Pagina 7 di 15
New patches for slackware-14.0 on Tue, 06 Aug 2013 07:23:34
Inviato: mer 7 ago 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Tue Aug 6 05:23:34 UTC 2013
patches/packages/bind-9.9.3_P2-i486-1_slack14.0.txz: Upgraded.
This update fixes a security issue where a specially crafted query can cause
BIND to terminate abnormally, resulting in a denial of service.
For more information, see:
https://kb.isc.org/article/AA-01015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
(* Security fix *)
patches/packages/httpd-2.4.6-i486-1_slack14.0.txz: Upgraded.
This update addresses two security issues:
* SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
a URI handled by mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
* SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
dirty flag is respected when saving sessions, and ensure the session ID
is changed each time the session changes. This changes the format of the
updatesession SQL statement. Existing configurations must be changed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
(* Security fix *)
patches/packages/samba-3.6.17-i486-1_slack14.0.txz: Upgraded.
This update fixes missing integer wrap protection in an EA list reading
that can allow authenticated or guest connections to cause the server to
loop, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Thu, 08 Aug 2013 04:22:40
Inviato: ven 9 ago 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 8 02:22:40 UTC 2013
patches/packages/mozilla-firefox-17.0.8esr-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-thunderbird-17.0.8-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
patches/packages/seamonkey-2.20-i486-1_slack14.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.20-i486-1_slack14.0.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Thu, 15 Aug 2013 05:46:13
Inviato: ven 16 ago 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Aug 15 03:46:12 UTC 2013
patches/packages/seamonkey-2.20-i486-2_slack14.0.txz: Rebuilt.
Recompiled without the --enable-shared-js option to fix the Mozilla
Lightning plugin. This removes libmozjs.so, but there's a standalone js
package now anyway.
Thanks to ljb643.
patches/packages/seamonkey-solibs-2.20-i486-2_slack14.0.txz: Rebuilt.
Recompiled without the --enable-shared-js option to fix the Mozilla
Lightning plugin. This removes libmozjs.so, but there's a standalone js
package now anyway.
Thanks to ljb643.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Wed, 21 Aug 2013 20:27:33
Inviato: gio 22 ago 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Aug 21 18:27:33 UTC 2013
patches/packages/hplip-3.12.9-i486-2_slack14.0.txz: Rebuilt.
This update fixes a stack-based buffer overflow in the hpmud_get_pml
function that can allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SNMP response
with a large length value.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
(* Security fix *)
patches/packages/poppler-0.20.2-i486-2_slack14.0.txz: Rebuilt.
Sanitize error messages to remove escape sequences that could be used to
exploit vulnerable terminal emulators.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
(* Security fix *)
patches/packages/xpdf-3.03-i486-1_slack14.0.txz: Upgraded.
Sanitize error messages to remove escape sequences that could be used to
exploit vulnerable terminal emulators.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142
Thanks to mancha.
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Fri, 30 Aug 2013 21:39:38
Inviato: sab 31 ago 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Fri Aug 30 19:39:38 UTC 2013
patches/packages/gnutls-3.0.31-i486-1_slack14.0.txz: Upgraded.
[Updated to the correct version to fix fetching the "latest" from gnu.org]
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
(* Security fix *)
+--------------------------+
Fri Aug 30 06:26:06 UTC 2013
patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz: Upgraded.
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
(* Security fix *)
patches/packages/php-5.4.19-i486-1_slack14.0.txz: Upgraded.
Fixed handling null bytes in subjectAltName (CVE-2013-4248).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
(* Security fix *)
patches/packages/samba-3.6.18-i486-1_slack14.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Mon, 09 Sep 2013 05:34:59
Inviato: mar 10 set 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Sep 9 03:34:59 UTC 2013
patches/packages/subversion-1.7.13-i486-1_slack14.0.txz: Upgraded.
This update fixes a local privilege escalation vulnerability via
symlink attack.
For more information, see:
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Wed, 18 Sep 2013 04:56:19
Inviato: gio 19 set 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Sep 18 02:56:19 UTC 2013
patches/packages/glibc-2.15-i486-8_slack14.0.txz: Rebuilt.
Patched to fix integer overflows in pvalloc, valloc, and
posix_memalign/memalign/aligned_alloc.
Thanks to mancha for the backported patch.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013-4332
(* Security fix *)
Also, as long as these packages were being respun anyway, I added a patch
to fix the check for AVX opcodes. This was causing crashes on Xen.
Thanks to Dale Gallagher.
patches/packages/glibc-i18n-2.15-i486-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-profile-2.15-i486-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-solibs-2.15-i486-8_slack14.0.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2013d_2013d-noarch-8_slack14.0.txz: Rebuilt.
patches/packages/mozilla-firefox-17.0.9esr-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-thunderbird-17.0.9esr-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Wed, 18 Sep 2013 21:32:14
Inviato: ven 20 set 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Sun, 29 Sep 2013 04:39:29
Inviato: lun 30 set 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sun Sep 29 02:39:29 UTC 2013
patches/packages/lm_sensors-3.3.4-i486-1_slack14.0.txz: Upgraded.
This update fixes issues with sensors-detect that may cause serious trouble
on recent hardware (most notably laptops.) The symptoms are that the
display starts misbehaving (wrong resolution or wrong gamma factor.)
The risk is mitigated in this package by changing the default behavior of
sensors-detect to no longer touch EDID EEPROMs and then to no longer probe
graphics adapters at all unless the user asks for it.
patches/packages/seamonkey-2.21-i486-1_slack14.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.21-i486-1_slack14.0.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Thu, 03 Oct 2013 04:57:44
Inviato: gio 3 ott 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Oct 3 02:57:44 UTC 2013
patches/packages/mozilla-nss-3.15.2-i486-1_slack14.0.txz: Upgraded.
Upgraded to nss-3.15.2 and nspr-4.10.1.
This should help keep Google Chrome updates working for a while.
Also, adding /lib and /usr/lib (or /lib64 and /usr/lib64) to the
top of /etc/ld.so.conf will help Chrome use the correct libraries
instead of the ones from Seamonkey.
+--------------------------+
Wed Oct 2 03:25:01 UTC 2013
patches/packages/ca-certificates-20130906-noarch-1_slack14.0.txz: Upgraded.
This package updates to the latest CA certificates.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Tue, 15 Oct 2013 00:09:17
Inviato: mar 15 ott 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Oct 14 22:09:17 UTC 2013
patches/packages/gnupg-1.4.15-i486-1_slack14.0.txz: Upgraded.
Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
Protect against rogue keyservers sending secret keys.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
(* Security fix *)
patches/packages/gnupg2-2.0.22-i486-1_slack14.0.txz: Upgraded.
Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
Protect against rogue keyservers sending secret keys.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
(* Security fix *)
patches/packages/libgpg-error-1.11-i486-1_slack14.0.txz: Upgraded.
This package upgrade was needed by the new version of gnupg2.
patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz: Rebuilt.
Patched a use-after-free bug that can cause an X server crash or
memory corruption.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
(* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz: Rebuilt.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Fri, 18 Oct 2013 04:41:09
Inviato: sab 19 ott 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Fri Oct 18 02:41:09 UTC 2013
patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz: Upgraded.
Patched overflows, crashes, and out of bounds writes.
Thanks to mancha for the backported patches.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Sat, 19 Oct 2013 05:42:15
Inviato: dom 20 ott 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sat Oct 19 03:42:15 UTC 2013
patches/packages/hplip-3.12.9-i486-3_slack14.0.txz: Rebuilt.
This fixes a polkit race condition that could allow local users to bypass
intended access restrictions.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Sun, 03 Nov 2013 07:07:52
Inviato: lun 4 nov 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sun Nov 3 06:07:52 UTC 2013
patches/packages/mozilla-thunderbird-17.0.10esr-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.0 on Mon, 18 Nov 2013 21:59:10
Inviato: mar 19 nov 2013, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.0. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Nov 18 20:52:16 UTC 2013
patches/packages/mozilla-firefox-17.0.11esr-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/php-5.4.22-i486-1_slack14.0.txz: Upgraded.
This is a bugfix release.
patches/packages/samba-3.6.20-i486-1_slack14.0.txz: Upgraded.
This update fixes two security issues:
* Samba versions 3.2.0 and above do not check the underlying file or
directory ACL when opening an alternate data stream.
* In setups which provide ldap(s) and/or https services, the private key
for SSL/TLS encryption might be world readable. This typically happens
in active directory domain controller setups.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476
(* Security fix *)
patches/packages/seamonkey-2.22-i486-1_slack14.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.22-i486-1_slack14.0.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager