Repository 32bit  Forum
Repository 64bit  Wiki

Official patches for Slackware-14.1

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.

Official patches for Slackware-14.1

Messaggioda Spina-BOT » gio lug 14, 2011 6:30

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Jul  8 16:55:13 UTC 2011
patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz:  Upgraded.
  A specially constructed packet will cause BIND 9 ("named") to exit,
  affecting DNS service.  The issue exists in BIND 9.6.3 and newer.
   "Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. This was fixed by disambiguating internal database
    representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
  (* Security fix *)
+--------------------------+
Wed Jun 29 18:17:56 UTC 2011
patches/packages/ghostscript-9.02-i486-1_slack13.37.txz:  Upgraded.
  Ghostscript 9.02 is being supplied as a non-security update for
  Slackware 13.37 to address a regression that could cause corrupted
  output.  We've also been advised that CUPS will be increasing a cache
  memory setting in future releases, so if this doesn't solve all the
  issues, try adding this to /etc/cups/cupsd.conf:
    RIPCache 128m
+--------------------------+
Mon Jun 27 21:29:54 UTC 2011
patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz:  Upgraded.
  Fixed a remote denial of service.  A remote attacker could set a specially
  crafted GIF file as their buddy icon causing vulerable versions of pidgin
  to crash due to excessive memory use.
  For more information, see:
    http://pidgin.im/news/security/?id=52
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485
  (* Security fix *)
+--------------------------+
Fri Jun 24 02:55:39 UTC 2011
patches/packages/mozilla-firefox-5.0-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack13.37.txz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
patches/packages/seamonkey-2.1-i486-1_slack13.37.txz:  Upgraded.
patches/packages/seamonkey-solibs-2.1-i486-1_slack13.37.txz:  Upgraded.
  This official release replaces the beta version in Slackware 13.37.
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.7.3_P1-i486-1_slack13.37.txz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Wed May 25 20:03:16 UTC 2011
patches/packages/apr-1.4.5-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to a problem with a loop in
  the new apr_fnmatch() implementation consuming CPU.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
  (* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz:  Upgraded.
  Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
patches/packages/httpd-2.2.19-i486-1_slack13.37.txz:  Upgraded.
  Revert ABI breakage in 2.2.18 caused by the function signature change
  of ap_unescape_url_keep2f().  This release restores the signature from
  2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
  Apache httpd-2.2.18 is considered abandoned.  All users must upgrade.
+--------------------------+
Fri May 13 20:30:07 UTC 2011
patches/packages/apr-1.4.4-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz:  Upgraded.
patches/packages/httpd-2.2.18-i486-1_slack13.37.txz:  Upgraded.
  This is a bug fix release, but since the upgrades to apr/apr-util require at
  least an httpd recompile we opted to upgrade to the newest httpd.
+--------------------------+
Tue May  3 03:35:28 UTC 2011
patches/packages/mozilla-firefox-4.0.1-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches on Thu, 14 Jul 2011 23:34:41 +0200

Messaggioda Spina-BOT » ven lug 15, 2011 6:30

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Jul 14 21:34:41 UTC 2011
patches/packages/mozilla-firefox-5.0.1-i486-1_slack13.37.txz:  Upgraded.
  I guess this is only a fix for Mac OS X, but it's still 0.0.1 better.  ;-)
patches/packages/seamonkey-2.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches on Fri, 29 Jul 2011 20:22:40 +0200

Messaggioda Spina-BOT » sab lug 30, 2011 6:30

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Jul 29 18:22:40 UTC 2011
patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz:  Upgraded.
  Sanitize the host name provided by the DHCP server to insure that it does
  not contain any shell metacharacters.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996
  (* Security fix *)
patches/packages/libpng-1.4.8-i486-1_slack13.37.txz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
patches/packages/samba-3.5.10-i486-1_slack13.37.txz:  Upgraded.
  Fixed cross-site request forgery and cross-site scripting vulnerability
  in SWAT (the Samba Web Administration Tool).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches on Sat, 13 Aug 2011 01:20:00 +0200

Messaggioda Spina-BOT » sab ago 13, 2011 6:30

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.7.4-i486-1_slack13.37.txz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches on Thu, 25 Aug 2011 11:10:45 +0200

Messaggioda Spina-BOT » ven ago 26, 2011 6:30

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 25 09:10:45 UTC 2011
patches/packages/php-5.3.8-i486-1_slack13.37.txz:  Upgraded.
  Security fixes vs. 5.3.6 (5.3.7 was not usable):
  Updated crypt_blowfish to 1.2. (CVE-2011-2483)
  Fixed crash in error_log(). Reported by Mateusz Kocielski
  Fixed buffer overflow on overlog salt in crypt().
  Fixed bug #54939 (File path injection vulnerability in RFC1867
  File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
  Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
  For those upgrading from PHP 5.2.x, be aware that quite a bit has
  changed, and it will very likely not 'drop in', but PHP 5.2.x is not
  supported by php.net any longer, so there wasn't a lot of choice
  in the matter.  We're not able to support a security fork of
  PHP 5.2.x here either, so you'll have to just bite the bullet on
  this.  You'll be better off in the long run.  :)
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Tue, 06 Sep 2011 02:15:03

Messaggioda Spina-BOT » mer set 07, 2011 6:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Tue Sep  6 00:15:03 UTC 2011
patches/packages/httpd-2.2.20-i486-1_slack13.37.txz:  Upgraded.
  SECURITY: CVE-2011-3192 (cve.mitre.org)
  core: Fix handling of byte-range requests to use less memory, to avoid
  denial of service. If the sum of all ranges in a request is larger than
  the original file, ignore the ranges and send the complete file.
  PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
  (* Security fix *)
patches/packages/mozilla-firefox-6.0.2-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/seamonkey-2.3.3-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.3.3-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Wed, 12 Oct 2011 01:18:56

Messaggioda Spina-BOT » sab ott 15, 2011 6:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Tue Oct 11 23:18:55 UTC 2011
patches/packages/file-5.09-i486-1_slack13.37.txz:  Upgraded.
patches/packages/httpd-2.2.21-i486-1_slack13.37.txz:  Upgraded.
  Respond with HTTP_NOT_IMPLEMENTED when the method is not
  recognized.  [Jean-Frederic Clere]  SECURITY: CVE-2011-3348
  Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20.
  PR 51748. [<lowprio20 gmail.com>]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
  (* Security fix *)
patches/packages/mozilla-firefox-7.0.1-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/seamonkey-2.4.1-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.4.1-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Tue, 08 Nov 2011 05:07:49

Messaggioda Spina-BOT » mer nov 09, 2011 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Tue Nov  8 04:07:49 UTC 2011
patches/packages/openssh-5.9p1-i486-2_slack13.37.txz:  Upgraded.
  Upstream different timestamp, size, ChangeLog.  GPG verifies on both
  this newer one and what we had before (?).
patches/packages/mozilla-firefox-8.0-i486-1_slack13.37.txz:  Upgraded.
patches/packages/openssh-5.9p1-i486-2.txz:  Rebuilt.
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Fri, 11 Nov 2011 19:58:21

Messaggioda Spina-BOT » sab nov 12, 2011 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Fri Nov 11 18:58:21 UTC 2011
  Good 11-11-11, everyone!  Enjoy some fresh time.  :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.txz:  Upgraded.
  New upstream homepage:  http://www.iana.org/time-zones
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Tue, 22 Nov 2011 23:33:11

Messaggioda Spina-BOT » mar nov 22, 2011 23:33

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Tue Nov 22 15:06:06 UTC 2011
patches/packages/make-3.82-i486-3_slack_13.37.txz:  Rebuilt.
  Patched a free() crash when building Android.  Thanks to Troy Unrau.
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.7.4_P1-i486-1_slack13.37.txz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Sun, 27 Nov 2011 04:37:52

Messaggioda Spina-BOT » dom nov 27, 2011 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Sun Nov 27 03:37:52 UTC 2011
patches/packages/mozilla-thunderbird-3.1.16-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
  (* Security fix *)
patches/packages/mozilla-firefox-8.0.1-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/seamonkey-2.5-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.5-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/yasm-1.2.0-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Thu, 02 Feb 2012 01:13:21

