Official patches for Slackware64-14.2

Se avete problemi con l'installazione e la configurazione di Slackware64 postate qui. Non usate questo forum per argomenti che trattano la Slackware32 o generali... per quelli usate rispettivamente il forum Slackware e Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware64 usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware64, se l'argomento è Slackware32 o generale usate rispettivamente il forum Slackware o Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Sat, 08 Feb 2014 19:41:1

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Feb  8 18:41:15 UTC 2014
patches/packages/mozilla-firefox-24.3.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.3.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.24-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.24-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Fri, 14 Feb 2014 00:45:5

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 13 23:45:53 UTC 2014
patches/packages/curl-7.35.0-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where libcurl could, in some circumstances, reuse
  the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
  request.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140129.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
  (* Security fix *)
patches/packages/ntp-4.2.6p5-x86_64-5_slack14.1.txz:  Rebuilt.
  All stable versions of NTP remain vulnerable to a remote attack where the
  "ntpdc -c monlist" command can be used to amplify network traffic as part
  of a denial of service attack.  By default, Slackware is not vulnerable
  since it includes "noquery" as a default restriction.  However, it is
  vulnerable if this restriction is removed.  To help mitigate this flaw,
  "disable monitor" has been added to the default ntp.conf (which will disable
  the monlist command even if other queries are allowed), and the default
  restrictions have been extended to IPv6 as well.
  All users of the NTP daemon should make sure that their ntp.conf contains
  "disable monitor" to prevent misuse of the NTP service.  The new ntp.conf
  file will be installed as /etc/ntp.conf.new with a package upgrade, but the
  changes will need to be merged into any existing ntp.conf file by the admin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
    http://www.kb.cert.org/vuls/id/348126
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Thu, 20 Feb 2014 05:26:3

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 20 00:30:49 UTC 2014
patches/packages/gnutls-3.1.21-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where a version 1 intermediate certificate would be
  considered as a CA certificate by GnuTLS by default. 
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
  (* Security fix *)
patches/packages/linux-3.10.17-2/*:
  These are new kernels that fix CVE-2014-0038, a bug that can allow local
  users to gain a root shell.
  Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
  packages, or on UEFI systems, copy the appropriate kernel to
  /boot/efi/EFI/Slackware/vmlinuz).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
  (* Security fix *)
patches/packages/mariadb-5.5.35-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a buffer overflow in the mysql command line client which
  may allow malicious or compromised database servers to cause a denial of
  service (crash) and possibly execute arbitrary code via a long server
  version string.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
  (* Security fix *)
patches/packages/shadow-4.1.5.1-x86_64-3_slack14.1.txz:  Rebuilt.
  Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
  (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
  case via a TIOCNOTTY request.  Bi-directional protection is excessive
  and breaks a commonly-used methods for privilege escalation on non-PAM
  systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
  This update relaxes the restriction and only detaches the controlling
  tty when the callee is not root (which is, after all, the threat vector).
  Thanks to mancha for the patch (and the above information).
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Thu, 27 Feb 2014 21:43:2

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 27 20:43:28 UTC 2014
patches/packages/subversion-1.7.16-x86_64-1_slack14.1.txz:  Upgraded.
  Fix denial of service bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Tue, 04 Mar 2014 00:32:1

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Mar  3 23:32:18 UTC 2014
patches/packages/gnutls-3.1.22-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed a security issue where a specially crafted certificate could
  bypass certificate validation checks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Tue, 11 Mar 2014 08:06:1

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 11 07:06:18 UTC 2014
patches/packages/udisks-1.0.5-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
patches/packages/udisks2-2.1.3-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Thu, 13 Mar 2014 04:32:3

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 13 03:32:38 UTC 2014
patches/packages/mutt-1.5.23-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a buffer overflow where malformed RFC2047 header
  lines could result in denial of service or potentially the execution
  of arbitrary code as the user running mutt.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Fri, 14 Mar 2014 01:44:4

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 14 00:44:48 UTC 2014
patches/packages/samba-4.1.6-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  CVE-2013-4496:
  Samba versions 3.4.0 and above allow the administrator to implement
  locking out Samba accounts after a number of bad password attempts.
  However, all released versions of Samba did not implement this check for
  password changes, such as are available over multiple SAMR and RAP
  interfaces, allowing password guessing attacks.
  CVE-2013-6442:
  Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
  smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
  command options it will remove the existing ACL on the object being
  modified, leaving the file or directory unprotected.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Sun, 16 Mar 2014 03:52:2

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Mar 16 02:52:28 UTC 2014
patches/packages/php-5.4.26-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where a specially crafted data file may cause a
  segfault or 100% CPU consumption when a web page uses fileinfo() on it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Fri, 28 Mar 2014 04:43:1

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 28 03:43:11 UTC 2014
patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes four security issues.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140326A.html
    http://curl.haxx.se/docs/adv_20140326B.html
    http://curl.haxx.se/docs/adv_20140326C.html
    http://curl.haxx.se/docs/adv_20140326D.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
  (* Security fix *)
patches/packages/httpd-2.4.9-x86_64-1_slack14.1.txz:  Upgraded.
  This update addresses two security issues.
  Segfaults with truncated cookie logging. mod_log_config:  Prevent segfaults
    when logging truncated cookies.  Clean up the cookie logging parser to
    recognize only the cookie=value pairs, not valueless cookies.
  mod_dav:  Keep track of length of cdata properly when removing leading
    spaces. Eliminates a potential denial of service from specifically crafted
    DAV WRITE requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
  (* Security fix *)
patches/packages/mozilla-firefox-24.4.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-nss-3.16-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue:
  The cert_TestHostName function in lib/certdb/certdb.c in the
  certificate-checking implementation in Mozilla Network Security Services
  (NSS) before 3.16 accepts a wildcard character that is embedded in an
  internationalized domain name's U-label, which might allow man-in-the-middle
  attackers to spoof SSL servers via a crafted certificate.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.4.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/openssh-6.6p1-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue when using environment passing with
  a sshd_config(5) AcceptEnv pattern with a wildcard.  OpenSSH could be
  tricked into accepting any environment variable that contains the
  characters before the wildcard character.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
  (* Security fix *)
patches/packages/seamonkey-2.25-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.25-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Mon, 31 Mar 2014 22:30:2

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Mar 31 20:30:28 UTC 2014
patches/packages/apr-1.5.0-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/apr-util-1.5.3-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/httpd-2.4.9-x86_64-2_slack14.1.txz:  Rebuilt.
  Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
patches/packages/openssh-6.6p1-x86_64-2_slack14.1.txz:  Rebuilt.
  Fixed the rc.sshd script to create an ed25519 host key if it doesn't
  already exist.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Tue, 08 Apr 2014 16:19:5

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr  8 14:19:51 UTC 2014
patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Mon, 21 Apr 2014 22:09:4

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Apr 21 20:09:48 UTC 2014
patches/packages/libyaml-0.1.6-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
  where a specially crafted string could cause a heap overflow leading to
  arbitrary code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
    https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
  (* Security fix *)
patches/packages/php-5.4.27-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue in the in the awk script detector
  which allows context-dependent attackers to cause a denial of service
  (CPU consumption) via a crafted ASCII file that triggers a large amount
  of backtracking.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Tue, 22 Apr 2014 19:31:4

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 22 17:31:48 UTC 2014
patches/packages/openssh-6.6p1-x86_64-3_slack14.1.txz:  Rebuilt.
  Fixed a bug with curve25519-sha256 that caused a key exchange failure in
  about 1 in 512 connection attempts.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware64-14.1 on Wed, 30 Apr 2014 01:35:5

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 29 23:35:59 UTC 2014
patches/packages/mozilla-firefox-24.5.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.5.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Rispondi