Se avete problemi con l'installazione e la configurazione di Slackware64 postate qui. Non usate questo forum per argomenti che trattano la Slackware32 o generali... per quelli usate rispettivamente il forum Slackware e Gnu/Linux in genere.
Regole del forum
1) Citare sempre la versione di Slackware64 usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware64, se l'argomento è Slackware32 o generale usate rispettivamente il forum Slackware o Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.
La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Tue Feb 23 19:31:59 UTC 2016
patches/packages/bind-9.9.8_P3-x86_64-1_slack14.1.txz: Upgraded.
This release fixes two possible denial-of-service issues:
render_ecs errors were mishandled when printing out a OPT record resulting
in a assertion failure. (CVE-2015-8705) [RT #41397]
Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
(* Security fix *)
patches/packages/glibc-2.17-x86_64-11_slack14.1.txz: Rebuilt.
This update provides a patch to fix the stack-based buffer overflow in
libresolv that could allow specially crafted DNS responses to seize
control of execution flow in the DNS client (CVE-2015-7547). However,
due to a patch applied to Slackware's glibc back in 2009 (don't use the
gethostbyname4() lookup method as it was causing some cheap routers to
misbehave), we were not vulnerable to that issue. Nevertheless it seems
prudent to patch the overflows anyway even if we're not currently using
the code in question. Thanks to mancha for the backported patch.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
(* Security fix *)
patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz: Rebuilt.
patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz: Rebuilt.
patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz: Upgraded.
Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
Use ciphertext blinding for Elgamal decryption.
For more information, see:
http://www.cs.tau.ac.IL/~tromer/ecdh/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
(* Security fix *)
patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several low and medium severity vulnerabilities.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
(* Security fix *)
+--------------------------+
Fri Feb 26 22:54:05 UTC 2016
patches/packages/libssh-0.7.3-x86_64-1_slack14.1.txz: Upgraded.
Fixed weak key generation. Due to a bug in the ephemeral secret key
generation for the diffie-hellman-group1 and diffie-hellman-group14
methods, ephemeral secret keys of size 128 bits are generated, instead
of the recommended sizes of 1024 and 2048 bits, giving a practical
security of 63 bits.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
(* Security fix *)
+--------------------------+
Thu Mar 3 05:41:26 UTC 2016
patches/packages/mailx-12.5-x86_64-2_slack14.1.txz: Rebuilt.
Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
that could allow a local attacker to cause mailx to execute arbitrary
shell commands through the use of a specially-crafted email address.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
(* Security fix *)
patches/packages/openssl-1.0.1s-x86_64-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or
weak ciphers have been removed.
For more information, see:
https://www.openssl.org/news/secadv/20160301.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
(* Security fix *)
patches/packages/openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz: Upgraded.
patches/packages/php-5.6.18-x86_64-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.18
(* Security fix *)
+--------------------------+
Tue Mar 8 01:54:33 UTC 2016
patches/packages/php-5.6.19-x86_64-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.19
(* Security fix *)
+--------------------------+
Tue Mar 8 19:55:57 UTC 2016
patches/packages/mozilla-firefox-38.7.0esr-x86_64-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/samba-4.1.23-x86_64-1_slack14.1.txz: Upgraded.
This update fixes bugs, and two security issues:
Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
Out-of-bounds read in internal DNS server (CVE-2016-0771).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
(* Security fix *)
+--------------------------+
Thu Mar 10 02:46:49 UTC 2016
patches/packages/bind-9.9.8_P4-x86_64-1_slack14.1.txz: Upgraded.
Fixed security issues:
Fix resolver assertion failure due to improper DNAME handling when
parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
Malformed control messages can trigger assertions in named and rndc.
(CVE-2016-1285) [RT #41666]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
(* Security fix *)
patches/packages/mozilla-nss-3.23-x86_64-1_slack14.1.txz: Upgraded.
Upgraded to nss-3.23 and nspr-4.12.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/nss.html
(* Security fix *)
+--------------------------+
Thu Mar 10 23:43:47 UTC 2016
patches/packages/openssh-7.2p2-x86_64-1_slack14.1.txz: Upgraded.
This release fixes a security bug:
sshd(8): sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.
For more information, see:
http://www.openssh.com/txt/x11fwd.adv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
(* Security fix *)
+--------------------------+
Tue Mar 15 21:31:49 UTC 2016
patches/packages/git-2.7.3-x86_64-1_slack14.1.txz: Upgraded.
Fixed buffer overflows allowing server and client side remote code
execution in all git versions before 2.7.1.
For more information, see:
http://seclists.org/oss-sec/2016/q1/645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
(* Security fix *)
patches/packages/glibc-zoneinfo-2016b-noarch-1_slack14.1.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/seamonkey-2.40-x86_64-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.seamonkey-project.org/releases/seamonkey2.40
(* Security fix *)
patches/packages/seamonkey-solibs-2.40-x86_64-1_slack14.1.txz: Upgraded.
+--------------------------+
Thu Mar 17 22:09:16 UTC 2016
patches/packages/mozilla-firefox-38.7.1esr-x86_64-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
+--------------------------+
Fri Mar 18 20:02:40 UTC 2016
patches/packages/git-2.7.4-x86_64-1_slack14.1.txz: Upgraded.
NOTE: Issuing this patch again since the bug reporter listed the
wrong git version (2.7.1) as fixed. The vulnerability was actually
patched in git-2.7.4.
Fixed buffer overflows allowing server and client side remote code
execution in all git versions before 2.7.4.
For more information, see:
http://seclists.org/oss-sec/2016/q1/645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
(* Security fix *)
patches/packages/mozilla-thunderbird-38.7.0-x86_64-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+
Fri Mar 25 20:43:59 UTC 2016
patches/packages/glibc-zoneinfo-2016c-noarch-1_slack14.1.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/libevent-2.0.22-x86_64-1_slack14.1.txz: Upgraded.
Multiple integer overflows in the evbuffer API allow context-dependent
attackers to cause a denial of service or possibly have other unspecified
impact via "insanely large inputs" to the (1) evbuffer_add,
(2) evbuffer_expand, or (3) bufferevent_write function, which triggers a
heap-based buffer overflow or an infinite loop.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
(* Security fix *)
patches/packages/mozilla-thunderbird-38.7.1-x86_64-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+
Fri Apr 1 21:17:37 UTC 2016
patches/packages/dhcp-4.3.4-x86_64-1_slack14.1.txz: Upgraded.
This update fixes bugs and (previously patched) security issues.
patches/packages/mercurial-3.7.3-x86_64-1_slack14.1.txz: Upgraded.
This update fixes security issues and bugs, including remote code execution
in binary delta decoding, arbitrary code execution with Git subrepos, and
arbitrary code execution when converting Git repos.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
(* Security fix *)
patches/packages/php-5.6.20-x86_64-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.20
(* Security fix *)
+--------------------------+
Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!
The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
+--------------------------+