Messaggioda Spina-BOT » gio feb 02, 2012 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Thu Feb  2 00:13:21 UTC 2012
patches/packages/ca-certificates-20111211-noarch-1_slack13.37.txz:  Upgraded.
  Removes DigiNotar and other untrusted certificates.
  (* Security fix *)
patches/packages/coreutils-8.15-i486-1_slack13.37.txz:  Upgraded.
  This will be provided as a patch to fix some important issues with ext4.
  Thanks to Georgy Salnikov for the notification.
patches/packages/freetype-2.4.8-i486-1_slack13.37.txz:  Upgraded.
  Some vulnerabilities in handling CID-keyed PostScript fonts have
  been fixed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
  (* Security fix *)
patches/packages/mozilla-firefox-10.0-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-10.0-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/openssl-0.9.8t-i486-1_slack13.37.txz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8t-i486-1_slack13.37.txz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
patches/packages/seamonkey-2.7-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Wed, 08 Feb 2012 02:21:43

Messaggioda Spina-BOT » gio feb 09, 2012 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Feb  8 01:21:42 UTC 2012
patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz:  Upgraded.
  Version bump for httpd upgrade.
patches/packages/glibc-2.13-i486-5_slack13.37.txz:  Rebuilt.
  Patched an overflow in tzfile.  This was evidently first reported in
  2009, but is only now getting around to being patched.  To exploit it,
  one must be able to write beneath /usr/share/zoneinfo, which is usually
  not possible for a normal user, but may be in the case where they are
  chroot()ed to a directory that they own.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
  (* Security fix *)
patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz:  Rebuilt.
patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz:  Rebuilt.
  (* Security fix *)
patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz:  Rebuilt.
  (* Security fix *)
patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz:  Rebuilt.
patches/packages/httpd-2.2.22-i486-1_slack13.37.txz:  Upgraded.
  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
     Reject requests where the request-URI does not match the HTTP
     specification, preventing unexpected expansion of target URLs in
     some reverse proxy configurations.  [Joe Orton]
  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
     is enabled, could allow local users to gain privileges via a .htaccess
     file. [Stefan Fritsch, Greg Ames]
  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
     Resolve additional cases of URL rewriting with ProxyPassMatch or
     RewriteRule, where particular request-URIs could result in undesired
     backend network exposure in some configurations.
     [Joe Orton]
  *) SECURITY: CVE-2012-0021 (cve.mitre.org)
     mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
     string is in use and a client sends a nameless, valueless cookie, causing
     a denial of service. The issue existed since version 2.2.17. PR 52256.
     [Rainer Canavan <rainer-apache 7val com>]
  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
     Fix scoreboard issue which could allow an unprivileged child process
     could cause the parent to crash at shutdown rather than terminate
     cleanly.  [Joe Orton]
  *) SECURITY: CVE-2012-0053 (cve.mitre.org)
     Fix an issue in error responses that could expose "httpOnly" cookies
     when no custom ErrorDocument is specified for status code 400.
     [Eric Covener]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
  (* Security fix *)
patches/packages/php-5.3.10-i486-1_slack13.37.txz:  Upgraded.
  Fixed arbitrary remote code execution vulnerability reported by Stefan
  Esser, CVE-2012-0830. (Stas, Dmitry)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
  (* Security fix *)
patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz:  Upgraded.
  This update fixes a use-after-free() memory corruption error,
  and possibly other unspecified issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
  (* Security fix *)
patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz:  Upgraded.
  Minor version bump, this also works around a hard to trigger heap overflow
  in glibc (glibc zoneinfo caching vuln).  For there to be any possibility
  to trigger the glibc bug within vsftpd, the non-default option
  "chroot_local_user" must be set in /etc/vsftpd.conf.
  Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
    Nevertheless:
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Sat, 11 Feb 2012 03:37:17

Messaggioda Spina-BOT » lun feb 13, 2012 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Sat Feb 11 02:37:16 UTC 2012
patches/packages/mozilla-firefox-10.0.1-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/seamonkey-2.7.1-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7.1-i486-1_slack13.37.txz:  Upgraded.
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

New patches for slackware-13.37 on Wed, 22 Feb 2012 19:14:58

Messaggioda Spina-BOT » gio feb 23, 2012 7:30

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:
Codice: Seleziona tutto
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.4.9-i486-1_slack13.37.txz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
patches/packages/mozilla-firefox-10.0.2-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-10.0.2-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.7.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+

Have fun,
Spina-BOT
Spina-BOT
 

Prossimo

Torna a Slackware

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti