Official patches for Slackware-14.2

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Spina-BOT

Official patches for Slackware-14.2

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jul  8 16:55:13 UTC 2011
patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz:  Upgraded.
  A specially constructed packet will cause BIND 9 ("named") to exit,
  affecting DNS service.  The issue exists in BIND 9.6.3 and newer.
   "Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. This was fixed by disambiguating internal database
    representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
  (* Security fix *)
+--------------------------+
Wed Jun 29 18:17:56 UTC 2011
patches/packages/ghostscript-9.02-i486-1_slack13.37.txz:  Upgraded.
  Ghostscript 9.02 is being supplied as a non-security update for
  Slackware 13.37 to address a regression that could cause corrupted
  output.  We've also been advised that CUPS will be increasing a cache
  memory setting in future releases, so if this doesn't solve all the
  issues, try adding this to /etc/cups/cupsd.conf:
    RIPCache 128m
+--------------------------+
Mon Jun 27 21:29:54 UTC 2011
patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz:  Upgraded.
  Fixed a remote denial of service.  A remote attacker could set a specially
  crafted GIF file as their buddy icon causing vulerable versions of pidgin
  to crash due to excessive memory use.
  For more information, see:
    http://pidgin.im/news/security/?id=52
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485
  (* Security fix *)
+--------------------------+
Fri Jun 24 02:55:39 UTC 2011
patches/packages/mozilla-firefox-5.0-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack13.37.txz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
patches/packages/seamonkey-2.1-i486-1_slack13.37.txz:  Upgraded.
patches/packages/seamonkey-solibs-2.1-i486-1_slack13.37.txz:  Upgraded.
  This official release replaces the beta version in Slackware 13.37.
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.7.3_P1-i486-1_slack13.37.txz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Wed May 25 20:03:16 UTC 2011
patches/packages/apr-1.4.5-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to a problem with a loop in
  the new apr_fnmatch() implementation consuming CPU.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
  (* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz:  Upgraded.
  Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
patches/packages/httpd-2.2.19-i486-1_slack13.37.txz:  Upgraded.
  Revert ABI breakage in 2.2.18 caused by the function signature change
  of ap_unescape_url_keep2f().  This release restores the signature from
  2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
  Apache httpd-2.2.18 is considered abandoned.  All users must upgrade.
+--------------------------+
Fri May 13 20:30:07 UTC 2011
patches/packages/apr-1.4.4-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz:  Upgraded.
patches/packages/httpd-2.2.18-i486-1_slack13.37.txz:  Upgraded.
  This is a bug fix release, but since the upgrades to apr/apr-util require at
  least an httpd recompile we opted to upgrade to the newest httpd.
+--------------------------+
Tue May  3 03:35:28 UTC 2011
patches/packages/mozilla-firefox-4.0.1-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches on Thu, 14 Jul 2011 23:34:41 +0200

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Jul 14 21:34:41 UTC 2011
patches/packages/mozilla-firefox-5.0.1-i486-1_slack13.37.txz:  Upgraded.
  I guess this is only a fix for Mac OS X, but it's still 0.0.1 better.  ;-)
patches/packages/seamonkey-2.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches on Fri, 29 Jul 2011 20:22:40 +0200

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Jul 29 18:22:40 UTC 2011
patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz:  Upgraded.
  Sanitize the host name provided by the DHCP server to insure that it does
  not contain any shell metacharacters.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996
  (* Security fix *)
patches/packages/libpng-1.4.8-i486-1_slack13.37.txz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
patches/packages/samba-3.5.10-i486-1_slack13.37.txz:  Upgraded.
  Fixed cross-site request forgery and cross-site scripting vulnerability
  in SWAT (the Samba Web Administration Tool).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches on Sat, 13 Aug 2011 01:20:00 +0200

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.7.4-i486-1_slack13.37.txz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches on Thu, 25 Aug 2011 11:10:45 +0200

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for Slackware 13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Aug 25 09:10:45 UTC 2011
patches/packages/php-5.3.8-i486-1_slack13.37.txz:  Upgraded.
  Security fixes vs. 5.3.6 (5.3.7 was not usable):
  Updated crypt_blowfish to 1.2. (CVE-2011-2483)
  Fixed crash in error_log(). Reported by Mateusz Kocielski
  Fixed buffer overflow on overlog salt in crypt().
  Fixed bug #54939 (File path injection vulnerability in RFC1867
  File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
  Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
  For those upgrading from PHP 5.2.x, be aware that quite a bit has
  changed, and it will very likely not 'drop in', but PHP 5.2.x is not
  supported by php.net any longer, so there wasn't a lot of choice
  in the matter.  We're not able to support a security fork of
  PHP 5.2.x here either, so you'll have to just bite the bullet on
  this.  You'll be better off in the long run.  :)
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Tue, 06 Sep 2011 02:15:03

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Sep  6 00:15:03 UTC 2011
patches/packages/httpd-2.2.20-i486-1_slack13.37.txz:  Upgraded.
  SECURITY: CVE-2011-3192 (cve.mitre.org)
  core: Fix handling of byte-range requests to use less memory, to avoid
  denial of service. If the sum of all ranges in a request is larger than
  the original file, ignore the ranges and send the complete file.
  PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
  (* Security fix *)
patches/packages/mozilla-firefox-6.0.2-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/seamonkey-2.3.3-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.3.3-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
    http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Wed, 12 Oct 2011 01:18:56

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Oct 11 23:18:55 UTC 2011
patches/packages/file-5.09-i486-1_slack13.37.txz:  Upgraded.
patches/packages/httpd-2.2.21-i486-1_slack13.37.txz:  Upgraded.
  Respond with HTTP_NOT_IMPLEMENTED when the method is not
  recognized.  [Jean-Frederic Clere]  SECURITY: CVE-2011-3348
  Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20.
  PR 51748. [<lowprio20 gmail.com>]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
  (* Security fix *)
patches/packages/mozilla-firefox-7.0.1-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/seamonkey-2.4.1-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.4.1-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Tue, 08 Nov 2011 05:07:49

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Nov  8 04:07:49 UTC 2011
patches/packages/openssh-5.9p1-i486-2_slack13.37.txz:  Upgraded.
  Upstream different timestamp, size, ChangeLog.  GPG verifies on both
  this newer one and what we had before (?).
patches/packages/mozilla-firefox-8.0-i486-1_slack13.37.txz:  Upgraded.
patches/packages/openssh-5.9p1-i486-2.txz:  Rebuilt.
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Fri, 11 Nov 2011 19:58:21

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Nov 11 18:58:21 UTC 2011
  Good 11-11-11, everyone!  Enjoy some fresh time.  :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.txz:  Upgraded.
  New upstream homepage:  http://www.iana.org/time-zones
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Tue, 22 Nov 2011 23:33:11

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Nov 22 15:06:06 UTC 2011
patches/packages/make-3.82-i486-3_slack_13.37.txz:  Rebuilt.
  Patched a free() crash when building Android.  Thanks to Troy Unrau.
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.7.4_P1-i486-1_slack13.37.txz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Sun, 27 Nov 2011 04:37:52

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sun Nov 27 03:37:52 UTC 2011
patches/packages/mozilla-thunderbird-3.1.16-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
  (* Security fix *)
patches/packages/mozilla-firefox-8.0.1-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/seamonkey-2.5-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.5-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/yasm-1.2.0-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Thu, 02 Feb 2012 01:13:21

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb  2 00:13:21 UTC 2012
patches/packages/ca-certificates-20111211-noarch-1_slack13.37.txz:  Upgraded.
  Removes DigiNotar and other untrusted certificates.
  (* Security fix *)
patches/packages/coreutils-8.15-i486-1_slack13.37.txz:  Upgraded.
  This will be provided as a patch to fix some important issues with ext4.
  Thanks to Georgy Salnikov for the notification.
patches/packages/freetype-2.4.8-i486-1_slack13.37.txz:  Upgraded.
  Some vulnerabilities in handling CID-keyed PostScript fonts have
  been fixed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
  (* Security fix *)
patches/packages/mozilla-firefox-10.0-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-10.0-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/openssl-0.9.8t-i486-1_slack13.37.txz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8t-i486-1_slack13.37.txz:  Upgraded.
  This fixes a bug where DTLS applications were not properly supported.  This
  bug could have allowed remote attackers to cause a denial of service via
  unspecified vectors.
  CVE-2012-0050 has been assigned to this issue.
  For more details see:
    http://openssl.org/news/secadv_20120118.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
  (* Security fix *)
patches/packages/seamonkey-2.7-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Wed, 08 Feb 2012 02:21:43

