Official patches for Slackware64-14.2

Se avete problemi con l'installazione e la configurazione di Slackware64 postate qui. Non usate questo forum per argomenti che trattano la Slackware32 o generali... per quelli usate rispettivamente il forum Slackware e Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware64 usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware64, se l'argomento è Slackware32 o generale usate rispettivamente il forum Slackware o Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 09 Jan 2015 18:47:5

Messaggioda Slacky BOT Packager » sab gen 10, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jan  9 17:47:53 UTC 2015
patches/packages/openssl-1.0.1k-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl.org/news/secadv_20150108.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Sat, 17 Jan 2015 05:26:4

Messaggioda Slacky BOT Packager » dom gen 18, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Jan 17 04:26:41 UTC 2015
patches/packages/freetype-2.5.5-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug that could cause freetype to crash
  or run programs upon opening a specially crafted file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240
  (* Security fix *)
patches/packages/mozilla-firefox-31.4.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.4.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.32-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 21 Jan 2015 04:10:0

Messaggioda Slacky BOT Packager » mer gen 21, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Jan 21 03:10:01 UTC 2015
patches/packages/samba-4.1.16-x86_64-1_slack14.1.txz:  Upgraded.
  This update is a security release in order to address CVE-2014-8143
  (Elevation of privilege to Active Directory Domain Controller).
  Samba's AD DC allows the administrator to delegate creation of user or
  computer accounts to specific users or groups.  However, all released
  versions of Samba's AD DC did not implement the additional required
  check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl
  attributes.  Most Samba deployments are not of the AD Domain Controller,
  but are of the classic domain controller, the file server or print server.
  Only the Active Directory Domain Controller is affected by this issue.
  Additionally, most sites running the AD Domain Controller do not configure
  delegation for the creation of user or computer accounts, and so are not
  vulnerable to this issue, as no writes are permitted to the
  userAccountControl attribute, no matter what the value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 28 Jan 2015 20:23:0

Messaggioda Slacky BOT Packager » gio gen 29, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Jan 28 19:23:00 UTC 2015
patches/packages/glibc-2.17-x86_64-10_slack14.1.txz:  Rebuilt.
  This update patches a security issue __nss_hostname_digits_dots() function
  of glibc which may be triggered through the gethostbyname*() set of
  functions.  This flaw could allow local or remote attackers to take control
  of a machine running a vulnerable version of glibc.  Thanks to Qualys for
  discovering this issue (also known as the GHOST vulnerability.)
  For more information, see:
    https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
  (* Security fix *)
patches/packages/glibc-i18n-2.17-x86_64-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-x86_64-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-x86_64-10_slack14.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014j and tzdata2014j.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Mon, 16 Feb 2015 21:17:0

Messaggioda Slacky BOT Packager » mar feb 17, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Feb 16 19:33:36 UTC 2015
patches/packages/btrfs-progs-20150213-x86_64-1.txz:  Upgraded.
  Added the header files to the package.  Thanks to Vincent Batts.
patches/packages/patch-2.7.4-x86_64-1_slack14.1.txz:  Upgraded.
  Patch no longer follows symbolic links to input and output files.  This
  ensures that symbolic links created by git-style patches cannot cause
  patch to write outside the working directory.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
  (* Security fix *)
patches/packages/seamonkey-2.32.1-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.32.1-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/sudo-1.8.12-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a potential security issue by only passing the TZ
  environment variable it is considered safe.  This prevents exploiting bugs
  in glibc's TZ parser that could be used to read files that the user does
  not have access to, or to cause a denial of service.
  For more information, see:
    http://www.sudo.ws/sudo/alerts/tz.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 26 Feb 2015 02:06:1

Messaggioda Slacky BOT Packager » gio feb 26, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 26 01:06:11 UTC 2015
patches/packages/mozilla-firefox-31.5.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.5.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 05 Mar 2015 22:56:1

Messaggioda Slacky BOT Packager » ven mar 06, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  5 21:56:15 UTC 2015
patches/packages/samba-4.1.17-x86_64-1_slack14.1.txz:  Upgraded.
  This package fixes security issues since the last update:
    BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
    in netlogon server could lead to security vulnerability.
    BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
    a NULL pointer.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 22 Apr 2015 04:12:4

Messaggioda Slacky BOT Packager » gio apr 23, 2015 6:00

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Apr 21 23:44:00 UTC 2015
patches/packages/bind-9.9.6_P2-x86_64-1_slack14.1.txz:  Upgraded.
  Fix some denial-of-service and other security issues.
  For more information, see:
    https://kb.isc.org/article/AA-01166/
    https://kb.isc.org/article/AA-01161/
    https://kb.isc.org/article/AA-01167/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
  (* Security fix *)
patches/packages/gnupg-1.4.19-x86_64-1_slack14.1.txz:  Upgraded.
  * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
    See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
  * Fixed data-dependent timing variations in modular exponentiation
    [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
    are Practical].
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837
  (* Security fix *)
patches/packages/httpd-2.4.12-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
   * CVE-2014-3583 mod_proxy_fcgi:  Fix a potential crash due to buffer
     over-read, with response headers' size above 8K.
   * CVE-2014-3581 mod_cache:  Avoid a crash when Content-Type has an
     empty value.  PR 56924.
   * CVE-2014-8109 mod_lua:  Fix handling of the Require line when a
     LuaAuthzProvider is used in multiple Require directives with
     different arguments.  PR57204.
   * CVE-2013-5704 core:  HTTP trailers could be used to replace HTTP
     headers late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified request
     headers earlier.  Adds "MergeTrailers" directive to restore legacy
     behavior.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
  (* Security fix *)
patches/packages/libssh-0.6.4-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
  (* Security fix *)
patches/packages/mozilla-firefox-31.6.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-31.6.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/mutt-1.5.23-x86_64-2_slack14.1.txz:  Rebuilt.
  Patched a vulnerability where malformed headers can cause mutt to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
  (* Security fix *)
patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes the
  following medium-severity vulnerabilities involving private key
  authentication:
  * ntpd accepts unauthenticated packets with symmetric key crypto.
  * Authentication doesn't protect symmetric associations against DoS attacks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
  (* Security fix *)
patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
   o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
   o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
   o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
   o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
   o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
   o Removed the export ciphers from the DEFAULT ciphers
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.4.40-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes some security issues.
  Please note that this package build also moves the configuration files
  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
  (* Security fix *)
patches/packages/ppp-2.4.5-x86_64-3_slack14.1.txz:  Rebuilt.
  Fixed a potential security issue in parsing option files.
  Fixed remotely triggerable PID overflow that causes pppd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310
  (* Security fix *)
patches/packages/proftpd-1.3.4e-x86_64-1_slack14.1.txz:  Upgraded.
  Patched an issue where mod_copy allowed unauthenticated copying
  of files via SITE CPFR/CPTO.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
  (* Security fix *)
patches/packages/qt-4.8.6-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed issues with BMP, ICO, and GIF handling that could lead to a denial
  of service or the execution of arbitrary code when processing malformed
  images.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
  (* Security fix *)
patches/packages/seamonkey-2.33.1-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.33.1-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 29 Apr 2015 07:10:5

Messaggioda Slacky BOT Packager » gio apr 30, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Apr 29 05:10:52 UTC 2015
patches/packages/gnupg-1.4.19-x86_64-2_slack14.1.txz:  Rebuilt.
  Patched to fix spurious debug messages that may break sbopkg and slackpkg.
  Thanks to Willy Sudiarto Raharjo.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Tue, 12 May 2015 09:17:3

Messaggioda Slacky BOT Packager » mer mag 13, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue May 12 07:17:33 UTC 2015
patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
  (* Security fix *)
patches/packages/qt-4.8.6-x86_64-2_slack14.1.txz:  Rebuilt.
  QNAM: Fix upload corruptions when server closes connection
  This patch fixes several upload corruptions if the server closes the
  connection while/before we send data into it.
  cherry picked from commit:  qtbase/cff39fba10ffc10ee4dcfdc66ff6528eb
patches/packages/wpa_supplicant-2.4-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes potential denial of service issues.
  For more information, see:
    http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
    http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
    http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
    http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 13 May 2015 04:29:4

Messaggioda Slacky BOT Packager » gio mag 14, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed May 13 02:29:39 UTC 2015
patches/packages/mozilla-firefox-31.7.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Sun, 17 May 2015 06:35:4

Messaggioda Slacky BOT Packager » lun mag 18, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun May 17 04:35:46 UTC 2015
patches/packages/mozilla-thunderbird-31.7.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Thu, 11 Jun 2015 23:31:4

Messaggioda Slacky BOT Packager » ven giu 12, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Jun 11 21:31:47 UTC 2015
patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz:  Upgraded.
  Fixes several bugs and security issues:
   o Malformed ECParameters causes infinite loop (CVE-2015-1788)
   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
   o Race condition handling NewSessionTicket (CVE-2015-1791)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.4.41-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes some bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
  (* Security fix *)
patches/packages/qt-4.8.7-x86_64-1_slack14.1.txz:  Upgraded.
  This is a bugfix release.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Fri, 12 Jun 2015 19:58:4

Messaggioda Slacky BOT Packager » sab giu 13, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jun 12 17:58:45 UTC 2015
patches/packages/openssl-1.0.1o-x86_64-1_slack14.1.txz:  Upgraded.
  New release to resolve 1.0.1n HMAC ABI incompatibility.
patches/packages/openssl-solibs-1.0.1o-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar giu 19, 2012 11:18

New patches for slackware64-14.1 on Wed, 08 Jul 2015 00:59:1

Messaggioda Slacky BOT Packager » mer lug 08, 2015 6:01

Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Jul  7 22:59:17 UTC 2015
patches/packages/bind-9.9.7_P1-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where an attacker who can cause
  a validating resolver to query a zone containing specifically constructed
  contents can cause that resolver to fail an assertion and terminate due
  to a defect in validation code.  This means that a recursive resolver that
  is performing DNSSEC validation can be deliberately stopped by an attacker
  who can cause the resolver to perform a query against a
  maliciously-constructed zone.  This will result in a denial of service to
  clients who rely on that resolver.
  For more information, see:
    https://kb.isc.org/article/AA-01267/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
  (* Security fix *)
patches/packages/cups-1.5.4-x86_64-4_slack14.1.txz:  Rebuilt.
  This release fixes a security issue:
  CWE-911: Improper Update of Reference Count - CVE-2015-1158
    This bug could allow an attacker to upload a replacement CUPS
    configuration file and mount further attacks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158
  (* Security fix *)
patches/packages/mozilla-firefox-31.8.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/ntp-4.2.8p3-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where under specific circumstances an
  attacker can send a crafted packet to cause a vulnerable ntpd instance to
  crash.  Since this requires 1) ntpd set up to allow remote configuration
  (not allowed by default), and 2) knowledge of the configuration password,
  and 3) access to a computer entrusted to perform remote configuration,
  the vulnerability is considered low-risk.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager