Official patches for Slackware64-14.2

Se avete problemi con l'installazione e la configurazione di Slackware64 postate qui. Non usate questo forum per argomenti che trattano la Slackware32 o generali... per quelli usate rispettivamente il forum Slackware e Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware64 usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware64, se l'argomento è Slackware32 o generale usate rispettivamente il forum Slackware o Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Tue, 23 Feb 2016 20:31:5

Messaggioda Slacky BOT Packager » mer feb 24, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Feb 23 19:31:59 UTC 2016
patches/packages/bind-9.9.8_P3-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes two possible denial-of-service issues:
    render_ecs errors were mishandled when printing out a OPT record resulting
    in a assertion failure.  (CVE-2015-8705) [RT #41397]
    Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
  (* Security fix *)
patches/packages/glibc-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
  This update provides a patch to fix the stack-based buffer overflow in
  libresolv that could allow specially crafted DNS responses to seize
  control of execution flow in the DNS client (CVE-2015-7547).  However,
  due to a patch applied to Slackware's glibc back in 2009 (don't use the
  gethostbyname4() lookup method as it was causing some cheap routers to
  misbehave), we were not vulnerable to that issue.  Nevertheless it seems
  prudent to patch the overflows anyway even if we're not currently using
  the code in question.  Thanks to mancha for the backported patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
  (* Security fix *)
patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz:  Upgraded.
  Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
  Use ciphertext blinding for Elgamal decryption.
  For more information, see:
    http://www.cs.tau.ac.IL/~tromer/ecdh/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
  (* Security fix *)
patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several low and medium severity vulnerabilities.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 26 Feb 2016 23:54:0

Messaggioda Slacky BOT Packager » sab feb 27, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Feb 26 22:54:05 UTC 2016
patches/packages/libssh-0.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed weak key generation.  Due to a bug in the ephemeral secret key
  generation for the diffie-hellman-group1 and diffie-hellman-group14
  methods, ephemeral secret keys of size 128 bits are generated, instead
  of the recommended sizes of 1024 and 2048 bits, giving a practical
  security of 63 bits.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 03 Mar 2016 06:41:2

Messaggioda Slacky BOT Packager » ven mar 04, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  3 05:41:26 UTC 2016
patches/packages/mailx-12.5-x86_64-2_slack14.1.txz:  Rebuilt.
  Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
  that could allow a local attacker to cause mailx to execute arbitrary
  shell commands through the use of a specially-crafted email address.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
  (* Security fix *)
patches/packages/openssl-1.0.1s-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
  Double-free in DSA code (CVE-2016-0705)
  Memory leak in SRP database lookups (CVE-2016-0798)
  BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  Side channel attack on modular exponentiation (CVE-2016-0702)
  To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or
  weak ciphers have been removed.
  For more information, see:
    https://www.openssl.org/news/secadv/20160301.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.6.18-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.18
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Tue, 08 Mar 2016 02:54:3

Messaggioda Slacky BOT Packager » mar mar 08, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 01:54:33 UTC 2016
patches/packages/php-5.6.19-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.19
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Tue, 08 Mar 2016 20:55:5

Messaggioda Slacky BOT Packager » mer mar 09, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 19:55:57 UTC 2016
patches/packages/mozilla-firefox-38.7.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/samba-4.1.23-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes bugs, and two security issues:
  Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
  Out-of-bounds read in internal DNS server (CVE-2016-0771).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 10 Mar 2016 03:46:4

Messaggioda Slacky BOT Packager » gio mar 10, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 02:46:49 UTC 2016
patches/packages/bind-9.9.8_P4-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed security issues:
  Fix resolver assertion failure due to improper DNAME handling when
    parsing fetch reply messages.  (CVE-2016-1286) [RT #41753]
  Malformed control messages can trigger assertions in named and rndc.
    (CVE-2016-1285) [RT #41666]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
  (* Security fix *)
patches/packages/mozilla-nss-3.23-x86_64-1_slack14.1.txz:  Upgraded.
  Upgraded to nss-3.23 and nspr-4.12.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/nss.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 11 Mar 2016 00:43:4

Messaggioda Slacky BOT Packager » ven mar 11, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 23:43:47 UTC 2016
patches/packages/openssh-7.2p2-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug:
    sshd(8): sanitise X11 authentication credentials to avoid xauth
    command injection when X11Forwarding is enabled.
  For more information, see:
    http://www.openssh.com/txt/x11fwd.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Tue, 15 Mar 2016 22:31:4

Messaggioda Slacky BOT Packager » mer mar 16, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 15 21:31:49 UTC 2016
patches/packages/git-2.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.1.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
patches/packages/glibc-zoneinfo-2016b-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/seamonkey-2.40-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.seamonkey-project.org/releases/seamonkey2.40
  (* Security fix *)
patches/packages/seamonkey-solibs-2.40-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 17 Mar 2016 23:09:1

Messaggioda Slacky BOT Packager » ven mar 18, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 17 22:09:16 UTC 2016
patches/packages/mozilla-firefox-38.7.1esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 18 Mar 2016 21:02:4

Messaggioda Slacky BOT Packager » sab mar 19, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 18 20:02:40 UTC 2016
patches/packages/git-2.7.4-x86_64-1_slack14.1.txz:  Upgraded.
  NOTE:  Issuing this patch again since the bug reporter listed the
  wrong git version (2.7.1) as fixed.  The vulnerability was actually
  patched in git-2.7.4.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.4.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
patches/packages/mozilla-thunderbird-38.7.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 25 Mar 2016 21:44:0

Messaggioda Slacky BOT Packager » sab mar 26, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 25 20:43:59 UTC 2016
patches/packages/glibc-zoneinfo-2016c-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/libevent-2.0.22-x86_64-1_slack14.1.txz:  Upgraded.
  Multiple integer overflows in the evbuffer API allow context-dependent
  attackers to cause a denial of service or possibly have other unspecified
  impact via "insanely large inputs" to the (1) evbuffer_add,
  (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a
  heap-based buffer overflow or an infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
  (* Security fix *)
patches/packages/mozilla-thunderbird-38.7.1-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 01 Apr 2016 23:17:3

Messaggioda Slacky BOT Packager » sab apr 02, 2016 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Apr  1 21:17:37 UTC 2016
patches/packages/dhcp-4.3.4-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and (previously patched) security issues.
patches/packages/mercurial-3.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes security issues and bugs, including remote code execution
  in binary delta decoding, arbitrary code execution with Git subrepos, and
  arbitrary code execution when converting Git repos.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
  (* Security fix *)
patches/packages/php-5.6.20-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.20
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 2.6
Linux 2.6
Messaggi: 810
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.2 on Thu, 30 Jun 2016 22:26:57 +0200

Messaggioda Slacky BOT Packager » sab lug 02, 2016 22:37

Hey guys,
new patches have been released for slackware64-14.2. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!

The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2.  The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system.  Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)
+--------------------------+

Have fun,
Slacky BOT Packager