Pagina 14 di 14

New patches for slackware64-14.1 on Tue, 23 Feb 2016 20:31:5

Inviato: mer feb 24, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Feb 23 19:31:59 UTC 2016
patches/packages/bind-9.9.8_P3-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes two possible denial-of-service issues:
    render_ecs errors were mishandled when printing out a OPT record resulting
    in a assertion failure.  (CVE-2015-8705) [RT #41397]
    Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
  (* Security fix *)
patches/packages/glibc-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
  This update provides a patch to fix the stack-based buffer overflow in
  libresolv that could allow specially crafted DNS responses to seize
  control of execution flow in the DNS client (CVE-2015-7547).  However,
  due to a patch applied to Slackware's glibc back in 2009 (don't use the
  gethostbyname4() lookup method as it was causing some cheap routers to
  misbehave), we were not vulnerable to that issue.  Nevertheless it seems
  prudent to patch the overflows anyway even if we're not currently using
  the code in question.  Thanks to mancha for the backported patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
  (* Security fix *)
patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz:  Rebuilt.
patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz:  Upgraded.
  Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
  Use ciphertext blinding for Elgamal decryption.
  For more information, see:
    http://www.cs.tau.ac.IL/~tromer/ecdh/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
  (* Security fix *)
patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz:  Upgraded.
  In addition to bug fixes and enhancements, this release fixes
  several low and medium severity vulnerabilities.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Fri, 26 Feb 2016 23:54:0

Inviato: sab feb 27, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Feb 26 22:54:05 UTC 2016
patches/packages/libssh-0.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed weak key generation.  Due to a bug in the ephemeral secret key
  generation for the diffie-hellman-group1 and diffie-hellman-group14
  methods, ephemeral secret keys of size 128 bits are generated, instead
  of the recommended sizes of 1024 and 2048 bits, giving a practical
  security of 63 bits.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Thu, 03 Mar 2016 06:41:2

Inviato: ven mar 04, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar  3 05:41:26 UTC 2016
patches/packages/mailx-12.5-x86_64-2_slack14.1.txz:  Rebuilt.
  Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
  that could allow a local attacker to cause mailx to execute arbitrary
  shell commands through the use of a specially-crafted email address.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
  (* Security fix *)
patches/packages/openssl-1.0.1s-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
  Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
  Double-free in DSA code (CVE-2016-0705)
  Memory leak in SRP database lookups (CVE-2016-0798)
  BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  Side channel attack on modular exponentiation (CVE-2016-0702)
  To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or
  weak ciphers have been removed.
  For more information, see:
    https://www.openssl.org/news/secadv/20160301.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.6.18-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.18
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Tue, 08 Mar 2016 02:54:3

Inviato: mar mar 08, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 01:54:33 UTC 2016
patches/packages/php-5.6.19-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.19
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Tue, 08 Mar 2016 20:55:5

Inviato: mer mar 09, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar  8 19:55:57 UTC 2016
patches/packages/mozilla-firefox-38.7.0esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/samba-4.1.23-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes bugs, and two security issues:
  Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
  Out-of-bounds read in internal DNS server (CVE-2016-0771).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Thu, 10 Mar 2016 03:46:4

Inviato: gio mar 10, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 02:46:49 UTC 2016
patches/packages/bind-9.9.8_P4-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed security issues:
  Fix resolver assertion failure due to improper DNAME handling when
    parsing fetch reply messages.  (CVE-2016-1286) [RT #41753]
  Malformed control messages can trigger assertions in named and rndc.
    (CVE-2016-1285) [RT #41666]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
  (* Security fix *)
patches/packages/mozilla-nss-3.23-x86_64-1_slack14.1.txz:  Upgraded.
  Upgraded to nss-3.23 and nspr-4.12.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/nss.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Fri, 11 Mar 2016 00:43:4

Inviato: ven mar 11, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 10 23:43:47 UTC 2016
patches/packages/openssh-7.2p2-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes a security bug:
    sshd(8): sanitise X11 authentication credentials to avoid xauth
    command injection when X11Forwarding is enabled.
  For more information, see:
    http://www.openssh.com/txt/x11fwd.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Tue, 15 Mar 2016 22:31:4

Inviato: mer mar 16, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 15 21:31:49 UTC 2016
patches/packages/git-2.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.1.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
patches/packages/glibc-zoneinfo-2016b-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/seamonkey-2.40-x86_64-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.seamonkey-project.org/releases/seamonkey2.40
  (* Security fix *)
patches/packages/seamonkey-solibs-2.40-x86_64-1_slack14.1.txz:  Upgraded.
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Thu, 17 Mar 2016 23:09:1

Inviato: ven mar 18, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 17 22:09:16 UTC 2016
patches/packages/mozilla-firefox-38.7.1esr-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Fri, 18 Mar 2016 21:02:4

Inviato: sab mar 19, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 18 20:02:40 UTC 2016
patches/packages/git-2.7.4-x86_64-1_slack14.1.txz:  Upgraded.
  NOTE:  Issuing this patch again since the bug reporter listed the
  wrong git version (2.7.1) as fixed.  The vulnerability was actually
  patched in git-2.7.4.
  Fixed buffer overflows allowing server and client side remote code
  execution in all git versions before 2.7.4.
  For more information, see:
    http://seclists.org/oss-sec/2016/q1/645
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
  (* Security fix *)
patches/packages/mozilla-thunderbird-38.7.0-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Fri, 25 Mar 2016 21:44:0

Inviato: sab mar 26, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 25 20:43:59 UTC 2016
patches/packages/glibc-zoneinfo-2016c-noarch-1_slack14.1.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/libevent-2.0.22-x86_64-1_slack14.1.txz:  Upgraded.
  Multiple integer overflows in the evbuffer API allow context-dependent
  attackers to cause a denial of service or possibly have other unspecified
  impact via "insanely large inputs" to the (1) evbuffer_add,
  (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a
  heap-based buffer overflow or an infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
  (* Security fix *)
patches/packages/mozilla-thunderbird-38.7.1-x86_64-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.1 on Fri, 01 Apr 2016 23:17:3

Inviato: sab apr 02, 2016 6:01
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Apr  1 21:17:37 UTC 2016
patches/packages/dhcp-4.3.4-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes bugs and (previously patched) security issues.
patches/packages/mercurial-3.7.3-x86_64-1_slack14.1.txz:  Upgraded.
  This update fixes security issues and bugs, including remote code execution
  in binary delta decoding, arbitrary code execution with Git subrepos, and
  arbitrary code execution when converting Git repos.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
  (* Security fix *)
patches/packages/php-5.6.20-x86_64-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.20
  (* Security fix *)
+--------------------------+

Have fun,
Slacky BOT Packager

New patches for slackware64-14.2 on Thu, 30 Jun 2016 22:26:57 +0200

Inviato: sab lug 02, 2016 22:37
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware64-14.2. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!

The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2.  The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system.  Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)
+--------------------------+

Have fun,
Slacky BOT Packager