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Feb  8 01:21:42 UTC 2012
patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz:  Upgraded.
  Version bump for httpd upgrade.
patches/packages/glibc-2.13-i486-5_slack13.37.txz:  Rebuilt.
  Patched an overflow in tzfile.  This was evidently first reported in
  2009, but is only now getting around to being patched.  To exploit it,
  one must be able to write beneath /usr/share/zoneinfo, which is usually
  not possible for a normal user, but may be in the case where they are
  chroot()ed to a directory that they own.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
  (* Security fix *)
patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz:  Rebuilt.
patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz:  Rebuilt.
  (* Security fix *)
patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz:  Rebuilt.
  (* Security fix *)
patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz:  Rebuilt.
patches/packages/httpd-2.2.22-i486-1_slack13.37.txz:  Upgraded.
  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
     Reject requests where the request-URI does not match the HTTP
     specification, preventing unexpected expansion of target URLs in
     some reverse proxy configurations.  [Joe Orton]
  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
     is enabled, could allow local users to gain privileges via a .htaccess
     file. [Stefan Fritsch, Greg Ames]
  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
     Resolve additional cases of URL rewriting with ProxyPassMatch or
     RewriteRule, where particular request-URIs could result in undesired
     backend network exposure in some configurations.
     [Joe Orton]
  *) SECURITY: CVE-2012-0021 (cve.mitre.org)
     mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
     string is in use and a client sends a nameless, valueless cookie, causing
     a denial of service. The issue existed since version 2.2.17. PR 52256.
     [Rainer Canavan <rainer-apache 7val com>]
  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
     Fix scoreboard issue which could allow an unprivileged child process
     could cause the parent to crash at shutdown rather than terminate
     cleanly.  [Joe Orton]
  *) SECURITY: CVE-2012-0053 (cve.mitre.org)
     Fix an issue in error responses that could expose "httpOnly" cookies
     when no custom ErrorDocument is specified for status code 400.
     [Eric Covener]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
  (* Security fix *)
patches/packages/php-5.3.10-i486-1_slack13.37.txz:  Upgraded.
  Fixed arbitrary remote code execution vulnerability reported by Stefan
  Esser, CVE-2012-0830. (Stas, Dmitry)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
  (* Security fix *)
patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz:  Upgraded.
  This update fixes a use-after-free() memory corruption error,
  and possibly other unspecified issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
  (* Security fix *)
patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz:  Upgraded.
  Minor version bump, this also works around a hard to trigger heap overflow
  in glibc (glibc zoneinfo caching vuln).  For there to be any possibility
  to trigger the glibc bug within vsftpd, the non-default option
  "chroot_local_user" must be set in /etc/vsftpd.conf.
  Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
    Nevertheless:
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Sat, 11 Feb 2012 03:37:17

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Feb 11 02:37:16 UTC 2012
patches/packages/mozilla-firefox-10.0.1-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)
patches/packages/seamonkey-2.7.1-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7.1-i486-1_slack13.37.txz:  Upgraded.
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Spina-BOT

New patches for slackware-13.37 on Wed, 22 Feb 2012 19:14:58

Messaggio da Spina-BOT »

Hey guys,
new patches have been released for slackware-13.37. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.4.9-i486-1_slack13.37.txz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
patches/packages/mozilla-firefox-10.0.2-i486-1_slack13.37.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-10.0.2-i486-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.7.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.7.2-i486-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Have fun,
Spina-BOT

Rispondi