Pagina 6 di 14
New patches for slackware64-14.0 on Mon, 10 Jun 2013 23:51:5
Inviato: mar 11 giu 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Jun 10 21:51:54 UTC 2013
patches/packages/php-5.4.16-x86_64-1_slack14.0.txz: Upgraded.
This is a bugfix release. It also fixes a security issue -- a heap-based
overflow in the quoted_printable_encode() function, which could be used by
a remote attacker to crash PHP or execute code as the 'apache' user.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Sun, 23 Jun 2013 23:00:0
Inviato: lun 24 giu 2013, 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sun Jun 23 21:00:00 UTC 2013
patches/packages/curl-7.29.0-x86_64-3_slack14.0.txz: Rebuilt.
This fixes a minor security issue where a decode buffer boundary flaw in
libcurl could lead to heap corruption.
For more information, see:
http://curl.haxx.se/docs/adv_20130622.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Fri, 28 Jun 2013 01:56:3
Inviato: ven 28 giu 2013, 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Jun 27 23:56:34 UTC 2013
patches/packages/ruby-1.9.3_p448-x86_64-1_slack14.0.txz: Upgraded.
This update patches a vulnerability in Ruby's SSL client that could allow
man-in-the-middle attackers to spoof SSL servers via a valid certificate
issued by a trusted certification authority.
For more information, see:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Sun, 30 Jun 2013 00:08:2
Inviato: dom 30 giu 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sat Jun 29 22:08:25 UTC 2013
patches/packages/mozilla-firefox-17.0.7esr-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
We had to switch to ESR here as well, as there's a problem running Firefox
22.0 on Slackware 14.0 under KDE (crash when oxygen-gtk2 is installed).
Forcing people to uninstall oxygen-gtk2 isn't really an option for a
security fix, and upgrading to the latest oxygen-gtk2 did not help.
It's possible that future Firefox/Thunderbird security updates will always
come from the ESR branch.
patches/packages/mozilla-thunderbird-17.0.7-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Sun, 07 Jul 2013 03:31:2
Inviato: dom 7 lug 2013, 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sun Jul 7 01:31:24 UTC 2013
patches/packages/httpd-2.4.4-x86_64-2_slack14.0.txz: Rebuilt.
Patched htpasswd hash generation bug.
Thanks to MadMaverick9.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Wed, 10 Jul 2013 09:15:3
Inviato: gio 11 lug 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Jul 10 07:15:30 UTC 2013
patches/packages/dbus-1.4.20-x86_64-4_slack14.0.txz: Rebuilt.
This update fixes a security issue where misuse of va_list could be used to
cause a denial of service for system services.
Vulnerability reported by Alexandru Cornea.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Tue, 16 Jul 2013 23:18:5
Inviato: mer 17 lug 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Tue Jul 16 21:18:56 UTC 2013
patches/packages/php-5.4.17-x86_64-1_slack14.0.txz: Upgraded.
This update fixes an issue where XML in PHP does not properly consider
parsing depth, which allows remote attackers to cause a denial of service
(heap memory corruption) or possibly have unspecified other impact via a
crafted document that is processed by the xml_parse_into_struct function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Sat, 03 Aug 2013 22:36:5
Inviato: dom 4 ago 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sat Aug 3 20:36:53 UTC 2013
patches/packages/gnupg-1.4.14-x86_64-1_slack14.0.txz: Upgraded.
Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys.
For more information, see:
http://eprint.iacr.org/2013/448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
(* Security fix *)
patches/packages/libgcrypt-1.5.3-x86_64-1_slack14.0.txz: Upgraded.
Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys.
For more information, see:
http://eprint.iacr.org/2013/448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Tue, 06 Aug 2013 07:23:3
Inviato: mer 7 ago 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Tue Aug 6 05:23:34 UTC 2013
patches/packages/bind-9.9.3_P2-x86_64-1_slack14.0.txz: Upgraded.
This update fixes a security issue where a specially crafted query can cause
BIND to terminate abnormally, resulting in a denial of service.
For more information, see:
https://kb.isc.org/article/AA-01015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
(* Security fix *)
patches/packages/httpd-2.4.6-x86_64-1_slack14.0.txz: Upgraded.
This update addresses two security issues:
* SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
a URI handled by mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
* SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
dirty flag is respected when saving sessions, and ensure the session ID
is changed each time the session changes. This changes the format of the
updatesession SQL statement. Existing configurations must be changed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
(* Security fix *)
patches/packages/samba-3.6.17-x86_64-1_slack14.0.txz: Upgraded.
This update fixes missing integer wrap protection in an EA list reading
that can allow authenticated or guest connections to cause the server to
loop, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Thu, 08 Aug 2013 04:22:4
Inviato: ven 9 ago 2013, 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 8 02:22:40 UTC 2013
patches/packages/mozilla-firefox-17.0.8esr-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-thunderbird-17.0.8-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
patches/packages/seamonkey-2.20-x86_64-1_slack14.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.20-x86_64-1_slack14.0.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Thu, 15 Aug 2013 05:46:1
Inviato: ven 16 ago 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 15 03:46:12 UTC 2013
patches/packages/seamonkey-2.20-x86_64-2_slack14.0.txz: Rebuilt.
Recompiled without the --enable-shared-js option to fix the Mozilla
Lightning plugin. This removes libmozjs.so, but there's a standalone js
package now anyway.
Thanks to ljb643.
patches/packages/seamonkey-solibs-2.20-x86_64-2_slack14.0.txz: Rebuilt.
Recompiled without the --enable-shared-js option to fix the Mozilla
Lightning plugin. This removes libmozjs.so, but there's a standalone js
package now anyway.
Thanks to ljb643.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Wed, 21 Aug 2013 20:27:3
Inviato: gio 22 ago 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Aug 21 18:27:33 UTC 2013
patches/packages/hplip-3.12.9-x86_64-2_slack14.0.txz: Rebuilt.
This update fixes a stack-based buffer overflow in the hpmud_get_pml
function that can allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SNMP response
with a large length value.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
(* Security fix *)
patches/packages/poppler-0.20.2-x86_64-2_slack14.0.txz: Rebuilt.
Sanitize error messages to remove escape sequences that could be used to
exploit vulnerable terminal emulators.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
(* Security fix *)
patches/packages/xpdf-3.03-x86_64-1_slack14.0.txz: Upgraded.
Sanitize error messages to remove escape sequences that could be used to
exploit vulnerable terminal emulators.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
Thanks to mancha.
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Fri, 30 Aug 2013 21:39:3
Inviato: sab 31 ago 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Fri Aug 30 19:39:38 UTC 2013
patches/packages/gnutls-3.0.31-x86_64-1_slack14.0.txz: Upgraded.
[Updated to the correct version to fix fetching the "latest" from gnu.org]
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
(* Security fix *)
patches/packages/samba-3.6.18-x86_64-1_slack14.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Aug 30 06:26:06 UTC 2013
patches/packages/gnutls-3.0.26-x86_64-1_slack14.0.txz: Upgraded.
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
(* Security fix *)
patches/packages/php-5.4.19-x86_64-1_slack14.0.txz: Upgraded.
Fixed handling null bytes in subjectAltName (CVE-2013-4248).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Mon, 09 Sep 2013 05:35:0
Inviato: mar 10 set 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Sep 9 03:34:59 UTC 2013
patches/packages/subversion-1.7.13-x86_64-1_slack14.0.txz: Upgraded.
This update fixes a local privilege escalation vulnerability via
symlink attack.
For more information, see:
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware64-14.0 on Wed, 18 Sep 2013 04:56:1
Inviato: gio 19 set 2013, 6:02
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Sep 18 02:56:19 UTC 2013
patches/packages/glibc-2.15-x86_64-8_slack14.0.txz: Rebuilt.
Patched to fix integer overflows in pvalloc, valloc, and
posix_memalign/memalign/aligned_alloc.
Thanks to mancha for the backported patch.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013-4332
(* Security fix *)
Also, as long as these packages were being respun anyway, I added a patch
to fix the check for AVX opcodes. This was causing crashes on Xen.
Thanks to Dale Gallagher.
patches/packages/glibc-i18n-2.15-x86_64-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-profile-2.15-x86_64-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-solibs-2.15-x86_64-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2013d_2013d-noarch-8_slack14.0.txz: Rebuilt.
patches/packages/mozilla-firefox-17.0.9esr-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-thunderbird-17.0.9esr-x86_64-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager