Pagina 13 di 15
New patches for slackware-14.1 on Wed, 02 Sep 2015 01:29:22
Inviato: mer 2 set 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Tue Sep 1 23:29:22 UTC 2015
patches/packages/gdk-pixbuf2-2.28.2-i486-2_slack14.1.txz: Rebuilt.
Gustavo Grieco discovered a heap overflow in the processing of BMP images
which may result in the execution of arbitrary code if a malformed image
is opened.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Wed, 02 Sep 2015 21:36:32
Inviato: gio 3 set 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Sep 2 19:36:31 UTC 2015
patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz: Upgraded.
This update fixes two denial-of-service vulnerabilities:
+ CVE-2015-5722 is a denial-of-service vector which can be
exploited remotely against a BIND server that is performing
validation on DNSSEC-signed records. Validating recursive
resolvers are at the greatest risk from this defect, but it has not
been ruled out that it could be exploited against an
authoritative-only nameserver under limited conditions. Servers
that are not performing validation are not vulnerable. However,
ISC does not recommend disabling validation as a workaround to
this issue as it exposes the server to other types of attacks.
Upgrading to the patched versions is the recommended solution.
All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
+ CVE-2015-5986 is a denial-of-service vector which can be used
against a BIND server that is performing recursion. Validation
is not required. Recursive resolvers are at the greatest risk
from this defect, but it has not been ruled out that it could
be exploited against an authoritative-only nameserver under
limited conditions.
Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to
CVE-2015-5986.
For more information, see:
https://kb.isc.org/article/AA-01287/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
https://kb.isc.org/article/AA-01291/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Fri, 04 Sep 2015 00:02:39
Inviato: ven 4 set 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Sep 3 22:02:39 UTC 2015
patches/packages/seamonkey-2.35-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.35-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Wed, 16 Sep 2015 00:36:17
Inviato: mer 16 set 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Tue Sep 15 22:36:17 UTC 2015
patches/packages/ca-certificates-20150426-noarch-2_slack14.1.txz: Rebuilt.
Patched update-ca-certificates to remove incompatible command operators
used to call 'run-parts'. Thanks to Stuart Winter.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Wed, 23 Sep 2015 03:10:36
Inviato: mer 23 set 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Sep 23 01:10:36 UTC 2015
patches/packages/mozilla-firefox-38.3.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Thu, 01 Oct 2015 23:21:37
Inviato: ven 2 ott 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Oct 1 21:21:36 UTC 2015
patches/packages/mozilla-thunderbird-38.3.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
patches/packages/php-5.4.45-i486-1_slack14.1.txz: Upgraded.
This update fixes some bugs and security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838
(* Security fix *)
patches/packages/seamonkey-2.38-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.38-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Mon, 05 Oct 2015 19:24:31
Inviato: mar 6 ott 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Mon Oct 5 17:24:30 UTC 2015
patches/packages/glibc-zoneinfo-2015g-noarch-1_slack14.1.txz: Upgraded.
This package provides the latest timezone updates.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Fri, 09 Oct 2015 01:09:33
Inviato: ven 9 ott 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Oct 8 23:09:33 UTC 2015
patches/packages/mozilla-thunderbird-38.3.0-i486-2_slack14.1.txz: Rebuilt.
Recompiled with --enable-calendar.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Thu, 29 Oct 2015 21:12:14
Inviato: ven 30 ott 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Oct 29 20:12:14 UTC 2015
patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded.
Fixes some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
(* Security fix *)
patches/packages/jasper-1.900.1-i486-4_slack14.1.txz: Rebuilt.
Applied many security and bug fixes.
Thanks to Heinz Wiesinger.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
(* Security fix *)
patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several low and medium severity vulnerabilities.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Fri, 06 Nov 2015 02:15:44
Inviato: sab 7 nov 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Fri Nov 6 01:15:43 UTC 2015
patches/packages/mozilla-firefox-38.4.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/mozilla-nss-3.20.1-i486-1_slack14.1.txz: Upgraded.
Upgraded to nss-3.20.1 and nspr-4.10.10.
This release contains security fixes and improvements.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Sat, 14 Nov 2015 22:35:57
Inviato: dom 15 nov 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Sat Nov 14 21:35:57 UTC 2015
patches/packages/seamonkey-2.39-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.39-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Wed, 25 Nov 2015 07:36:06
Inviato: gio 26 nov 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Nov 25 06:36:06 UTC 2015
patches/packages/pcre-8.38-i486-1_slack14.1.txz: Upgraded.
Fixed overflows that could lead to a denial of service or the execution
of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3210
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Thu, 03 Dec 2015 08:28:31
Inviato: ven 4 dic 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Thu Dec 3 07:28:30 UTC 2015
patches/packages/libpng-1.4.17-i486-1_slack14.1.txz: Upgraded.
Fixed buffer overflows in the png_set_PLTE(), png_get_PLTE(),
png_set_tIME(), and png_convert_to_rfc1123() functions that allow
attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a small bit-depth value
in an IHDR (aka image header) chunk in a PNG image.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126.
(* Security fix *)
patches/packages/mozilla-thunderbird-38.4.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Wed, 16 Dec 2015 05:21:07
Inviato: gio 17 dic 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Wed Dec 16 04:21:07 UTC 2015
patches/packages/bind-9.9.8_P2-i486-1_slack14.1.txz: Upgraded.
This update fixes three security issues:
Update allowed OpenSSL versions as named is potentially vulnerable
to CVE-2015-3193.
Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure when
those records were subsequently cached. (CVE-2015-8000)
Address fetch context reference count handling error on socket error.
(CVE-2015-8461)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
(* Security fix *)
patches/packages/libpng-1.4.18-i486-1_slack14.1.txz: Upgraded.
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
(* Security fix *)
patches/packages/mozilla-firefox-38.5.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193).
Certificate verify crash with missing PSS parameter (CVE-2015-3194).
X509_ATTRIBUTE memory leak (CVE-2015-3195).
Race condition handling PSK identify hint (CVE-2015-3196).
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794).
For more information, see:
https://openssl.org/news/secadv_20151203.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
(* Security fix *)
patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager
New patches for slackware-14.1 on Fri, 18 Dec 2015 06:28:25
Inviato: sab 19 dic 2015, 6:00
da Slacky BOT Packager
Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of
ChangeLog.txt:
Codice: Seleziona tutto
Fri Dec 18 05:28:25 UTC 2015
patches/packages/grub-2.00-i486-3_slack14.1.txz: Rebuilt.
Patched bug where password protection during system startup may be
bypassed by hitting the backspace key 28 times giving a rescue shell.
Thanks to Hector Marco and Ismael Ripoll.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
(* Security fix *)
patches/packages/libpng-1.4.19-i486-1_slack14.1.txz: Upgraded.
Fixed an out-of-range read in png_check_keyword(). Thanks to Qixue Xiao.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540
(* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager