Official patches for Slackware-14.1

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 14 05:35:22 UTC 2013
patches/packages/pidgin-2.10.7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes several security issues:
  Remote MXit user could specify local file path.
  MXit buffer overflow reading data from network.
  Sametime crash with long user IDs.
  Crash when receiving a UPnP response with abnormally long values.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Feb 20 05:24:23 UTC 2013
patches/packages/mozilla-firefox-19.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-17.0.3-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Feb 25 19:45:33 UTC 2013
patches/packages/seamonkey-2.16-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Mar  3 22:10:56 UTC 2013
patches/packages/httpd-2.4.4-i486-1_slack14.0.txz:  Upgraded.
  This update provides bugfixes and enhancements.
  Two security issues are fixed:
  *  Various XSS flaws due to unescaped hostnames and URIs HTML output in
     mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
  *  XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
     Niels Heinen <heinenn google com>]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  7 00:16:35 UTC 2013
patches/packages/sudo-1.8.6p7-i486-1_slack14.0.txz:  Upgraded.
  This update fixes security issues that could allow a user to run commands
  without authenticating after the password timeout has already expired.
  Note that the vulnerability did not permit a user to run commands other
  than those allowed by the sudoers policy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Mar  9 06:19:05 UTC 2013
patches/packages/mozilla-firefox-19.0.2-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 12 06:59:27 UTC 2013
patches/packages/glibc-zoneinfo-2013b-noarch-1_slack14.0.txz:  Upgraded.
  This package provides the latest timezone updates.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 14 03:55:33 UTC 2013
patches/packages/perl-5.16.3-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a flaw in the rehashing code that can be exploited
  to carry out a denial of service attack against code that uses arbitrary
  user input as hash keys.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
  (* Security fix *)
patches/packages/seamonkey-2.16.1-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.16.1-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Mar 16 19:35:45 UTC 2013
patches/packages/seamonkey-2.16.2-i486-1_slack14.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/seamonkey-solibs-2.16.2-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+
Sat Mar 16 07:10:09 UTC 2013
patches/packages/ruby-1.9.3_p392-i486-1_slack14.0.txz:  Upgraded.
  This release includes security fixes about bundled JSON and REXML.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Mar 23 20:22:12 UTC 2013
patches/packages/php-5.4.13-i486-1_slack14.0.txz:  Upgraded.
  This release fixes two security issues in SOAP:
  Added check that soap.wsdl_cache_dir conforms to open_basedir.
  Disabled external entities loading.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Mar 27 06:09:29 UTC 2013
patches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a critical defect in BIND 9 that allows an attacker
  to cause excessive memory consumption in named or other programs linked
  to libdns.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
    https://kb.isc.org/article/AA-00871
  (* Security fix *)
patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz:  Upgraded.
  This update replaces the included BIND 9 code that the DHCP programs
  link against.  Those contained a defect that could possibly lead to
  excessive memory consumption and a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 29 00:27:36 UTC 2013
patches/packages/libssh-0.5.4-i486-1_slack14.0.txz:  Upgraded.
  This update fixes a possible denial of service issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
  (* Security fix *)
+--------------------------+
Thu Mar 28 06:59:52 UTC 2013
patches/packages/tumbler-0.1.25-i486-3_slack14.0.txz:  Rebuilt.
  Patched a bug that caused tumbler to hold files open preventing volumes from
  being ejected.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Apr  3 06:58:59 UTC 2013
patches/packages/mozilla-firefox-20.0-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-17.0.5-i486-1_slack14.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Apr  5 05:21:45 UTC 2013
patches/packages/subversion-1.7.9-i486-1_slack14.0.txz:  Upgraded.
  This update fixes some denial of service bugs:
    mod_dav_svn excessive memory usage from property changes
    mod_dav_svn crashes on LOCK requests against activity URLs
    mod_dav_svn crashes on LOCK requests against non-existant URLs
    mod_dav_svn crashes on PROPFIND requests against activity URLs
    mod_dav_svn crashes on out of range limit in log REPORT request
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Apr  7 23:23:38 UTC 2013
patches/packages/seamonkey-2.17-i486-1_slack14.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.17-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager