UTC 2015
patches/packages/mozilla-firefox-31.5.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Thu, 05 Mar 2015 22:56:16

Messaggioda Slacky BOT Packager » ven mar 06, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  5 21:56:15 UTC 2015
patches/packages/samba-4.1.17-i486-1_slack14.1.txz:  Upgraded.
  This package fixes security issues since the last update:
    BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
    in netlogon server could lead to security vulnerability.
    BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
    a NULL pointer.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware-14.1 on Wed, 22 Apr 2015 04:11:53

Messaggioda Slacky BOT Packager » mer apr 22, 2015 6:00

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 21 23:44:00 UTC 2015
patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz:  Upgraded.
  Fix some denial-of-service and other security issues.
  For more information, see:
    https://kb.isc.org/article/AA-01166/
    https://kb.isc.org/article/AA-01161/
    https://kb.isc.org/article/AA-01167/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
  (* Security fix *)
patches/packages/gnupg-1.4.19-i486-1_slack14.1.txz:  Upgraded.
  * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
    See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
  * Fixed data-dependent timing variations in modular exponentiation
    [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
    are Practical].
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837
  (* Security fix *)
patches/packages/httpd-2.4.12-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
   * CVE-2014-3583 mod_proxy_fcgi:  Fix a potential crash due to buffer
     over-read, with response headers' size above 8K.
   * CVE-2014-3581 mod_cache:  Avoid a crash when Content-Type has an
     empty value.  PR 56924.
   * CVE-2014-8109 mod_lua:  Fix handling of the Require line when a
     LuaAuthzProvider is used in multiple Require directives with
     different arguments.  PR57204.
   * CVE-2013-5704 core:  HTTP trailers could be used to replace HTTP
     headers late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified request
     headers earlier.  Adds "MergeTrailers" directive to restore legacy
     behavior.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
  (* Security fix *)
patches/packages/libssh-0.6.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
  (* Security fix *)
patches/packages/mozilla-firefox-31.6.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.6.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/mutt-1.5.23-i486-2_slack14.1.txz:  Rebuilt.
  Patched a vulnerability where malformed headers can cause mutt to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
  (* Security fix *)
patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes the
  following medium-severity vulnerabilities involving private key
  authentication:
  * ntpd accepts unauthenticated packets with symmetric key crypto.
  * Authentication doesn't protect symmetric associations against DoS attacks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
  (* Security fix *)
patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
   o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
   o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
   o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
   o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
   o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
   o Removed the export ciphers from the DEFAULT ciphers
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded.
  This update fixes some security issues.
  Please note that this package build also moves the configuration files
  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
  (* Security fix *)
patches/packages/ppp-2.4.5-i486-3_slack14.1.txz:  Rebuilt.
  Fixed a potential security issue in parsing option files.
  Fixed remotely triggerable PID overflow that causes pppd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310
  (* Security fix *)
patches/packages/proftpd-1.3.4e-i486-1_slack14.1.txz:  Upgraded.
  Patched an issue where mod_copy allowed unauthenticated copying
  of files via SITE CPFR/CPTO.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
  (* Security fix *)
patches/packages/qt-4.8.6-i486-1_slack14.1.txz:  Upgraded.
  Fixed issues with BMP, ICO, and GIF handling that could lead to a denial
  of service or the execution of arbitrary code when processing malformed
  images.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
  (* Security fix *)
patches/packages/seamonkey-2.33.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.33.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager


Torna a “Slackware”

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti