Official patches for Slackware-14.1

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Mar 16 02:52:28 UTC 2014
patches/packages/php-5.4.26-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where a specially crafted data file may cause a
  segfault or 100% CPU consumption when a web page uses fileinfo() on it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 28 03:43:11 UTC 2014
patches/packages/curl-7.36.0-i486-1_slack14.1.txz:  Upgraded.
  This update fixes four security issues.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140326A.html
    http://curl.haxx.se/docs/adv_20140326B.html
    http://curl.haxx.se/docs/adv_20140326C.html
    http://curl.haxx.se/docs/adv_20140326D.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
  (* Security fix *)
patches/packages/httpd-2.4.9-i486-1_slack14.1.txz:  Upgraded.
  This update addresses two security issues.
  Segfaults with truncated cookie logging. mod_log_config:  Prevent segfaults
    when logging truncated cookies.  Clean up the cookie logging parser to
    recognize only the cookie=value pairs, not valueless cookies.
  mod_dav:  Keep track of length of cdata properly when removing leading
    spaces. Eliminates a potential denial of service from specifically crafted
    DAV WRITE requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
  (* Security fix *)
patches/packages/mozilla-firefox-24.4.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-nss-3.16-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue:
  The cert_TestHostName function in lib/certdb/certdb.c in the
  certificate-checking implementation in Mozilla Network Security Services
  (NSS) before 3.16 accepts a wildcard character that is embedded in an
  internationalized domain name's U-label, which might allow man-in-the-middle
  attackers to spoof SSL servers via a crafted certificate.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.4.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/openssh-6.6p1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue when using environment passing with
  a sshd_config(5) AcceptEnv pattern with a wildcard.  OpenSSH could be
  tricked into accepting any environment variable that contains the
  characters before the wildcard character.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
  (* Security fix *)
patches/packages/seamonkey-2.25-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.25-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Mar 31 20:30:28 UTC 2014
patches/packages/apr-1.5.0-i486-1_slack14.1.txz:  Upgraded.
patches/packages/apr-util-1.5.3-i486-1_slack14.1.txz:  Upgraded.
patches/packages/httpd-2.4.9-i486-2_slack14.1.txz:  Rebuilt.
  Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
patches/packages/openssh-6.6p1-i486-2_slack14.1.txz:  Rebuilt.
  Fixed the rc.sshd script to create an ed25519 host key if it doesn't
  already exist.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr  8 14:19:51 UTC 2014
patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Apr 21 20:09:48 UTC 2014
patches/packages/libyaml-0.1.6-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
  where a specially crafted string could cause a heap overflow leading to
  arbitrary code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
    https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
  (* Security fix *)
patches/packages/php-5.4.27-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue in the in the awk script detector
  which allows context-dependent attackers to cause a denial of service
  (CPU consumption) via a crafted ASCII file that triggers a large amount
  of backtracking.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 22 17:31:48 UTC 2014
patches/packages/openssh-6.6p1-i486-3_slack14.1.txz:  Rebuilt.
  Fixed a bug with curve25519-sha256 that caused a key exchange failure in
  about 1 in 512 connection attempts.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 29 23:35:59 UTC 2014
patches/packages/mozilla-firefox-24.5.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.5.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon May 12 02:24:36 UTC 2014
patches/packages/seamonkey-2.26-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.26-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Jun  1 19:48:54 UTC 2014
patches/packages/mariadb-5.5.37-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Jun  7 02:47:42 UTC 2014
patches/packages/mozilla-firefox-24.6.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
+--------------------------+
Fri Jun  6 04:27:01 UTC 2014
patches/packages/gnutls-3.1.25-i486-1_slack14.1.txz:  Upgraded.
  A security issue has been corrected in gnutls.  This vulnerability
  affects the client side of the gnutls library.  A server that sends
  a specially crafted ServerHello could corrupt the memory of a requesting
  client.  This may allow a remote attacker to execute arbitrary code.
  Additional vulnerabilities in the embedded libtasn1 library have also
  been patched.
  Thanks to mancha for the backported patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)
patches/packages/libtasn1-3.6-i486-1_slack14.1.txz:  Upgraded.
  Multiple security issues have been corrected in the libtasn1 library.
  These errors allow a remote attacker to cause a denial of service, or
  possibly to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)
patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz:  Upgraded.
  Multiple security issues have been corrected, including a possible
  man-in-the-middle attack where weak keying material is forced, denial
  of service, and the execution of arbitrary code.
  For more information, see:
    http://www.openssl.org/news/secadv_20140605.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz:  Upgraded.
patches/packages/sendmail-8.14.9-i486-1_slack14.1.txz:  Upgraded.
  This release fixes one security related bug by properly closing file
  descriptors (except stdin, stdout, and stderr) before executing programs.
  This bug could enable local users to interfere with an open SMTP
  connection if they can execute their own program for mail delivery
  (e.g., via procmail or the prog mailer).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956
  (* Security fix *)
patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Jun  9 20:16:02 UTC 2014
patches/packages/php-5.4.29-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues, including a possible denial
  of service, and an issue where insecure default permissions on the FPM
  socket may allow local users to run arbitrary code as the apache user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Jun 12 05:11:52 UTC 2014
patches/packages/mozilla-thunderbird-24.6.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Jun 17 22:19:30 UTC 2014
patches/packages/yptools-2.14-i486-3_slack14.1.txz:  Rebuilt.
  Corrected yppasswd patch that was causing password changes to fail.
  Thanks to Henrik Carlqvist.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Jun 24 22:35:07 UTC 2014
patches/packages/bind-9.9.5_P1-i486-1_slack14.1.txz:  Upgraded.
  This fixes security issues and other bugs.  Please note that the first
  CVE only affects Windows, and the second one was claimed to be fixed by
  an earlier version of BIND.  But we'll update anyway just in case.  :-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6230
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)
patches/packages/gnupg-1.4.17-i486-1_slack14.1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
patches/packages/gnupg2-2.0.24-i486-1_slack14.1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
patches/packages/samba-4.1.9-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues, including a flaw in Samba's
  internal DNS server which can be exploited to cause a denial of service,
  a flaw in SRV_SNAPSHOT_ARRAY that permits attackers to leverage
  configurations that use shadow_copy* for vfs objects to reveal potentially
  private server information, a denial of service on the nmbd NetBIOS name
  services daemon, and a denial of service crash involving overwriting
  memory on an authenticated connection to the smbd file server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
  (* Security fix *)
patches/packages/seamonkey-2.26.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.26.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

[Slacky BOT Packager]

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Jul 12 02:24:10 UTC 2014
patches/packages/php-5.4.30-i486-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager