[slackware-security] proftpd (SSA:2020-051-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools during data transfer. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/proftpd-1.3.6c-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/proftpd-1.3.6c-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/proftpd-1.3.6c-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/proftpd-1.3.6c-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/proftpd-1.3.6c-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.6c-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.6c-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: ad130cbacf59ba92d23da0b8c6dd5c8e proftpd-1.3.6c-i486-1_slack14.0.txz Slackware x86_64 14.0 package: e0e9d4bfd44229fc5cbb0d16decd62e1 proftpd-1.3.6c-x86_64-1_slack14.0.txz Slackware 14.1 package: 8e3126f9af6dbbf817bd43e77ca9cc8d proftpd-1.3.6c-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ea71c0df4222e5b2046876aef3461acc proftpd-1.3.6c-x86_64-1_slack14.1.txz Slackware 14.2 package: cff0f04f8d96e58c9315900ab27e770a proftpd-1.3.6c-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 993452ec1b0c1a6785a09d0e960be20c proftpd-1.3.6c-x86_64-1_slack14.2.txz Slackware -current package: 8c5c8c09c9ce10219fd92ecf72f742cf n/proftpd-1.3.6c-i586-1.txz Slackware x86_64 -current package: 346f1b9c24259e9f61e1063a15bdbef1 n/proftpd-1.3.6c-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg proftpd-1.3.6c-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl5PGTQACgkQakRjwEAQIjMzpwCeMHTx6hOX4mglRWYIz1dvLSYF KMYAn1j9MnJTmQTHJ7Ois+8Bjb6wDfT5 =6vNQ -END PGP SIGNATURE-
[slackware-security] libarchive (SSA:2020-043-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz: Upgraded. This update includes security fixes in the RAR5 reader. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libarchive-3.4.2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libarchive-3.4.2-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libarchive-3.4.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.4.2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.4.2-x86_64-1.txz MD5 signatures: +-+ Slackware 14.1 package: 06951c059869635bdbde2ead0a50e9de libarchive-3.4.2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 57b1658959057ef8476248490b4e229a libarchive-3.4.2-x86_64-1_slack14.1.txz Slackware 14.2 package: a119da1bc8d4a760cf28df615c2ba215 libarchive-3.4.2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3e386a3569f3965d2bc7c1e7ff88e39e libarchive-3.4.2-x86_64-1_slack14.2.txz Slackware -current package: 0700543cb6e4ecf9f6324c283f1fd354 l/libarchive-3.4.2-i586-1.txz Slackware x86_64 -current package: 4136e17bc25686da4cf20790d592b2a6 l/libarchive-3.4.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libarchive-3.4.2-i486-1_slack14.1.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl5Ec7UACgkQakRjwEAQIjNY0QCfRu9ZMvQ3bkjM/zlt7wUZhXdT H04Anjr98CgjsOzdaQFbCiwlgiHHjtAb =uFGh -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2020-042-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2020-06/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6796 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.5.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.5.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.5.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: f23607c17abc99d0a788334fd0cbbe45 mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a737751d39bfbc9e0186f48b903c79fc mozilla-firefox-68.5.0esr-x86_64-1_slack14.2.txz Slackware -current package: 7e81e1c8379e241f1f106721d27074a6 xap/mozilla-firefox-68.5.0esr-i686-1.txz Slackware x86_64 -current package: 45499e980cd979a8f8e97816ba253c0f xap/mozilla-firefox-68.5.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl5DTyQACgkQakRjwEAQIjMjlACfZVKEKqEvMx6HwNdBulxU0Dx/ r3YAn3tpYEtfnlI7b5tFnPaHGV+tGWZT =VxiU -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2020-042-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-042-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6793 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6792 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.5.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.5.0-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.5.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: a42b4e3de260df8af318c806ab732075 mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 3bf86ff2fc079640c08c1ea9427d62c1 mozilla-thunderbird-68.5.0-x86_64-1_slack14.2.txz Slackware -current package: 2f7cde8cc42471f0b56018152bc9412f xap/mozilla-thunderbird-68.5.0-i686-1.txz Slackware x86_64 -current package: 64008d2e9c4dd66ad57138cc26708c8b xap/mozilla-thunderbird-68.5.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl5DTygACgkQakRjwEAQIjOueACgkwIahOHk7AHGDvURkG/me1lB aK8An1J1PbqaB5UhvEJ4/W1AcwgTIDgy =f+Au -END PGP SIGNATURE-
[slackware-security] sudo (SSA:2020-031-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] sudo (SSA:2020-031-01) New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/sudo-1.8.31-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in some Linux distributions; however, it is not the default for upstream or in Slackware, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.31-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.31-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.31-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.31-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.8.31-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.8.31-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.31-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.31-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 3a11f049390127f33463fa417e1fa056 sudo-1.8.31-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 062c43b8fe45b3ee9b8266c55d205886 sudo-1.8.31-x86_64-1_slack14.0.txz Slackware 14.1 package: 47d24d47ba52cf740ab2d272abd5aac7 sudo-1.8.31-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5132fffc0dff049e181742308ff01bee sudo-1.8.31-x86_64-1_slack14.1.txz Slackware 14.2 package: afe33f494b86169f3164a65ac63f7585 sudo-1.8.31-i586-1_slack14.2.txz Slackware x86_64 14.2 package: cdcb11096268b5f6b9eb1f6bcefdbb4d sudo-1.8.31-x86_64-1_slack14.2.txz Slackware -current package: f9d32384c3d4aafbb7e2bef19d36810b ap/sudo-1.8.31-i586-1.txz Slackware x86_64 -current package: f2d91e52d9e02ae701cabfd2f586ff07 ap/sudo-1.8.31-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg sudo-1.8.31-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl40kegACgkQakRjwEAQIjML6wCfdFXeKFWIhS9kmjfq+OMLydw2 Cl8An1w40XreELMjY2XAFLLrDGQI9EHL =cJNX -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2020-024-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-024-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-68.4.2-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.4.2/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.4.2-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.4.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.4.2-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.4.2-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 127eb365b1e5eb4d5202ce408243db68 mozilla-thunderbird-68.4.2-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 65c536127339a9b81633bfd281dd29b5 mozilla-thunderbird-68.4.2-x86_64-1_slack14.2.txz Slackware -current package: 59d24c3525e78a210c082aebd0d03445 xap/mozilla-thunderbird-68.4.2-i686-1.txz Slackware x86_64 -current package: 2e92f830c84862e4d0959f57cba26429 xap/mozilla-thunderbird-68.4.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-68.4.2-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl4rdv0ACgkQakRjwEAQIjNpAQCfUBbyULC9nLPBdlOcsVmwjFiJ HVAAoIgM2eso8xAJhoMunXzsrl/MeH74 =0EEr -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2020-010-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-68.4.1-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.4.1/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17024 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.4.1-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.4.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.4.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.4.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: c6e2458e7bd551995fdf1c5a2c0faa5b mozilla-thunderbird-68.4.1-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 3b5eac888e35ce084e7b42fe1f445285 mozilla-thunderbird-68.4.1-x86_64-1_slack14.2.txz Slackware -current package: 40b2f60e018b5844c16ba8a025fd3cd6 xap/mozilla-thunderbird-68.4.1-i686-1.txz Slackware x86_64 -current package: 5424b5ac6afc83832f015c52f0e9f653 xap/mozilla-thunderbird-68.4.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-68.4.1-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl4ZAcUACgkQakRjwEAQIjMRkQCgkACPzFU3YlNamFve02dfCW/g CCEAn0634yNIPayLZwVs9XaYInNu5tg1 =IlGr -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2020-009-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-009-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz: Upgraded. This release fixes a critial security issue: Mozilla Foundation Security Advisory 2020-03: Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. For more information, see: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ https://www.mozilla.org/en-US/firefox/68.4.1/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.4.1esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.4.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.4.1esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 42bc8620e8198534049346b7f32d82bb mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 5ea87b7096989b8d7e504c94433d70c9 mozilla-firefox-68.4.1esr-x86_64-1_slack14.2.txz Slackware -current package: 085d4e56e0bfaec30dacf432af505dda xap/mozilla-firefox-68.4.1esr-i686-1.txz Slackware x86_64 -current package: 283e5f4f41cfbd43ec6e849700802708 xap/mozilla-firefox-68.4.1esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl4W2TkACgkQakRjwEAQIjMfYQCaAsodoU1YDcpXlamHYUxu42eV eCoAniw2AZdagZJSD3SwPMr7+TLqxaqV =pEIT -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.208/*: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running S
[slackware-security] mozilla-firefox (SSA:2020-006-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-006-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.4.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.4.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.4.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.4.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 623c2aca3f23e871052262235ff97a44 mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 4edda9640708007b9b0d5b779b9a5087 mozilla-firefox-68.4.0esr-x86_64-1_slack14.2.txz Slackware -current package: 74035f93070b640a819ad1285cf765d4 xap/mozilla-firefox-68.4.0esr-i686-1.txz Slackware x86_64 -current package: cb853fbe34715d11e16f3023610747af xap/mozilla-firefox-68.4.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl4TxloACgkQakRjwEAQIjNYMQCfZqztda8jXqa25kzZigUH0ohP iPMAnjuEbk2YJod/SoRSAvrWmjOmVbMU =nJ8C -END PGP SIGNATURE-
[slackware-security] tigervnc (SSA:2019-354-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] tigervnc (SSA:2019-354-02) New tigervnc packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/tigervnc-1.10.1-i586-1_slack14.2.txz: Upgraded. From tigervnc.org: "This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow a malicious peer to take control over the software on the other side. No working exploit is known at this time, and the issues require the peer to first be authenticated. We still urge users to upgrade when possible." (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tigervnc-1.10.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tigervnc-1.10.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.10.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.10.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 235e4af04cdfbc6f1bb7738cfded4b9a tigervnc-1.10.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 226ff10061b1de509edff1bbf4d71a48 tigervnc-1.10.1-x86_64-1_slack14.2.txz Slackware -current package: 834a239329766b52ba472d6aee3c5b15 tigervnc-1.10.1-i586-1.txz Slackware x86_64 -current package: e66f3aa17e325db5cb3c14120de83c4e tigervnc-1.10.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg tigervnc-1.10.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl39cSoACgkQakRjwEAQIjMOewCfTyxB+o/HkxR0nHZHAVsFmYJS 0ocAn3iuX6hzhFSVtOfUaC6YuVuDansj =JSkA -END PGP SIGNATURE-
[slackware-security] openssl (SSA:2019-354-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2019-354-01) New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2u-i586-1_slack14.2.txz: Upgraded. This update fixes a low severity security issue: Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. For more information, see: https://www.openssl.org/news/secadv/20191206.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2u-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2u-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2u-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2u-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl10-solibs-1.0.2u-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl10-1.0.2u-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl10-solibs-1.0.2u-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl10-1.0.2u-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 3702a752b6916911666b3bd372b043ce openssl-1.0.2u-i586-1_slack14.2.txz 4648eb489834f226169bf13e2ee06061 openssl-solibs-1.0.2u-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: c114da2209510d47b59ded5af7dd8610 openssl-1.0.2u-x86_64-1_slack14.2.txz e4b1c5a3f87e7cd92e05ec19c52e9761 openssl-solibs-1.0.2u-x86_64-1_slack14.2.txz Slackware -current packages: fee7474fb4e0be59a0a1da866cfe4f5b a/openssl10-solibs-1.0.2u-i586-1.txz b3e7d484a352406ba822ddf5f6dbe9ff n/openssl10-1.0.2u-i586-1.txz Slackware x86_64 -current packages: 1f180cb72a66080dcf7fc95083197cab a/openssl10-solibs-1.0.2u-x86_64-1.txz 6d269275da2fb00f13df65a5b12edd37 n/openssl10-1.0.2u-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-1.0.2u-i586-1_slack14.2.txz openssl-solibs-1.0.2u-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl39cSgACgkQakRjwEAQIjPqPgCglPDywljwbXPSEsrWXK+CBW7k yrcAn2iD5uEaVNk0Hrzw3rdVtTUG0rSX =tuIL -END PGP SIGNATURE-
[slackware-security] wavpack (SSA:2019-353-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] wavpack (SSA:2019-353-01) New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/wavpack-5.2.0-i586-1_slack14.2.txz: Upgraded. Fixed denial-of-service and other potential security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19840 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19841 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wavpack-5.2.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wavpack-5.2.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wavpack-5.2.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wavpack-5.2.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wavpack-5.2.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wavpack-5.2.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/wavpack-5.2.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/wavpack-5.2.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 72de6bb987f631f09a57280af196eeb9 wavpack-5.2.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 50ed88249f6733090f19023462a7923e wavpack-5.2.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 3c2087b252da252ecdab606cd8161447 wavpack-5.2.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 2d68ad475cb4f9a27bf822b83b1e6899 wavpack-5.2.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 29d6137a0d5a8660055f79b7d49acf6d wavpack-5.2.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4efe6df9cfda3a0d5f728aa12dc92f91 wavpack-5.2.0-x86_64-1_slack14.2.txz Slackware -current package: 643f9d992ddc18f8e196d9d58574b388 l/wavpack-5.2.0-i586-1.txz Slackware x86_64 -current package: dcebe42b0047f9caee086952283a7987 l/wavpack-5.2.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg wavpack-5.2.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl379wEACgkQakRjwEAQIjNTUwCdEyC3usmVxe9ntSxLbQJEmWmx 8gEAnjSmuvxCH164qW5UQOw7sHeJIjAf =Bdro -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-337-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-337-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/advisories/mfsa2019-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.3.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.3.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 87f700f9d6e2f2714f34bd4df98daff3 mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a1fc7f2d55d99552fbfef89c0a4fc4d8 mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: b398fbd95c214bc1f209344809557650 xap/mozilla-firefox-68.3.0esr-i686-1.txz Slackware x86_64 -current package: 54fdcfaa0337054003900c366020e39f xap/mozilla-firefox-68.3.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl3mssgACgkQakRjwEAQIjO/oQCfQIeiKas77NPJxn8HHbAzeVJU KfkAn2JFtzb4iI1pmglqmgdUYk5GvsZv =oBhW -END PGP SIGNATURE-
[slackware-security] bind (SSA:2019-324-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2019-324-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/bind-9.11.13-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Set a limit on the number of concurrently served pipelined TCP queries. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.13-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.13-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.13-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.13-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.13-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.13-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.8-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.8-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: a04b71235a460444f9103b4d8eb9a196 bind-9.11.13-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 54cec32b6bdb53daeb07d47c6b226821 bind-9.11.13-x86_64-1_slack14.0.txz Slackware 14.1 package: 71fffdb9f3bfdb8ef585981f5542ce2d bind-9.11.13-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 3653dc3b6d8e49a263fc812716fd1b82 bind-9.11.13-x86_64-1_slack14.1.txz Slackware 14.2 package: 98f26d1f2bb128b69eca57a338dcb9ef bind-9.11.13-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 1dda823d4a09a7668969676c7e316ede bind-9.11.13-x86_64-1_slack14.2.txz Slackware -current package: 7d1d9a7c6e08a46b802363a95426c546 n/bind-9.14.8-i586-1.txz Slackware x86_64 -current package: 6de17e03097afa7a37ce2f0a3f9b6449 n/bind-9.14.8-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg bind-9.11.13-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl3V9cUACgkQakRjwEAQIjOXfACghJenxoR9I9mF5H+fJjNSoXfy WnEAn22mJoKwsCXACHeW2XkuasNGIITj =QK+7 -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.202/*: Upgraded. CRYPTO_CRC32C_INTEL m -> y +X86_INTEL_TSX_MODE_AUTO n +X86_INTEL_TSX_MODE_OFF y +X86_INTEL_TSX_MODE_ON n These updates fix various bugs and security issues, including mitigation for the TSX Asynchronous Abort condition on some CPUs. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.201: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154 Fixed in 4.4.202: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-generic-4.4.202-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-generic-smp-4.4.202_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-headers-4.4.202_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-huge-4.4.202-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-huge-smp-4.4.202_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-modules-4.4.202-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-modules-smp-4.4.202_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.202/kernel-source-4.4.202_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.202/kernel-generic-4.4.202-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.202/kernel-headers-4.4.202-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.202/kernel-huge-4.4.202-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.202/kernel-modules-4.4.202-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.202/kernel-source-4.4.202-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: cd8dbae15f318e526def831b353c315c kernel-generic-4.4.202-i586-1.txz 053b4fabdacac513c262d6eb7bc81f1c kernel-generic-smp-4.4.202_smp-i686-1.txz 91295e1b5488b2a7372310b2c7e37b0c kernel-headers-4.4.202_smp-x86-1.txz 682cfd37d9e728e32995eac43f7049e1 kernel-huge-4.4.202-i586-1.txz da19c52e45760dc2e30c3b7914f5ab79 kernel-huge-smp-4.4.202_smp-i686-1.txz bdf2c7bc504fb6df7e9db7f427185f43 kernel-modules-4.4.202-i586-1.txz 0551c6af0c57798cdf8334a197e75491 kernel-modules-smp-4.4.202_smp-i686-1.txz 8bc2fd8c955c5afaa3948072761cbffa kernel-source-4.4.202_smp-noarch-1.txz Slackware x86_64 14.2 packages: b4d2aca30774e31e43ad935ec440ee8d kernel-generic-4.4.202-x86_64-1.txz 0919d64cc81c3872d9dbb636fb160974 kernel-headers-4.4.202-x86-1.txz 29daac35ff87d9ef5eae5bb238dee433 kernel-huge-4.4.202-x86_64-1.txz 67e0fe51a16b1c7dd46116a5cbe772aa kernel-modules-4.4.202-x86_64-1.txz 41761edfdf3f4210bb8b71a98397fa0a kernel-source-4.4.202-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.202-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.202 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you
[slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.199/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.19
[slackware-security] libtiff (SSA:2019-308-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libtiff (SSA:2019-308-01) New libtiff packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libtiff-4.1.0-i586-1_slack14.2.txz: Upgraded. libtiff: fix integer overflow in _TIFFCheckMalloc() that could cause a crash. tif_dir: unset transferfunction field if necessary. pal2rgb: failed to free memory on a few errors. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libtiff-4.1.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libtiff-4.1.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-4.1.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-4.1.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 78007bc705f966acc7f4b5351f09ac1f libtiff-4.1.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: bba12a878b471a8691d09fd245ea80be libtiff-4.1.0-x86_64-1_slack14.2.txz Slackware -current package: 24b318b03c0636ec1934ed555761b7e6 l/libtiff-4.1.0-i586-1.txz Slackware x86_64 -current package: d4aca58c34cc4a601d63b77c73ff78f9 l/libtiff-4.1.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libtiff-4.1.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl3ApuMACgkQakRjwEAQIjMh6ACdHD+qkZVI4z9b92LmD0O2lScV meAAn1xs+TIRd8NfBWKLW4ILvDmPkoxt =X7jy -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-295-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-295-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.2.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.2.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.2.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 439c3fddbbe04d5ea525598cbb07ca46 mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 414f4fa6867cef39168416347e5cbf30 mozilla-firefox-68.2.0esr-x86_64-1_slack14.2.txz Slackware -current package: 1eb1505393581c5d65be10a4abb4eb99 xap/mozilla-firefox-68.2.0esr-i686-1.txz Slackware x86_64 -current package: c8fc2ebc5953de938738883b0efa14de xap/mozilla-firefox-68.2.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.2.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl2vT1EACgkQakRjwEAQIjPYnwCfdOvr9e9i6L1SDHylTFov6o/d RWMAn0oVCtu2vebDa0NHyob2TkN9rSEh =CclM -END PGP SIGNATURE-
[slackware-security] python (SSA:2019-293-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] python (SSA:2019-293-01) New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/python-2.7.17-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: Update vendorized expat library version to 2.2.8. Disallow URL paths with embedded whitespace or control characters into the underlying http client request. Such potentially malicious header injection URLs now cause an httplib.InvalidURL exception to be raised. Avoid file reading by disallowing ``local-file://`` and ``local_file://`` URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.17-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.17-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.17-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.17-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.17-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.17-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.17-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 7ba0c2ab27b2c487db8b148b1de2e69c python-2.7.17-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 60636e31cb9376fe7a0e2e81a1f601a2 python-2.7.17-x86_64-1_slack14.0.txz Slackware 14.1 package: 8869bce45de60a4657a8349c0b62c06e python-2.7.17-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b04aa671ce83f6e057efc18ac8f32f50 python-2.7.17-x86_64-1_slack14.1.txz Slackware 14.2 package: 9ea9fd62c2f779dfbdc4afcd41a87f17 python-2.7.17-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 84ea5f3a8b661de31177f06ac2a3609d python-2.7.17-x86_64-1_slack14.2.txz Slackware -current package: 1b14d787561cf96a93ed228ff849204b d/python-2.7.17-i586-1.txz Slackware x86_64 -current package: 3176df4288be3e97cbeacdb3b675f97e d/python-2.7.17-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg python-2.7.17-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl2st1AACgkQakRjwEAQIjPtdACgkT3i2Nv1xRcfUFPtHJBHNVSq necAn2UqQoBskylw4qiq5KCjWPz8Iahy =qWqZ -END PGP SIGNATURE-
[slackware-security] sudo (SSA:2019-287-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] sudo (SSA:2019-287-01) New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/sudo-1.8.28-i586-1_slack14.2.txz: Upgraded. Fixed a bug where an sudo user may be able to run a command as root when the Runas specification explicitly disallows root access as long as the ALL keyword is listed first. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.28-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.28-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.28-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.28-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.8.28-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.8.28-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.28-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.28-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: e6196d98b89b7e15052d699d83ea9f6f sudo-1.8.28-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 01d630eed34002c370e4c54be75c6d24 sudo-1.8.28-x86_64-1_slack14.0.txz Slackware 14.1 package: 6a0466b6a04908769fea429d5f85ea02 sudo-1.8.28-i486-1_slack14.1.txz Slackware x86_64 14.1 package: c62d56ddd0e361a941840aee8027c8e3 sudo-1.8.28-x86_64-1_slack14.1.txz Slackware 14.2 package: 9cc394ca773bdd0be365613fbaf58c9d sudo-1.8.28-i586-1_slack14.2.txz Slackware x86_64 14.2 package: b361248b384f256af1898de16341e565 sudo-1.8.28-x86_64-1_slack14.2.txz Slackware -current package: 6e9d61e37a67c9920487934d73d6b67b ap/sudo-1.8.28-i586-1.txz Slackware x86_64 -current package: 065490e75498b63a8e45b92ba584be18 ap/sudo-1.8.28-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg sudo-1.8.28-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl2k6zQACgkQakRjwEAQIjOelwCdEd1DAf2t98C7Fgoo9k50RxD9 OisAn0YxwyAeOBjqztA2N5WYv9lvBONZ =9KG5 -END PGP SIGNATURE-
[slackware-security] tcpdump (SSA:2019-274-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] tcpdump (SSA:2019-274-01) New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded. This update is required for the new version of tcpdump. patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded. Fix buffer overflow/overread vulnerabilities and command line argument/local issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 packages: 0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz 1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 080435560c6498ba82
[slackware-security] mozilla-thunderbird (SSA:2019-268-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-268-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-68.1.1-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.1.1/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.1.1-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.1.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.1.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.1.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 3065941d32eeb86e738d8752ac11a5de mozilla-thunderbird-68.1.1-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 219ade1f27c11bbcf4e488ff88fbebcb mozilla-thunderbird-68.1.1-x86_64-1_slack14.2.txz Slackware -current package: 2f0094031ea6a0ed3e23dff1a0a7f1ca xap/mozilla-thunderbird-68.1.1-i686-1.txz Slackware x86_64 -current package: c2a6f77a2ec18385523adc211924afb6 xap/mozilla-thunderbird-68.1.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-68.1.1-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl2L6jkACgkQakRjwEAQIjMLwACfca8SFy9dAki96EX0RPOcgcjU GDgAnR2Q/S/8hwAupBckQLVVpxXuWYiP =a5nS -END PGP SIGNATURE-
[slackware-security] expat (SSA:2019-259-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] expat (SSA:2019-259-01) New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/expat-2.2.8-i586-1_slack14.2.txz: Upgraded. Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.8-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.8-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.8-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.8-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 5083c04afc9877a10abe5bd151b7236d expat-2.2.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 77efa3806a9ed98fddc044e8f0d25f1d expat-2.2.8-x86_64-1_slack14.0.txz Slackware 14.1 package: f68d41735c3cc218855491abe43b9755 expat-2.2.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f9f9213aa7c70976a14676568ab414c8 expat-2.2.8-x86_64-1_slack14.1.txz Slackware 14.2 package: c7c7a2e1055d12fe2a8b5ff6be640c52 expat-2.2.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 00632a5b09d08316ee66fa63e4e23d27 expat-2.2.8-x86_64-1_slack14.2.txz Slackware -current package: fc31f923d41d753d2681472fb3203a27 l/expat-2.2.8-i586-1.txz Slackware x86_64 -current package: 51baab2bafea79c8b39f1d6a35db12b7 l/expat-2.2.8-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg expat-2.2.8-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl1/+EwACgkQakRjwEAQIjPmrwCdFJjMg8jzqtHuhdp/GX3+6V+d l5UAoI9TeTt6WJydBRToDvkbUAb5VkQz =U+8m -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2019-254-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-254-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.1.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.1.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.1.0-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.1.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 175745dcf6adb676660a7bc5a5ae8b92 mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 0fc5856b360608e12854ad31f1121bf9 mozilla-thunderbird-68.1.0-x86_64-1_slack14.2.txz Slackware -current package: 48e4f431ddf873d1fc07a4c75e38f0aa xap/mozilla-thunderbird-68.1.0-i686-1.txz Slackware x86_64 -current package: 9bc740101033d626fb1afff263cf5431 xap/mozilla-thunderbird-68.1.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl15vvwACgkQakRjwEAQIjPwUgCdFxp6wkHrp/M/BFJ4B0ber/6B xpYAn0I8jatwsjiphNLV7Sktav6IAmxm =FnGY -END PGP SIGNATURE-
[slackware-security] openssl (SSA:2019-254-03)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2019-254-03) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz: Upgraded. This update fixes low severity security issues: Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Compute ECC cofactors if not provided during EC_GROUP construction For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547 (* Security fix *) patches/packages/openssl-solibs-1.0.2t-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2t-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2t-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2t-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1d-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1d-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1d-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1d-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 903720b73725547f29d4d9b73e033501 openssl-1.0.2t-i586-1_slack14.2.txz eba348070c289ec02a9892f3a82d7cfc openssl-solibs-1.0.2t-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: e869ff17a8644c1f415ef603bfee43ad openssl-1.0.2t-x86_64-1_slack14.2.txz fd8ef08d4df6cf279a14d504b2f96164 openssl-solibs-1.0.2t-x86_64-1_slack14.2.txz Slackware -current packages: 412545282b13cb9f641cec5771b7c4e7 a/openssl-solibs-1.1.1d-i586-1.txz 87963935bfd9fba4daab83682f0a2329 n/openssl-1.1.1d-i586-1.txz Slackware x86_64 -current packages: d0617da050eea3ed90f272fd110636f7 a/openssl-solibs-1.1.1d-x86_64-1.txz cacd12f8db7e9ed50008dd5e7dbd2073 n/openssl-1.1.1d-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-1.0.2t-i586-1_slack14.2.txz openssl-solibs-1.0.2t-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl15vv8ACgkQakRjwEAQIjO32ACfR580aZBakWyZfxxP9wWwsaIP d0QAn2i9oY2Uam7ZRuUGWFlrGlZcPfln =n/cg -END PGP SIGNATURE-
[slackware-security] curl (SSA:2019-254-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2019-254-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: FTP-KRB double-free TFTP small blocksize heap buffer overflow For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.66.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.66.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.66.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.66.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.66.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.66.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.66.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.66.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 44ee1285528d843bc87ab39283eff7b7 curl-7.66.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f203a772ab56555078587f06f1e41464 curl-7.66.0-x86_64-1_slack14.0.txz Slackware 14.1 package: e366a62685183d30ebfcdb48e74c093b curl-7.66.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5f72e7f03810e098a4da306d8a3454ac curl-7.66.0-x86_64-1_slack14.1.txz Slackware 14.2 package: a04ff4576a205b6900a7044f6e053b59 curl-7.66.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: b4fc8078a52cc28aa56796a6fa0d0ead curl-7.66.0-x86_64-1_slack14.2.txz Slackware -current package: 98f9cb998c6c40b28f4dc3a730916f06 n/curl-7.66.0-i586-1.txz Slackware x86_64 -current package: a33d1c6263cbf031080d1b220d25958a n/curl-7.66.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg curl-7.66.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl15vvoACgkQakRjwEAQIjORwACff0FCNYd2qPaSF6/D55ik+m1B QrAAnA2P1fNHA+uYSWWk8ANBf9OAsVTa =Pffe -END PGP SIGNATURE-
[slackware-security] seamonkey (SSA:2019-247-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] seamonkey (SSA:2019-247-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/seamonkey-2.49.5-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/2.49.5 (* Security fix *) patches/packages/seamonkey-solibs-2.49.5-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-2.49.5-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-solibs-2.49.5-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-2.49.5-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-solibs-2.49.5-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.49.5-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.49.5-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.49.5-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.49.5-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 7cb1e7205f9997268d8dde17c8a1f99f seamonkey-2.49.5-i586-1_slack14.2.txz 1f16a74d17a0dba6a1f8c380d39d3444 seamonkey-solibs-2.49.5-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: e20bc18b61ae50a2a9d73a996d7e6481 seamonkey-2.49.5-x86_64-1_slack14.2.txz bdbbfbdabb2944ea69edb6ebc8643286 seamonkey-solibs-2.49.5-x86_64-1_slack14.2.txz Slackware -current packages: e845384d1cb6114e27778b95017143ee l/seamonkey-solibs-2.49.5-i586-1.txz 0f033b1bd6ac49bda0abd0b849b9f2b5 xap/seamonkey-2.49.5-i586-1.txz Slackware x86_64 -current packages: cfda61f29b508d8d9efe2da1f082f6d7 l/seamonkey-solibs-2.49.5-x86_64-1.txz 76ad7d67b15d9cd6e4ff2dc4f821fe09 xap/seamonkey-2.49.5-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg seamonkey-2.49.5-i586-1_slack14.2.txz seamonkey-solibs-2.49.5-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl1wKXgACgkQakRjwEAQIjPt+ACfR+MH0+cvhXmiL98tQgKWiu/y DvcAnizltQWi56yAReca71xF/MRjIuPM =PcAr -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2019-238-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-238-01) New kernel packages are available for Slackware 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.190/*: Upgraded. These updates fix various bugs and a minor local denial-of-service security issue. They also change this option: FANOTIFY_ACCESS_PERMISSIONS n -> y This is needed by on-access virus scanning software. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.190: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20961 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-firmware-20190821_c0fb3d9-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-generic-4.4.190-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-generic-smp-4.4.190_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-headers-4.4.190_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-huge-4.4.190-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-huge-smp-4.4.190_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-modules-4.4.190-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-modules-smp-4.4.190_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.190/kernel-source-4.4.190_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-firmware-20190821_c0fb3d9-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-generic-4.4.190-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-headers-4.4.190-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-huge-4.4.190-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-modules-4.4.190-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.190/kernel-source-4.4.190-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: e6d93deb002a0851d04e31927750ab38 kernel-firmware-20190821_c0fb3d9-noarch-1.txz 9f2f5d68193192a02f1acd50961d7bf8 kernel-generic-4.4.190-i586-1.txz fd8df419fd9bb18eaa024f3b283fe3d9 kernel-generic-smp-4.4.190_smp-i686-1.txz 1321b644dcb1885940bb77227e3fa7f4 kernel-headers-4.4.190_smp-x86-1.txz 784aaadf0689e6fba438a2b17eb7bee8 kernel-huge-4.4.190-i586-1.txz e4aba4622501579386773c053a8fe881 kernel-huge-smp-4.4.190_smp-i686-1.txz 18a3e5ec95a00cca03c9a6998b0970ee kernel-modules-4.4.190-i586-1.txz 5718428fc20cf09a60c7dd4106f960c8 kernel-modules-smp-4.4.190_smp-i686-1.txz b90f8185ba89e2c2ad5ac81733977376 kernel-source-4.4.190_smp-noarch-1.txz Slackware x86_64 14.2 packages: e6d93deb002a0851d04e31927750ab38 kernel-firmware-20190821_c0fb3d9-noarch-1.txz 8608bffca8687e5be1c3c2e80e268e77 kernel-generic-4.4.190-x86_64-1.txz 7e1f2e3cb09ed5f357ae461713a398f1 kernel-headers-4.4.190-x86-1.txz daa8f51d8d6f050791694d53575d7c6b kernel-huge-4.4.190-x86_64-1.txz 0d389d5a64ab573d567991d9eba7a235 kernel-modules-4.4.190-x86_64-1.txz 9d92130a6d4906c5a30dab0950a28416 kernel-source-4.4.190-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.190-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command
[slackware-security] mozilla-firefox (SSA:2019-226-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-226-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/firefox/68.0.2esr/releasenotes/ (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.0.2esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.0.2esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.0.2esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: cf25d455083181a7739bf90b5bac6153 mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: ed6879b97c71e456532bbf65c970f98e mozilla-firefox-68.0.2esr-x86_64-1_slack14.2.txz Slackware -current package: 0f17302df3f144204af4c149191db52a xap/mozilla-firefox-68.0.2esr-i686-1.txz Slackware x86_64 -current package: 45f81eafab2c4f6d37fb21005676a9d0 xap/mozilla-firefox-68.0.2esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl1UiX4ACgkQakRjwEAQIjOJ7ACgiv7LBmrpmhdla/i4F9HyeSLX +zoAn1vhSo2hJehSrJMthRm6VYvX6xiC =s2Fs -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.189/*: Upgraded. These updates fix various bugs and many security issues, and include the Spectre v1 SWAPGS mitigations. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.187: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13631 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18509 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14284 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648 Fixed in 4.4.189: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20856 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-firmware-20190726_dff98c6-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-generic-4.4.189-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-generic-smp-4.4.189_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-headers-4.4.189_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-huge-4.4.189-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-huge-smp-4.4.189_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-modules-4.4.189-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-modules-smp-4.4.189_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.189/kernel-source-4.4.189_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-firmware-20190726_dff98c6-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-generic-4.4.189-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-headers-4.4.189-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-huge-4.4.189-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-modules-4.4.189-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.189/kernel-source-4.4.189-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 31f6e1d8a355504e76fc99e8fb1c97ca kernel-firmware-20190726_dff98c6-noarch-1.txz 7c529a98b035edec5ecb0395a2d8bc24 kernel-generic-4.4.189-i586-1.txz ac9c4751a60b630bf4540016705bd469 kernel-generic-smp-4.4.189_smp-i686-1.txz 0f569b5620f8ab97181d2ce2e1d203f8 kernel-headers-4.4.189_smp-x86-1.txz 91f344ae583a173e93a86d5afbcae1bd kernel-huge-4.4.189-i586-1.txz 35791ce64e121ae3888228cb7fefe38e kernel-huge-smp-4.4.189_smp-i686-1.txz a6ad8b6ac14d4b747401c326f7fdb2f0 kernel-modules-4.4.189-i586-1.txz ebbfec5eac47f25b9348f98378caca8d kernel-modules-smp-4.4.189_smp-i686-1.txz 31a4099fd16ad86d8e7bcadcfeb97891 kernel-source-4.4.189_smp-noarch-1.txz Slackware x86_64 14.2 packages: 31f6e1d8a355504e76fc99e8fb1c97ca kernel-firmware-20190726_dff98c6-noarch-1.txz f054f970f61cd2d18173c40a688a28e6 kernel-generic-4.4.189-x86_64-1.txz a6be95eff1a19ca4f3793aacfc53fa9b kernel-headers-4.4.189-x86-1.txz 760b9736c42324841607dbc744d1fcf2 kernel-huge-4.4.189-x86_64-1.txz 38b6a31e28669e0be03a39662ec8ccc6 kernel-modules-4.4.189-x86_64-1.txz 0ee2ec8dfaddc44f6c4969f5051906e7 kernel-source-4.4.189-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SM
[slackware-security] kdelibs (SSA:2019-220-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] kdelibs (SSA:2019-220-01) New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/kdelibs-4.14.38-i586-1_slack14.2.txz: Upgraded. kconfig: malicious .desktop files (and others) would execute code. For more information, see: https://mail.kde.org/pipermail/kde-announce/2019-August/47.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14744 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/kdelibs-4.14.38-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/kdelibs-4.14.38-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdelibs-4.14.38-i586-4.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/kde/kdelibs-4.14.38-x86_64-4.txz MD5 signatures: +-+ Slackware 14.2 package: bf9cdc634d392f7c05561a7ddc298388 kdelibs-4.14.38-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3646da04eed2835db47afb3bab02c78b kdelibs-4.14.38-x86_64-1_slack14.2.txz Slackware -current package: a88a3859f1f7fb57df6579ba45153e80 kde/kdelibs-4.14.38-i586-4.txz Slackware x86_64 -current package: cb52242ec03ff9430894b1d7aee206cf kde/kdelibs-4.14.38-x86_64-4.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg kdelibs-4.14.38-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl1Lsq4ACgkQakRjwEAQIjNEnwCdFlNBpZg7ZAC90c6oSVS9QqKr zuMAniKMWL2aeilw8h9KCE9h1BFgI70L =J6NF -END PGP SIGNATURE-
[slackware-security] mariadb (SSA:2019-213-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mariadb (SSA:2019-213-01) New mariadb packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/mariadb-5.5.65-i486-1_slack14.1.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.65-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.65-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.4.7-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.4.7-x86_64-1.txz MD5 signatures: +-+ Slackware 14.1 package: 4710b686d7c882c90f8b381d3aa34caf mariadb-5.5.65-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 059ee74d0a492bc211c4d61722388b79 mariadb-5.5.65-x86_64-1_slack14.1.txz Slackware -current package: 155c95243551cac4cd8fae3816e79116 ap/mariadb-10.4.7-i586-1.txz Slackware x86_64 -current package: 76e0cda4ff14b49cc91912436e637ccf ap/mariadb-10.4.7-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mariadb-5.5.65-i486-1_slack14.1.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl1DWwwACgkQakRjwEAQIjNK1QCeJZ1T0As0XlWw1YCCsSkVFMc6 KrwAnjV7VPv/7zXrQXuL45tt3SLTAZSY =Etvf -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.182/*: Upgraded. These updates fix various bugs and many minor security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.183: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892 Fixed in 4.4.185: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16597 Fixed in 4.4.186: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz d7e0b9ffdc4265b45d4de39d49d52616 kernel-generic-4.4.186-i586-1.txz c1131f8dd16f7113cc8b1e14c402a9b7 kernel-generic-smp-4.4.186_smp-i686-1.txz ca4630c4ee7056c51f3262152bfb9213 kernel-headers-4.4.186_smp-x86-1.txz 61b95e68756fe9741ddbdc52f397fe49 kernel-huge-4.4.186-i586-1.txz ff981138513726a502d57f9e2aecad36 kernel-huge-smp-4.4.186_smp-i686-1.txz ca8f6fb5fc378d16e5afcee31dd032dc kernel-modules-4.4.186-i586-1.txz 25fc2f1280f1a706705ef4535f4efd1c kernel-modules-smp-4.4.186_smp-i686-1.txz 2d299723d6f910df1e8c21d18070b9ef kernel-source-4.4.186_smp-noarch-1.txz Slackware x86_64 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz 80caffb23805afe93b957fecbff2 kernel-generic-4.4.186-x86_64-1.txz f72e4543e3489d18604f33a901e04551 kernel-headers-4.4.186-x86-1.txz 0765db332a94cfedcacd987871903e56 kernel-huge-4.4.186-x86_64-1.txz 8d565a7b223b9444731796e6147116eb kernel-modules-4.4.186-x86_64-1.txz 0254fdbb4430362ea373b47584d8eb30 kernel-source-4.4.186-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_gen
[slackware-security] bzip2 (SSA:2019-195-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bzip2 (SSA:2019-195-01) New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz: Upgraded. Fixes security issues: bzip2recover: Fix use after free issue with outFile. Make sure nSelectors is not out of range. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bzip2-1.0.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bzip2-1.0.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bzip2-1.0.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bzip2-1.0.8-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bzip2-1.0.8-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bzip2-1.0.8-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bzip2-1.0.8-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 8a94c11d7ef85966c8cf4eddb169b6b9 bzip2-1.0.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 86e7066ee23ccbc43912f8fdf242d7f4 bzip2-1.0.8-x86_64-1_slack14.0.txz Slackware 14.1 package: 157e83b4270d4520fd1640f3e4a793e9 bzip2-1.0.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 2a0494c27ffa73deaf9cfe616edbbdbc bzip2-1.0.8-x86_64-1_slack14.1.txz Slackware 14.2 package: 49b34a9ebf71d346b1f99c2524d046bc bzip2-1.0.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 5c6ba8d29eb16000f072a8e364836921 bzip2-1.0.8-x86_64-1_slack14.2.txz Slackware -current package: 50e813124cd298552694171a9ca535ef a/bzip2-1.0.8-i586-1.txz Slackware x86_64 -current package: c6f4170f1b14065b4fb2594d8ad73e71 a/bzip2-1.0.8-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg bzip2-1.0.8-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0rx3AACgkQakRjwEAQIjO5FwCfTiHe6aTfjVb89tyMMDmE/UD8 JqkAn059V8Mx0zv5NgVT9Roy4mGGBJ7A =9w0A -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-191-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-191-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. Some of the patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 87b647c90470ff5ec0d284d0bb669b55 mozilla-firefox-68.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 40a642ea066ced5b4d97cf753c360f76 mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz Slackware -current package: f0ef23f604b2e8fbf2972d78c3dcfd52 xap/mozilla-firefox-68.0esr-i686-1.txz Slackware x86_64 -current package: d379ec99b3c0f647de6c7b7a736b5a69 xap/mozilla-firefox-68.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-68.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0mStsACgkQakRjwEAQIjMfMQCcCEfQdpX05gxTPNF3mGyR9qvZ mZwAnRfj6THpAAD2PSf3L0DAYxXVL9L8 =KrTN -END PGP SIGNATURE-
[slackware-security] irssi (SSA:2019-180-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] irssi (SSA:2019-180-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/irssi-1.1.3-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Use after free when sending SASL login to the server found by ilbelkyr. May affect the stability of Irssi. SASL logins may fail, especially during (manual and automated) reconnect. For more information, see: https://irssi.org/2019/06/29/irssi-1.2.1-1.1.3-1.0.8-released/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13045 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/irssi-1.1.3-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/irssi-1.1.3-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/irssi-1.1.3-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/irssi-1.1.3-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/irssi-1.1.3-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/irssi-1.1.3-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/irssi-1.2.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/irssi-1.2.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: bf3ac5537bb8e80f617e76f595bbf401 irssi-1.1.3-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 53e6af37b3eb75ffb6aa369d2a766b47 irssi-1.1.3-x86_64-1_slack14.0.txz Slackware 14.1 package: 728c7508b93256f015236454dff08eaf irssi-1.1.3-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 6e3f8cb271fdfdb8523df3eb9e019caf irssi-1.1.3-x86_64-1_slack14.1.txz Slackware 14.2 package: b1c438b81211f9bf16c36ec099320741 irssi-1.1.3-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 8b23ad699304ad982dfba5369b40acd0 irssi-1.1.3-x86_64-1_slack14.2.txz Slackware -current package: c8fbbb826aa35c57c85f6bda51e05059 n/irssi-1.2.1-i586-1.txz Slackware x86_64 -current package: ce52be384aa2231bc02765669363a2c6 n/irssi-1.2.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg irssi-1.1.3-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0Xs2wACgkQakRjwEAQIjNRfQCfd6XozgFYf7nlWm67tE67Unqq hn8AniYbHd8adA1znHVDwt/dZefELmgn =wzA5 -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-172-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-172-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11708 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.7.2esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.7.2esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.7.2esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: bd6b13b02c54a1dd8aea8e100beaff65 mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: c144e0ce3cc6c2526d0331ab540a4b35 mozilla-firefox-60.7.2esr-x86_64-1_slack14.2.txz Slackware -current package: 43015adcaf219efa63358b795ee9558b xap/mozilla-firefox-60.7.2esr-i686-1.txz Slackware x86_64 -current package: 28afdd952e9f3b8fadab495b5e7e616d xap/mozilla-firefox-60.7.2esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0Mde4ACgkQakRjwEAQIjMM4ACghLAFikaEMZCRTliLs3lJDpVa kOEAnAgFvfX015gIdn3zms/VQSMYMjF4 =1H46 -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2019-172-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-172-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.7.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.7.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.7.2-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.7.2-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 95587bb59373075e0de46848cd652835 mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 0ab1af7a774d9404791809e5af411f83 mozilla-thunderbird-60.7.2-x86_64-1_slack14.2.txz Slackware -current package: f82124e7256f53d092805e4e659821c9 xap/mozilla-thunderbird-60.7.2-i686-1.txz Slackware x86_64 -current package: 056bbf7164f85dda82ffb8b2209d9ed5 xap/mozilla-thunderbird-60.7.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0MdfAACgkQakRjwEAQIjPOWgCgkGZo+IDl0QmDVMyyCxEogDXY cjAAmQFMF637+jAqajHqCvf04wKHkv7Z =3dbd -END PGP SIGNATURE-
[slackware-security] bind (SSA:2019-171-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2019-171-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/bind-9.11.8-i586-1_slack14.2.txz: Upgraded. Fixed a race condition in dns_dispatch_getnext() that could cause an assertion failure if a significant number of incoming packets were rejected. For more information, see: https://kb.isc.org/docs/cve-2019-6471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.8-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.8-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.3-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.3-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 9607f8e5a02ddd973b611b132e27a18a bind-9.11.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7ca41b2cc7476a177d86efb8e0d635ca bind-9.11.8-x86_64-1_slack14.0.txz Slackware 14.1 package: 82fe22a0cd33f6401ea24ad0f2f4a3d3 bind-9.11.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b5abf1923df6e5eeb88d3ef2764cf74c bind-9.11.8-x86_64-1_slack14.1.txz Slackware 14.2 package: c94fa2993da21984d436c8f7e6a31478 bind-9.11.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 681a10d5b96c806146b68e15c785e073 bind-9.11.8-x86_64-1_slack14.2.txz Slackware -current package: 27af9b7debe692841182193eb397e2da n/bind-9.14.3-i586-1.txz Slackware x86_64 -current package: a8e742c791d996a68be9e687a50b8288 n/bind-9.14.3-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg bind-9.11.8-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0LzDsACgkQakRjwEAQIjOsnQCeN3xh8ruGxMCerBrwdOiuDE+M bwoAn2F6rHk2C5UOr5B6Yqbt77gfk7eh =Q1GL -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2019-164-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-164-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11706 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.7.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.7.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.7.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 98e2a0d853a672dfa1177d71f50837db mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a8b5fcaa6e7edd7eb552efedda2e0eca mozilla-thunderbird-60.7.1-x86_64-1_slack14.2.txz Slackware -current package: e42d9ee6f3f8b4677bb7ae051d4671d1 xap/mozilla-thunderbird-60.7.1-i686-1.txz Slackware x86_64 -current package: f7d31af130c72e480e746068f554e8c9 xap/mozilla-thunderbird-60.7.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAl0C9f4ACgkQakRjwEAQIjMz1ACcDdb9G9mGstY8Ngs6wjGDy1nd uwUAnR2ULVvBAzrbWmoCAVTMl/p5mOMt =jDGY -END PGP SIGNATURE-
[slackware-security] curl (SSA:2019-142-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2019-142-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curl_url_set tftp: use the current blksize for recvfrom() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz Slackware -current package: 82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz Slackware x86_64 -current package: df9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg curl-7.65.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlzl2+wACgkQakRjwEAQIjNexgCfTvzIVXbirg3zFjR65ZtJvTV3 rFUAn3dTiFluxkdH+Ne9l3O7ej35HPvu =ilaf -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-141-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-141-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. Some of the patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.7.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.7.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 9bb86b28639fe241a285ae8868f6fd3c mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 71cfd983350a89459015e89af1f4cf46 mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz Slackware -current package: 02f5b3d10ba9ef7a094f862b1a9b4120 xap/mozilla-firefox-60.7.0esr-i686-1.txz Slackware x86_64 -current package: b4ccd8857ce8355105c0595cf2d84154 xap/mozilla-firefox-60.7.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlzkh6UACgkQakRjwEAQIjMrzQCghW/eBQfZ56XxHEf9XsvDy3M1 ulgAnRBM8gCmy6QQ5sqB6STkkgrtDyI4 =GmCb -END PGP SIGNATURE-
[slackware-security] rdesktop (SSA:2019-135-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] rdesktop (SSA:2019-135-01) New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/rdesktop-1.8.5-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/rdesktop-1.8.5-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/rdesktop-1.8.5-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/rdesktop-1.8.5-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: ba367efcf0f70167a8791d2211f8ca43 rdesktop-1.8.5-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 1495fd99d763c36ac434badb5e8586bf rdesktop-1.8.5-x86_64-1_slack14.0.txz Slackware 14.1 package: c38052237f138380e385e4562006472f rdesktop-1.8.5-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b996ac69fd4379f1a08483e728adb276 rdesktop-1.8.5-x86_64-1_slack14.1.txz Slackware 14.2 package: ba6af1c6c0c2adc89cfb94d39db1f976 rdesktop-1.8.5-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0715f48dc29c6ed4bf36900bd82425a3 rdesktop-1.8.5-x86_64-1_slack14.2.txz Slackware -current package: 3185621a3ff1e79f204878060811094b xap/rdesktop-1.8.5-i586-1.txz Slackware x86_64 -current package: b0e156f52fff64bc890e898e6de1c5e0 xap/rdesktop-1.8.5-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg rdesktop-1.8.5-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlzc7bIACgkQakRjwEAQIjO4RwCfdyVT8LUJLv4KfrAWEu58/6dQ hckAni9PTE0TqQ3ZkyZenU3Z2oXNySiD =Z8aP -END PGP SIGNATURE-
[slackware-security] bind (SSA:2019-116-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2019-116-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to exhaustion of file descriptors. For more information, see: https://kb.isc.org/docs/cve-2018-5743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.6_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.6_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: d6835a3a22d339df9ca0afd5ab8561bc bind-9.11.6_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 892265f47674a12362bf821dab2cc9fa bind-9.11.6_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: 4c55681ae3fb61df7d1af3c92fc53db5 bind-9.11.6_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 932435bf42a652149c5d7a68267696f1 bind-9.11.6_P1-x86_64-1_slack14.1.txz Slackware 14.2 package: 65779b9f25e221aa3bb1726e331218d4 bind-9.11.6_P1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: a6b8c6ea2b4abd53b9cb21a77ffc93b7 bind-9.11.6_P1-x86_64-1_slack14.2.txz Slackware -current package: c1f720dd751a405a60b8e6b59dcb3279 n/bind-9.14.1-i586-1.txz Slackware x86_64 -current package: 65a617602a5e83d626d1a7045f346cf4 n/bind-9.14.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg bind-9.11.6_P1-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlzDV98ACgkQakRjwEAQIjM+NgCfUSSQnLjj8Nr95Yq5sIPAOK3x nzsAoIXg6f4ZPMijyDQeNOjZnTnEp+nT =Ndin -END PGP SIGNATURE-
[slackware-security] libpng (SSA:2019-107-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libpng (SSA:2019-107-01) New libpng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libpng-1.6.37-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAly3jH8ACgkQakRjwEAQIjPbQwCfT5g/xkRppESpV1s22uQZ0U+k T3IAniDkz4jjVKpMyhd8DybZkEehbGt4 =WHtg -END PGP SIGNATURE-
[slackware-security] httpd (SSA:2019-096-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] httpd (SSA:2019-096-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/httpd-2.4.39-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.39-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.39-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.39-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.39-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.39-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.39-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.39-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.39-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: ef8dc6c74f67c20f69e45d367c69d91e httpd-2.4.39-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 213e093ac572698139ce27bf378a0bec httpd-2.4.39-x86_64-1_slack14.0.txz Slackware 14.1 package: 4191bba2f5d138a5bfd7a65e7d8a01cc httpd-2.4.39-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 177aaf7e527a5eb2c4de2b6f1b6d03ea httpd-2.4.39-x86_64-1_slack14.1.txz Slackware 14.2 package: d9b05dfe83204233ab7c4ffa46ee8936 httpd-2.4.39-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7f21336828b6b8db4ffd74d3ffadf249 httpd-2.4.39-x86_64-1_slack14.2.txz Slackware -current package: 002df106ca8a8ce88cf6abbe5dd7518a n/httpd-2.4.39-i586-1.txz Slackware x86_64 -current package: d1ed25cdbb792326e2fe3f7f28a3d901 n/httpd-2.4.39-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg httpd-2.4.39-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlypATAACgkQakRjwEAQIjOSZgCcDAaczLhLPC6sW6vcrtXpCYyv VeUAn2q+zxrfYHEKC5WeaxFuucGg8wQt =U7K/ -END PGP SIGNATURE-
[slackware-security] wget (SSA:2019-095-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] wget (SSA:2019-095-02) New wget packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/wget-1.20.3-i586-1_slack14.2.txz: Upgraded. Fixed a buffer overflow vulnerability: src/iri.c(do_conversion): Reallocate the output buffer to a larger size if it is already full. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wget-1.20.3-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wget-1.20.3-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget-1.20.3-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget-1.20.3-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 36bef33c1ecdf60c119ff2ff30563ee0 wget-1.20.3-i586-1_slack14.2.txz Slackware x86_64 14.2 package: a5c96689a62c44e10181620043aecee0 wget-1.20.3-x86_64-1_slack14.2.txz Slackware -current package: 81d20d99bdff70497bd78817a788226e n/wget-1.20.3-i586-1.txz Slackware x86_64 -current package: 7ffb5d4e4bacb134ae530d843150fff9 n/wget-1.20.3-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg wget-1.20.3-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlynvRwACgkQakRjwEAQIjP8ugCfWwX2Nl+tHwMeEs58L+67Nj3b LZYAoJKUr57iDnACJWdI1520jEPzjaCZ =8EmL -END PGP SIGNATURE-
[slackware-security] openjpeg (SSA:2019-095-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openjpeg (SSA:2019-095-01) New openjpeg packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openjpeg-2.3.1-i586-1_slack14.2.txz: Upgraded. Includes many bug fixes (including security fixes). (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openjpeg-2.3.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openjpeg-2.3.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/openjpeg-2.3.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/openjpeg-2.3.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 1ba8ccbc15d30237a9fbfc69048ec67d openjpeg-2.3.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: a716fd44a63384af6e92cbc2f24cd113 openjpeg-2.3.1-x86_64-1_slack14.2.txz Slackware -current package: cd4a4ebf1fc7042ade852d7016f342a0 l/openjpeg-2.3.1-i586-1.txz Slackware x86_64 -current package: 0fb9c59880c9f2e718db3df859bc6a16 l/openjpeg-2.3.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg openjpeg-2.3.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlynwzcACgkQakRjwEAQIjOIxgCfQb8FzRVle58+qBSZaVo8FNLK qKoAoJCFdOJZpTfAt/2ZdBKQTK4D3ulx =Gw55 -END PGP SIGNATURE-
[slackware-security] ghostscript (SSA:2019-092-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] ghostscript (SSA:2019-092-01) New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/ghostscript-9.26-i586-1_slack14.2.txz: Upgraded. Fixes security issues: A specially crafted PostScript file could have access to the file system outside of the constrains imposed by -dSAFER. Transient procedures can allow access to system operators, leading to remote code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ghostscript-9.26-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ghostscript-9.26-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/ghostscript-9.26-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/ghostscript-9.26-x86_64-2.txz MD5 signatures: +-+ Slackware 14.2 package: f4758b3fb8b489c5d952cb4adead3906 ghostscript-9.26-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7f80a24e354260abcfd57d71f1100e96 ghostscript-9.26-x86_64-1_slack14.2.txz Slackware -current package: d3088e1ae4aeb2fb7747991ec40870bb ap/ghostscript-9.26-i586-2.txz Slackware x86_64 -current package: 80fed94357eb57a9c3877f39b8d2af50 ap/ghostscript-9.26-x86_64-2.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg ghostscript-9.26-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyjxuoACgkQakRjwEAQIjNY0QCfbDJSIXVkHZfc4x7txtjyLq08 fEQAoIm0+LLPuajUL+iAnSaj5mEz76RH =lkPE -END PGP SIGNATURE-
[slackware-security] wget (SSA:2019-092-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] wget (SSA:2019-092-02) New wget packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/wget-1.20.2-i586-1_slack14.2.txz: Upgraded. Fixed an unspecified buffer overflow vulnerability. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wget-1.20.2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wget-1.20.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget-1.20.2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget-1.20.2-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: feeb88244f25b899408cd12271f9253f wget-1.20.2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 16d27b3ac49df3ddb8e4355448bff8a8 wget-1.20.2-x86_64-1_slack14.2.txz Slackware -current package: 003da3e303321981b2fa3004e85bad9d n/wget-1.20.2-i586-1.txz Slackware x86_64 -current package: 9807fec83a845705ea9b691199c179d3 n/wget-1.20.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg wget-1.20.2-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyjxuwACgkQakRjwEAQIjMkZgCfRKTPLnk+g+2VugrlJbI5gtye QQsAn1L8XN6EAUSrk53Oq4mrZ8FDvz6y =LQVN -END PGP SIGNATURE-
[slackware-security] gnutls (SSA:2019-086-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] gnutls (SSA:2019-086-01) New gnutls packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/gnutls-3.6.7-i586-1_slack14.2.txz: Upgraded. Fixes security issues: libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnutls-3.6.7-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnutls-3.6.7-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.6.7-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.6.7-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 6ce564c9fb38e84bceffcca584613117 gnutls-3.6.7-i586-1_slack14.2.txz Slackware x86_64 14.2 package: ad660f430e5873b0cf3a5ac78a9ecf68 gnutls-3.6.7-x86_64-1_slack14.2.txz Slackware -current package: af0f6c0601209ba99d39679d1085a917 n/gnutls-3.6.7-i586-1.txz Slackware x86_64 -current package: dd2b15db16bcfefe213c8acf012e07c6 n/gnutls-3.6.7-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg gnutls-3.6.7-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyb5a8ACgkQakRjwEAQIjMFfQCePZbSaGkryMW2NyOL+XGyxgqx 1nAAnR3zV4+1CoadSOWp09t/pjzMLCJh =fWV+ -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2019-084-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-084-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-60.6.1-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.6.1/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.6.1-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.6.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.6.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.6.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 8819ba1c1bb0b82acedde947fe831567 mozilla-thunderbird-60.6.1-i686-1_slack14.2.txz Slackware x86_64 14.2 package: b34e9acd3100d592e825c1c912b2 mozilla-thunderbird-60.6.1-x86_64-1_slack14.2.txz Slackware -current package: 6280813fd16a6563e12330ffd92ee5ff xap/mozilla-thunderbird-60.6.1-i686-1.txz Slackware x86_64 -current package: 97a9367a19d5eab63ba37e75302a9d78 xap/mozilla-thunderbird-60.6.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-60.6.1-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyZWC0ACgkQakRjwEAQIjOQ+QCffkLund3ww9QStLuS1m0dmVb+ R80AniT1IrbUMXizVvdblllMK35L3Bep =4Hxr -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-081-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-081-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.6.1esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. The patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9810i https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9813 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.6.1esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.6.1esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.6.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.6.1esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: c37b038f81e5b07a9927ada82bb4fb4a mozilla-firefox-60.6.1esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 8c372c3b4f4479fb2ec59b87d9460713 mozilla-firefox-60.6.1esr-x86_64-1_slack14.2.txz Slackware -current package: 5b03626dff034f6daf229cdc83c17ddf xap/mozilla-firefox-60.6.1esr-i686-1.txz Slackware x86_64 -current package: a23c229838e378fc0a38e7a76c27edc1 xap/mozilla-firefox-60.6.1esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.6.1esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyVSLoACgkQakRjwEAQIjP5sQCgiOQWB36q07WhcIaAIDaEyxVt THQAnjvLWWmqVgKaYegi06kpT5OP9PFN =KlvH -END PGP SIGNATURE-
[slackware-security] libssh2 (SSA:2019-077-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libssh2 (SSA:2019-077-01) New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded. Fixed several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libssh2-1.8.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh2-1.8.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh2-1.8.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 42862bdd55431f6c32f38250275b70fc libssh2-1.8.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3932a95faa37ee1575300fff666b1f4b libssh2-1.8.1-x86_64-1_slack14.2.txz Slackware -current package: a8a256fffd0ee22986b4a8ebeb1f6b68 l/libssh2-1.8.1-i586-1.txz Slackware x86_64 -current package: 14e5f9dd239afd45c3faa27fc02f7c25 l/libssh2-1.8.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libssh2-1.8.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyQId8ACgkQakRjwEAQIjPNlgCfYHhSUrwGDq22fmPJiSZebgoK oqEAn3rDQlZcBRToHjK7A2nGtWp/aafg =3Qh6 -END PGP SIGNATURE-
[slackware-security] ntp (SSA:2019-067-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] ntp (SSA:2019-067-01) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/ntp-4.2.8p13-i586-1_slack14.2.txz: Upgraded. This release fixes a bug that allows an attacker with access to an explicitly trusted source to send a crafted malicious mode 6 (ntpq) packet that can trigger a NULL pointer dereference, crashing ntpd. It also provides 17 other bugfixes and 1 other improvement. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p13-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p13-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p13-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p13-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p13-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 5f793a49c125f84588f35f3188bc66a5 ntp-4.2.8p13-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7e267fa9417e49dc12419be62dde2fbe ntp-4.2.8p13-x86_64-1_slack14.0.txz Slackware 14.1 package: ad9f93989093f0e000a4f412cee01104 ntp-4.2.8p13-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 57959b70be4e6aa471ccff83d25ba172 ntp-4.2.8p13-x86_64-1_slack14.1.txz Slackware 14.2 package: a88168ed545465b2ec789127c83d70be ntp-4.2.8p13-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7756b9440efee21ff1f61b94beaafa66 ntp-4.2.8p13-x86_64-1_slack14.2.txz Slackware -current package: a6498ca0614e59cfc456077ffd4cdf16 n/ntp-4.2.8p13-i586-1.txz Slackware x86_64 -current package: c028aff712c76be79c4a85b05884f988 n/ntp-4.2.8p13-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg ntp-4.2.8p13-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlyCtKgACgkQakRjwEAQIjOVKACghtRp4IsVc+0GsqKZPeC74RlN 8CMAnjiE5DHdiHJ0VF09vUolbKB15L/D =P0LJ -END PGP SIGNATURE-
[slackware-security] python (SSA:2019-062-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] python (SSA:2019-062-01) New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/python-2.7.16-i586-1_slack14.2.txz: Upgraded. Updated to the latest 2.7.x release, which fixes a few security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.16-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.16-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.16-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.16-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.16-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.16-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.16-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.16-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 5e98580251cc7845521d37e959e47c70 python-2.7.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: ec38b3c824e1f86533ec75ade4fbccfc python-2.7.16-x86_64-1_slack14.0.txz Slackware 14.1 package: 099c67e46e5683c13a473556557a574c python-2.7.16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 31c815fd268b9c4cfe595277e9bcbb9f python-2.7.16-x86_64-1_slack14.1.txz Slackware 14.2 package: f797b633aef2d9bd0ed2e6e39287436b python-2.7.16-i586-1_slack14.2.txz Slackware x86_64 14.2 package: b24ef94170c220bf8aed8401e2b57f74 python-2.7.16-x86_64-1_slack14.2.txz Slackware -current package: e92ffbf153e9bcc653500bef5edeed78 d/python-2.7.16-i586-1.txz Slackware x86_64 -current package: 30c08469226ff6afd52f3f0df28340d5 d/python-2.7.16-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg python-2.7.16-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlx8T6IACgkQakRjwEAQIjO1/QCbBkkosq7EOd390OzWI+N9ii5w ZagAniUnq8iE4j6TvKIw9Cw7tSos5gcR =Qt3Z -END PGP SIGNATURE-
[slackware-security] infozip (SSA:2019-060-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] infozip (SSA:2019-060-01) New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/infozip-6.0-i586-4_slack14.2.txz: Rebuilt. Added some patches that should fix extracting archives with non-latin characters in the filenames. Thanks to saahriktu. This update also fixes various security issues in zip and unzip. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-135 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/infozip-6.0-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/infozip-6.0-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/infozip-6.0-i486-4_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/infozip-6.0-x86_64-4_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/infozip-6.0-i586-4_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/infozip-6.0-x86_64-4_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/infozip-6.0-i586-5.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/infozip-6.0-x86_64-5.txz MD5 signatures: +-+ Slackware 14.0 package: 004d16da6ecb62eeae7d68313abac08c infozip-6.0-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 3985ddc5de60621e481121d33871e093 infozip-6.0-x86_64-2_slack14.0.txz Slackware 14.1 package: 0185f2a6c53317e58040a05a84b2f4cc infozip-6.0-i486-4_slack14.1.txz Slackware x86_64 14.1 package: 37c2682c08bf1ed5390ac31d02e97d98 infozip-6.0-x86_64-4_slack14.1.txz Slackware 14.2 package: b71c38eb5a09dee8c0e51bbc0e4b6d85 infozip-6.0-i586-4_slack14.2.txz Slackware x86_64 14.2 package: 0d7239ab3d27aab1935ce6e16583ecfd infozip-6.0-x86_64-4_slack14.2.txz Slackware -current package: 72e1c36d80be26a77fc1938b17f59538 a/infozip-6.0-i586-5.txz Slackware x86_64 -current package: 4111b0985a0909907d2a13e99abb5ccd a/infozip-6.0-x86_64-5.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg infozip-6.0-i586-4_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlx5mkUACgkQakRjwEAQIjPgngCeL4XIUWheKTC811R2CceIbdMU XaMAniTHw0irM4iursUtC/kNrG1AUPwT =H87x -END PGP SIGNATURE-
[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (slackware 14.2) (SSA:2019-057-01) New openssl packages are available for Slackware 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz: Upgraded. Go into the error state if a fatal alert is sent or received. If an application calls SSL_shutdown after a fatal alert has occured and then behaves different based on error codes from that function then the application may be vulnerable to a padding oracle. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 (* Security fix *) patches/packages/openssl-solibs-1.0.2r-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2r-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2r-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2r-x86_64-1_slack14.2.txz MD5 signatures: +-+ Slackware 14.2 packages: b23a71963648d515630497f203eefab8 openssl-1.0.2r-i586-1_slack14.2.txz 8b04a9be9b78052791f02428be44a639 openssl-solibs-1.0.2r-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: c183c2ad507a65020f13c0dc154c0b11 openssl-1.0.2r-x86_64-1_slack14.2.txz d656915855edd6365636ac558b8180cb openssl-solibs-1.0.2r-x86_64-1_slack14.2.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-1.0.2r-i586-1_slack14.2.txz openssl-solibs-1.0.2r-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlx2ACMACgkQakRjwEAQIjNDIQCeN1wsYRv73UH6Q44elCJEJLQy SccAnj82EToKk7ZBCVf0JwaQVqIhPHtr =fp1N -END PGP SIGNATURE-
[slackware-security] file (SSA:2019-054-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] file (SSA:2019-054-01) New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg file-5.36-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld =cbIS -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2019-045-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-045-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.5.1/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356 https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785 https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18335 https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18509 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.5.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.5.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.5.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 3e8873418e8d296bdf92fe714b5cec98 mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz Slackware x86_64 14.2 package: f8cc5973632938ef4909194d28614161 mozilla-thunderbird-60.5.1-x86_64-1_slack14.2.txz Slackware -current package: be4adb59748d0fa1e6f0b9ee518fd935 xap/mozilla-thunderbird-60.5.1-i686-1.txz Slackware x86_64 -current package: 8549bb7d564e205a4ec931dc02a52d9f xap/mozilla-thunderbird-60.5.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxl72cACgkQakRjwEAQIjPHEwCfeazfzugMc57lsB+t8jCKLLPx xPYAniBW3RVbK5JH5oD6khex6q41p43c =HYBa -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2019-044-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-044-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18335 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.5.1esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.5.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.5.1esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: f07582bbd963c1bfc196272aafbbed10 mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a64a420c3bc481de6cc72476807b8260 mozilla-firefox-60.5.1esr-x86_64-1_slack14.2.txz Slackware -current package: 43791c4e45350f24ac0061203bc13964 xap/mozilla-firefox-60.5.1esr-i686-1.txz Slackware x86_64 -current package: 72bdc9762692886e2d9033ce6561ca05 xap/mozilla-firefox-60.5.1esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxkojAACgkQakRjwEAQIjNUzACaA7/DJK+0xCka0oqdOMYgyzY/ ZqEAmwTCeGY7dBpkCGJuOd9YFxpIQ9BY =YVdx -END PGP SIGNATURE-
[slackware-security] lxc (SSA:2019-043-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] lxc (SSA:2019-043-01) New lxc packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue where a malicious privileged container could overwrite the host binary and thus gain root-level code execution on the host. As the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. For more information, see: https://seclists.org/oss-sec/2019/q1/119 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/lxc-2.0.9_d3a03247-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/lxc-2.0.9_d3a03247-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/lxc-2.0.9_d3a03247-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: d61ae78b948167877314791b0e7efb56 lxc-2.0.9_d3a03247-i586-1_slack14.2.txz Slackware x86_64 14.2 package: ee7f83208fd2677ebe57f02348dcc82d lxc-2.0.9_d3a03247-x86_64-1_slack14.2.txz Slackware -current package: d99534882f2ab6c021bde62603883ba9 ap/lxc-2.0.9_d3a03247-i586-1.txz Slackware x86_64 -current package: c623108d950f96465e8df0a3cb0cecf6 ap/lxc-2.0.9_d3a03247-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg lxc-2.0.9_d3a03247-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxjQacACgkQakRjwEAQIjPOSACfc1tR50GUJy1FTrglq5qY39B7 5d8An3ORe5VDGePXVnraJCe8HtcC5i8q =10Wz -END PGP SIGNATURE-
[slackware-security] php (SSA:2019-038-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2019-038-01) New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/php-5.6.40-i586-1_slack14.2.txz: Upgraded. Several security bugs have been fixed in this release: GD: Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). Mbstring: Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). Fixed bug #77381 (heap buffer overflow in multibyte match_at). Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). Fixed bug #77385 (buffer overflow in fetch_token). Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). Phar: Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). Xmlrpc: Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). For more information, see: https://php.net/ChangeLog-5.php#5.6.40 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.40-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.40-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.40-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.40-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.40-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.40-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.2.15-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.2.15-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: bcb848ec4441e1c9326b3a1db085505e php-5.6.40-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9fc26fa58f2fb0ef5fb4cd7a8c1a213f php-5.6.40-x86_64-1_slack14.0.txz Slackware 14.1 package: 9171862cf5c7f300f9647ca2a6ab473e php-5.6.40-i486-1_slack14.1.txz Slackware x86_64 14.1 package: eda09ba227a306b363e1ddfc33090e95 php-5.6.40-x86_64-1_slack14.1.txz Slackware 14.2 package: a09c980f8725eee8b7d6c5175431fe48 php-5.6.40-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 16e5126eb40d443847ce62f40acaa964 php-5.6.40-x86_64-1_slack14.2.txz Slackware -current package: 9a839180fa5a37150e5c9a8d1bb090da n/php-7.2.15-i586-1.txz Slackware x86_64 -current package: 384910100ad49d38f7dbb4fec532200e n/php-7.2.15-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg php-5.6.40-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxcsuIACgkQakRjwEAQIjM52wCeIzqI93rDq/QcATQz3bIPsfZh hnIAni2qL83jK7jO8NY7HWh4RPKPUvhN =99mu -END PGP SIGNATURE-
[slackware-security] curl (SSA:2019-037-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2019-037-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: NTLM type-2 out-of-bounds buffer read. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg curl-7.64.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxbYwEACgkQakRjwEAQIjMNmACdEjyAuZnr/E0Z7LEhFAfEvjBG NMAAn104fmo4uY+0MRwmbBInN/WqbkSd =VxR5 -END PGP SIGNATURE-
[slackware-security] mariadb (SSA:2019-032-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mariadb (SSA:2019-032-01) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mariadb-10.0.38-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2529 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.63-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.63-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.38-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.38-x86_64-1_slack14.2.txz MD5 signatures: +-+ Slackware 14.1 package: a81564cdf4f9efa0cc4c0f47babcf5bf mariadb-5.5.63-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 399bfb1dc4a85ce86986fdaf87d8e9fb mariadb-5.5.63-x86_64-1_slack14.1.txz Slackware 14.2 package: 2d9ece0b78c612d7dd222a30dda414e9 mariadb-10.0.38-i586-1_slack14.2.txz Slackware x86_64 14.2 package: bc12313467c7aba5dda4e224f41062da mariadb-10.0.38-x86_64-1_slack14.2.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mariadb-10.0.38-i586-1_slack14.2.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxU+EIACgkQakRjwEAQIjMs0gCeKlMKqbj2dqNubmIYHeflniR2 bqYAn26RrmxONmKo2HdwqO+ATVGGVGXT =jySD -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.172/*: Upgraded. These updates fix various bugs and many (mostly minor) security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.159: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20511 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14633 Fixed in 4.4.160: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17972 Fixed in 4.4.163: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18281 Fixed in 4.4.164: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18710 Fixed in 4.4.167: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19824 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20169 Fixed in 4.4.168: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12896 Fixed in 4.4.169: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18241 Fixed in 4.4.170: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19985 Fixed in 4.4.171: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16884 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14611 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14612 Fixed in 4.4.172: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13099 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13100 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18249 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-firmware-20190118_a8b75ca-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-generic-4.4.172-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-generic-smp-4.4.172_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-headers-4.4.172_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-huge-4.4.172-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-huge-smp-4.4.172_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-modules-4.4.172-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-modules-smp-4.4.172_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.172/kernel-source-4.4.172_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.172/kernel-firmware-20190118_a8b75ca-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.172/kernel-generic-4.4.172-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.172/kernel-headers-4.4.172-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/pat
[slackware-security] mozilla-firefox (SSA:2019-029-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-029-01) New mozilla-firefox packages are available for 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500 https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505 https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.5.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.5.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.5.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: cad63204094d15cad52ec6046a3442aa mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 6365c7e9317047942266a170327625eb mozilla-firefox-60.5.0esr-x86_64-1_slack14.2.txz Slackware -current package: dc6ff398a70e82e215a173645304bd43 xap/mozilla-firefox-60.5.0esr-i686-1.txz Slackware x86_64 -current package: 4b357a106b675205f173517ea166c392 xap/mozilla-firefox-60.5.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxRJ9sACgkQakRjwEAQIjNi9gCfdyaKtVNfeQCtSfFqk6yx89Ul y2EAmQHq+1KzUX04c14bbVEqwMGvFUS3 =oVp9 -END PGP SIGNATURE-
[slackware-security] httpd (SSA:2019-022-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] httpd (SSA:2019-022-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/httpd-2.4.38-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. mod_session: mod_session_cookie does not respect expiry time allowing sessions to be reused. [Hank Ibell] mod_http2: fixes a DoS attack vector. By sending slow request bodies to resources not consuming them, httpd cleanup code occupies a server thread unnecessarily. This was changed to an immediate stream reset which discards all stream state and incoming data. [Stefan Eissing] mod_ssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and later. PR 63052. [Joe Orton] For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.38-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.38-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.38-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.38-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.38-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.38-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.38-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.38-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 0adec00319bf7b7cdc6fed26e4309233 httpd-2.4.38-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4f1cf21ed7894aa45705fb0ece40d48f httpd-2.4.38-x86_64-1_slack14.0.txz Slackware 14.1 package: eb5d175119448650625b3cb4815f0dbc httpd-2.4.38-i486-1_slack14.1.txz Slackware x86_64 14.1 package: d48c93611cc57a80f3cb8b719feda7a4 httpd-2.4.38-x86_64-1_slack14.1.txz Slackware 14.2 package: e0c60fa30ab8676f935e6a5aed719c59 httpd-2.4.38-i586-1_slack14.2.txz Slackware x86_64 14.2 package: c4efb726bf6fab65ed2340ac1e6c9731 httpd-2.4.38-x86_64-1_slack14.2.txz Slackware -current package: 28055e1d52dd60e0d53681ac85b9d093 n/httpd-2.4.38-i586-1.txz Slackware x86_64 -current package: 5d0f9e0ca0bb8add0ec6b4938497e465 n/httpd-2.4.38-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg httpd-2.4.38-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlxH8DgACgkQakRjwEAQIjNG8QCeNBF2W052aM6qtsrFe+lrJU4s 3XMAmQHxAE574rQV6ssDE/bKh9az5iiF =W2LF -END PGP SIGNATURE-
[slackware-security] zsh (SSA:2019-013-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] zsh (SSA:2019-013-01) New zsh packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/zsh-5.6.2-i586-1_slack14.2.txz: Upgraded. This release fixes security issues, including ones that could allow a local attacker to execute arbitrary code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1100 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/zsh-5.6.2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/zsh-5.6.2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/zsh-5.6.2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/zsh-5.6.2-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/zsh-5.6.2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/zsh-5.6.2-x86_64-1_slack14.2.txz MD5 signatures: +-+ Slackware 14.0 package: eee31011db16ee065279399d58de4c2b zsh-5.6.2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 766df0eb186d95362a78ae523b83f7d2 zsh-5.6.2-x86_64-1_slack14.0.txz Slackware 14.1 package: 7c376a74372346613fa58296b5a43158 zsh-5.6.2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 80cee93fdaa1d7d526c2056b0c374ba5 zsh-5.6.2-x86_64-1_slack14.1.txz Slackware 14.2 package: 01e67f2f735ffb022890a1adb8318b6b zsh-5.6.2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 5e5676c283d4267057eeef2a573dae00 zsh-5.6.2-x86_64-1_slack14.2.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg zsh-5.6.2-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlw8DfYACgkQakRjwEAQIjMrnQCdHyKGgOkOxrtpp7dGepLwxVt5 A+QAoJMPlLjMdtdZZuC3lqoXRviRbp/3 =4rhQ -END PGP SIGNATURE-
[slackware-security] irssi (SSA:2019-011-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] irssi (SSA:2019-011-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/irssi-1.1.2-i586-1_slack14.2.txz: Upgraded. This update addresses bugs including security and stability issues: A NULL pointer dereference occurs for an "empty" nick. Certain nick names could result in out-of-bounds access when printing theme strings. Crash due to a NULL pointer dereference w hen the number of windows exceeds the available space. Use-after-free when SASL messages are received in an unexpected order. Use-after-free when a server is disconnected during netsplits. Use-after-free when hidden lines were expired from the scroll buffer. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5882 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/irssi-1.1.2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/irssi-1.1.2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/irssi-1.1.2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/irssi-1.1.2-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/irssi-1.1.2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/irssi-1.1.2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/irssi-1.1.2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/irssi-1.1.2-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 118b1b29671bdc6baf5395e6f61a01cb irssi-1.1.2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 64ba78a75fc90f87a07d46dc83401ec3 irssi-1.1.2-x86_64-1_slack14.0.txz Slackware 14.1 package: 4041a1c4e5c085cfb3620bf96060fe86 irssi-1.1.2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 1c0e906da9e4b661296f568239ed9cd9 irssi-1.1.2-x86_64-1_slack14.1.txz Slackware 14.2 package: f0b3aaad26e6f973d02d4787ecc55d36 irssi-1.1.2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: de513f411e82498d0e8a5ee928f67fcc irssi-1.1.2-x86_64-1_slack14.2.txz Slackware -current package: 2305420644a7a6f787616ddb14f9249a n/irssi-1.1.2-i586-1.txz Slackware x86_64 -current package: 2b657957f83393f58e729442cee236a9 n/irssi-1.1.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg irssi-1.1.2-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlw5B7oACgkQakRjwEAQIjPKLACfYLWH/a8q1tjT8/GNh1ahKLhM f5AAn0haLyqG6C7DgX3qP/t1aFLnafMb =BGZt -END PGP SIGNATURE-
[slackware-security] netatalk (SSA:2018-355-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] netatalk (SSA:2018-355-01) New netatalk packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz: Upgraded. Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/netatalk-3.1.12-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/netatalk-3.1.12-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/netatalk-3.1.12-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/netatalk-3.1.12-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/netatalk-3.1.12-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.1.12-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.1.12-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 432b5ce04bc190f3b2adeb0b5cc38038 netatalk-3.1.12-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 88f1941d9ecbf3396f980b3991974e40 netatalk-3.1.12-x86_64-1_slack14.0.txz Slackware 14.1 package: 7721f598bf7727c96f8212584183a391 netatalk-3.1.12-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5de343d3978db5139b2075ac15d72b07 netatalk-3.1.12-x86_64-1_slack14.1.txz Slackware 14.2 package: eb213699f58c6b08908bda9df86571d8 netatalk-3.1.12-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 9e7f5b18ab91dc69a2b4326f563c0682 netatalk-3.1.12-x86_64-1_slack14.2.txz Slackware -current package: dcf24ac0ff6cf0e1e0704cb3f0f35dc3 n/netatalk-3.1.12-i586-1.txz Slackware x86_64 -current package: efaab6db914d27191fddfdd409fcb0b1 n/netatalk-3.1.12-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg netatalk-3.1.12-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwdxscACgkQakRjwEAQIjMmkwCffwsX8TRT8L+Ymtwwif7HSrgZ qAYAn02bfnf6sOXXxWYTPJBuzVwv3jR5 =UBLh -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2018-345-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-345-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-17466 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.4.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.4.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.4.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 01fc1f59b80c29dbb901552d8b0ec41b mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 17521ad9bda9ac063c1bf9996e08bc48 mozilla-firefox-60.4.0esr-x86_64-1_slack14.2.txz Slackware -current package: 8bcc85863ba42906f71d9e63927df710 xap/mozilla-firefox-60.4.0esr-i686-1.txz Slackware x86_64 -current package: acde0468c7113e753c03cc26818cd5b1 xap/mozilla-firefox-60.4.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwQilUACgkQakRjwEAQIjPFVgCfVgintEFQRqsOyMFqEc8zRZkf MBMAn3qGafQIWubh1fZUOfa2igiIGusM =48Pb -END PGP SIGNATURE-
[slackware-security] php (SSA:2018-341-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2018-341-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ Several security bugs have been fixed in this release: Segfault when using convert.quoted-printable-encode filter. Null pointer dereference in imap_mail. imap_open allows to run arbitrary shell commands via mailbox parameter. PharData always creates new files with mode 0666. Heap Buffer Overflow (READ: 4) in phar_parse_pharfile. For more information, see: https://php.net/ChangeLog-5.php#5.6.39 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.39-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.39-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.39-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.39-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.39-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.39-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.2.13-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.2.13-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 78c5a8b2d5a8aa43c781957bb680eedb php-5.6.39-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f73a7ccc351ea7ccbdb0d113b70763a5 php-5.6.39-x86_64-1_slack14.0.txz Slackware 14.1 package: 91bb5c34252e48d876df6a8616867999 php-5.6.39-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b6fe41853e097164c774b1215bf2b4a2 php-5.6.39-x86_64-1_slack14.1.txz Slackware 14.2 package: 185efd8bddcb02ac0b3a75e759cbc0e8 php-5.6.39-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0c3f03445509cad73b1570b4575e00da php-5.6.39-x86_64-1_slack14.2.txz Slackware -current package: 4d0aab33ad6405fd71ee5a4330a7b894 n/php-7.2.13-i586-1.txz Slackware x86_64 -current package: f172ef4f37b3956b524a465c8bc93f80 n/php-7.2.13-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg php-5.6.39-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwKzMEACgkQakRjwEAQIjPl8QCdH0G1uTigEM2RRDFASg4592a6 +wsAnRdbOBHuGMUB03+OfgXb9mmUY4Hs =s8Ep -END PGP SIGNATURE-
[slackware-security] gnutls (SSA:2018-339-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] gnutls (SSA:2018-339-01) New gnutls packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and padding oracle verification. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnutls-3.6.5-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.6.5-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.6.5-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: b6d0f623037be33241d775309789c68d gnutls-3.6.5-i586-1_slack14.2.txz Slackware x86_64 14.2 package: c62a1095b96d22baa335bab1861d1e89 gnutls-3.6.5-x86_64-1_slack14.2.txz Slackware -current package: 71c3d86add556f4e131ffe223a83510b n/gnutls-3.6.5-i586-1.txz Slackware x86_64 -current package: dcb1a9dd8dd52dab978dc7c48270d986 n/gnutls-3.6.5-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg gnutls-3.6.5-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwIrMEACgkQakRjwEAQIjN6bwCdFXf8vSZAnPKelJOTCnKEDNTs rSwAmwUiDMVA5O1fYRTOgl6Wop73Pe6m =XFnh -END PGP SIGNATURE-
[slackware-security] nettle (SSA:2018-339-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] nettle (SSA:2018-339-02) New nettle packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ This update fixes a security issue: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/nettle-3.4.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/nettle-3.4.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/nettle-3.4.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/nettle-3.4.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: c6de13f9cee0858201167f4ea80f9e7e nettle-3.4.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: b5ec0a91adbae67e47b171edc8d56c07 nettle-3.4.1-x86_64-1_slack14.2.txz Slackware -current package: 7cfd26bc36e36d31a28b9eff05db19dc n/nettle-3.4.1-i586-1.txz Slackware x86_64 -current package: 360104d8c25975e85496f6801aedbafa n/nettle-3.4.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg nettle-3.4.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwIrMMACgkQakRjwEAQIjM69wCePGcbQO07rue7luIwOAoVKZth DLQAn1KyxU+hJvCKAH/QF8exU2J4u9Ny =KAzU -END PGP SIGNATURE-
[slackware-security] mozilla-nss (SSA:2018-337-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-nss (SSA:2018-337-01) New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-nss-3.40.1-i586-1_slack14.2.txz: Upgraded. Upgraded to nss-3.40.1 and nspr-4.20. Mitigate cache side-channel variant of the Bleichenbacher attack. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-nss-3.23-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-nss-3.23-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-nss-3.40.1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-nss-3.40.1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-nss-3.40.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-nss-3.40.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/mozilla-nss-3.40.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/mozilla-nss-3.40.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 477aad77295cdad06550ec789db125ed mozilla-nss-3.23-i486-1_slack14.0.txz Slackware x86_64 14.0 package: da2b0d54d5bab3d60766691fefbfe59e mozilla-nss-3.23-x86_64-1_slack14.0.txz Slackware 14.1 package: 2b87e41ebe92bb411f9ba6c7b3dc90a3 mozilla-nss-3.40.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 97f5628b15deea966d2e3a53cbf63e41 mozilla-nss-3.40.1-x86_64-1_slack14.1.txz Slackware 14.2 package: 6d3340c45970475bc3aa8329f82c8f1c mozilla-nss-3.40.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0b07bd47fca120a143111804aa70bdd3 mozilla-nss-3.40.1-x86_64-1_slack14.2.txz Slackware -current package: 3b130c0c68b8283c5e243a5a23cfa368 l/mozilla-nss-3.40.1-i586-1.txz Slackware x86_64 -current package: 7191a0d1e6d618e89a0e5014bde3f29e l/mozilla-nss-3.40.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-nss-3.40.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlwFmW0ACgkQakRjwEAQIjMy5ACglHZ3Ek0Nc9wkgnE2Jq5BKoIw tw4AoIv/2uBYpCvDqb8FihezvSaerVtt =OLoH -END PGP SIGNATURE-
[slackware-security] samba (SSA:2018-333-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] samba (SSA:2018-333-01) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/samba-4.6.16-i586-2_slack14.2.txz: Rebuilt. This update patches some security issues: CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported) CVE-2018-16857: Bad password count in AD DC not always effective For more information, see: https://www.samba.org/samba/security/CVE-2018-14629.html https://www.samba.org/samba/security/CVE-2018-16841.html https://www.samba.org/samba/security/CVE-2018-16851.html https://www.samba.org/samba/security/CVE-2018-16852.html https://www.samba.org/samba/security/CVE-2018-16853.html https://www.samba.org/samba/security/CVE-2018-16857.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/samba-4.6.16-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/samba-4.6.16-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.6.16-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.6.16-x86_64-2_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/samba-4.6.16-i586-2_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/samba-4.6.16-x86_64-2_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.9.3-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.9.3-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: ef6b5b109beaee70cf8a558dcc3ff3d4 samba-4.6.16-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 40b897540a27eb5daa3329a0e50fe0e8 samba-4.6.16-x86_64-2_slack14.0.txz Slackware 14.1 package: 2bd298c4af25f04a1b24d2283bc0df4d samba-4.6.16-i486-2_slack14.1.txz Slackware x86_64 14.1 package: 8b31d1ae2e0da78e54c8add50b2022d8 samba-4.6.16-x86_64-2_slack14.1.txz Slackware 14.2 package: 39da6c1775ca9510669591c32c13a9de samba-4.6.16-i586-2_slack14.2.txz Slackware x86_64 14.2 package: 79c2c4737179478277293fdf9400f056 samba-4.6.16-x86_64-2_slack14.2.txz Slackware -current package: 8bee5f6f44e1110adfd30378cdb95664 n/samba-4.9.3-i586-1.txz Slackware x86_64 -current package: 3b8e722a64af8a0190574ee4c5618e5b n/samba-4.9.3-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg samba-4.6.16-i586-2_slack14.2.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email
[slackware-security] openssl (SSA:2018-325-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2018-325-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures, and a side channel attack on DSA signature generation that could allow an attacker to recover the private key. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com +
[slackware-security] libtiff (SSA:2018-316-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libtiff (SSA:2018-316-01) New libtiff packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz: Upgraded. This update fixes some denial of service security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libtiff-4.0.10-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-4.0.10-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-4.0.10-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 1db916b29f97551ae91a53f01223c4d9 libtiff-4.0.10-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e148369b44d5ae5a7d4c25ad886a08ab libtiff-4.0.10-x86_64-1_slack14.2.txz Slackware -current package: dd17ed4305097923f47f55e06ab227f2 l/libtiff-4.0.10-i586-1.txz Slackware x86_64 -current package: 08ba21f3c8418f4c5e47919969592121 l/libtiff-4.0.10-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libtiff-4.0.10-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlvqXlYACgkQakRjwEAQIjNGZwCcCzN9aLDHQaCUO1dA52NgRqki jkAAn2SLElSqH7m2RfzOg/GiLDuLi1KH =DkKG -END PGP SIGNATURE-
[slackware-security] mariadb (SSA:2018-309-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mariadb (SSA:2018-309-01) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mariadb-10.0.37-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.62-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.62-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.37-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.37-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.3.10-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.3.10-x86_64-1.txz MD5 signatures: +-+ Slackware 14.1 package: 6c8b042978625c4e63f97d6cd6931c03 mariadb-5.5.62-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fc97acd4523289ddbbabaaff0a7adc2d mariadb-5.5.62-x86_64-1_slack14.1.txz Slackware 14.2 package: 4da62611058ab98c0c91db639fee034a mariadb-10.0.37-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 8b9bd830c4c85e9fe6b4020c21ff4f9e mariadb-10.0.37-x86_64-1_slack14.2.txz Slackware -current package: 867661e239c568d0ff8a1e9d02d987d0 ap/mariadb-10.3.10-i586-1.txz Slackware x86_64 -current package: 2aafe837dfcd532032b57a0b7a19735c ap/mariadb-10.3.10-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mariadb-10.0.37-i586-1_slack14.2.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlvhEasACgkQakRjwEAQIjO6TgCfQ5zzKlBstE2ZHBEKSROFJL/X 4rMAnRasohPwaK0tFBDQUD5nIGBsoBQL =Kpcc -END PGP SIGNATURE-
[slackware-security] curl (SSA:2018-304-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2018-304-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/curl-7.62.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: SASL password overflow via integer overflow. Use-after-free in handle close. Warning message out-of-buffer read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.62.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.62.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.62.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.62.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.62.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.62.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.62.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.62.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: a4b8a0757bedd75e94be1ff3ae5c0bbe curl-7.62.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 5c68e645e220e02c61aaa659269956f9 curl-7.62.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 9b196b30aef3aae4d8b6aeab0757c0b3 curl-7.62.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 7deb522d39e254e9156fd81298b2c084 curl-7.62.0-x86_64-1_slack14.1.txz Slackware 14.2 package: aaf133c0a0c3ed588c1a410411acb628 curl-7.62.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3af015f7d4e5ba7b70ed9317359a8f15 curl-7.62.0-x86_64-1_slack14.2.txz Slackware -current package: 2f32a6f369233fba579538faddc60323 n/curl-7.62.0-i586-1.txz Slackware x86_64 -current package: 225764cacf3d5591fc131318e7ab9023 n/curl-7.62.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg curl-7.62.0-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlvaMdEACgkQakRjwEAQIjMsNACfaFIkz4q2TES73Xe0WWzCHaXC UtUAn1vdzGyH0/rHlx6Tpq+QeiwZ70Vc =VNmD -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2018-296-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-296-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.3.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.3.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.3.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.3.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 342b85674b99b7b863d81cf154165122 mozilla-firefox-60.3.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 27cb706f0f0fe7ea3d565fe91f54ff39 mozilla-firefox-60.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: 2376d3e8ee0b12fcdda076ad6e793c39 xap/mozilla-firefox-60.3.0esr-i686-1.txz Slackware x86_64 -current package: 9a85ec4acc791c801810c16f3c28b3cf xap/mozilla-firefox-60.3.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.3.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlvOrigACgkQakRjwEAQIjMSvwCeJEcqAJAZvHpfzpWEQrwZo348 5AUAniJ3KWlYZgTIjX5NVPbjLHRrGM6R =ghlj -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2018-276-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-276-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.2.2esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12387 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.2.2esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.2.2esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.2.2esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.2.2esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 6a2487e826dde5fd80bb4e727adf93e7 mozilla-firefox-60.2.2esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: bd501d86faca76521d3faecf05ccbe56 mozilla-firefox-60.2.2esr-x86_64-1_slack14.2.txz Slackware -current package: 3979303d41d9e13c76093252bfc59a0f xap/mozilla-firefox-60.2.2esr-i686-1.txz Slackware x86_64 -current package: d64e16549823c0dcd902719e457ddd49 xap/mozilla-firefox-60.2.2esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.2.2esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlu0VEsACgkQakRjwEAQIjOsSQCeJsdBfwQkUA2Mg6MfoZtIxqpN SWsAnRQ2osEdDgj9Vs5BKSgsgoxXhML2 =1wqL -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2018-265-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-265-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.2.1esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.2.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.2.1esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 78eb6398d14511de491425e358670ac1 mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: e054cddedab4f816f9d620a82c37161e mozilla-firefox-60.2.1esr-x86_64-1_slack14.2.txz Slackware -current package: fab5c7ebb3898e4a1cb6997a62c64793 xap/mozilla-firefox-60.2.1esr-i686-1.txz Slackware x86_64 -current package: 0a72f509c4ada2b4a298d06d506253c7 xap/mozilla-firefox-60.2.1esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlumxW4ACgkQakRjwEAQIjM2QgCePXB3pUMGTi8h/SxgkRsiTnOL OiMAnRyqmG9PONhqQyOFdwf9VUHGVP3F =sKHi -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2018-264-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-264-01) New kernel packages are available for Slackware 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.157/*: Upgraded. This kernel removes the unnecessary vmacache_flush_all code which could have led to a use-after-free situation and potentially local privilege escalation. In addition, it fixes some regressions which may have led to diminished X performance. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-firmware-20180913_44d4fca-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-generic-4.4.157-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-generic-smp-4.4.157_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-headers-4.4.157_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-huge-4.4.157-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-huge-smp-4.4.157_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-modules-4.4.157-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-modules-smp-4.4.157_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-source-4.4.157_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-firmware-20180913_44d4fca-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-generic-4.4.157-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-headers-4.4.157-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-huge-4.4.157-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-modules-4.4.157-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-source-4.4.157-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: 4cbc3917d30e3ec997f23aadfbb20d2f kernel-firmware-20180913_44d4fca-noarch-1.txz df3e3e6e806a744b5c2a85ca9a581666 kernel-generic-4.4.157-i586-1.txz 4786d7445be8ff55f83be49ac7762703 kernel-generic-smp-4.4.157_smp-i686-1.txz c1a300d12e24e2321e0b9b30cddbdf5f kernel-headers-4.4.157_smp-x86-1.txz b19ce77fa8dd71de87f79237619610bf kernel-huge-4.4.157-i586-1.txz 0e3bfc4ca162f7e804f9503355d85bec kernel-huge-smp-4.4.157_smp-i686-1.txz 8bf4a2236dae7c3c4bdbac5df2e4818e kernel-modules-4.4.157-i586-1.txz edaaa0d85fba3e7181f94ab8c3f21dfb kernel-modules-smp-4.4.157_smp-i686-1.txz 0f67c5ebc78917d5e94bf07bcdefb8b6 kernel-source-4.4.157_smp-noarch-1.txz Slackware x86_64 14.2 packages: 4cbc3917d30e3ec997f23aadfbb20d2f kernel-firmware-20180913_44d4fca-noarch-1.txz 4e50bbe9a3b7232aeb0679eda5325f87 kernel-generic-4.4.157-x86_64-1.txz ef8d303cfa4855d39a28f94181752936 kernel-headers-4.4.157-x86-1.txz 9f531d40bd2151bc0276f8cb5342c38c kernel-huge-4.4.157-x86_64-1.txz 9911b7530358ba7877eacc8bf1c7d215 kernel-modules-4.4.157-x86_64-1.txz 91cfbd23a457cdf43ddcfd6b4ae567a5 kernel-source-4.4.157-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.157-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd
[slackware-security] php (SSA:2018-257-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2018-257-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/php-5.6.38-i586-1_slack14.2.txz: Upgraded. One security bug has been fixed in this release: Apache2: XSS due to the header Transfer-Encoding: chunked For more information, see: https://php.net/ChangeLog-5.php#5.6.38 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.38-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.38-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.38-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.38-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.38-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.38-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.2.10-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.2.10-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: ad5fca90b02bfdaf0ec6dc4b75c119ee php-5.6.38-i486-1_slack14.0.txz Slackware x86_64 14.0 package: e1ae9acc6cbffe533d57ea18d06875bb php-5.6.38-x86_64-1_slack14.0.txz Slackware 14.1 package: d19e2d8131fab3808c14b827bc3a195f php-5.6.38-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 62d2e74591d5fc9ef6ab41dfe509fc43 php-5.6.38-x86_64-1_slack14.1.txz Slackware 14.2 package: 4411520ef83c9cadd0eac17c9b33f8ef php-5.6.38-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 9dcbc800e62882d13dcedc1930a68911 php-5.6.38-x86_64-1_slack14.2.txz Slackware -current package: f4311e3990ee91fcd92269b26d6c3604 n/php-7.2.10-i586-1.txz Slackware x86_64 -current package: 4d48395a12865252b5828cb046dcfc92 n/php-7.2.10-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg php-5.6.38-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlucK1QACgkQakRjwEAQIjMvFgCePsRV/ULf0ekOqcrb1txpzVjg 1pAAn1E09MX6xAGxMHiFkUqb5gs+3yT4 =qp7t -END PGP SIGNATURE-
[slackware-security] ghostscript (SSA:2018-256-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] ghostscript (SSA:2018-256-01) New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/ghostscript-9.25-i586-1_slack14.2.txz: Upgraded. This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ghostscript-9.25-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ghostscript-9.25-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/ghostscript-9.25-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/ghostscript-9.25-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 851e5ee1c6074102149b496cb2845f16 ghostscript-9.25-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 1bab4da8c84e23d3ca67e952f672f37b ghostscript-9.25-x86_64-1_slack14.2.txz Slackware -current package: 28ed396ab406f6363dce14a7d5b7aac5 ap/ghostscript-9.25-i586-1.txz Slackware x86_64 -current package: eb1760bb74ba289abbcac1f3d81107f4 ap/ghostscript-9.25-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg ghostscript-9.25-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlua25UACgkQakRjwEAQIjPALgCfegDjini1uT7GVzjQAE4G7bdC UvsAnAxdFOG9su43K1Rzr3f634Cwld0v =q7Pk -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04) New mozilla-thunderbird packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-thunderbird-60.0-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/ (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.0-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.0-i686-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.0-x86_64-2.txz MD5 signatures: +-+ Slackware 14.2 package: e7308af192cfb4c5413b1c213d3aa563 mozilla-thunderbird-60.0-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a25acbbc4045f0d584e3a792d6d53d9d mozilla-thunderbird-60.0-x86_64-1_slack14.2.txz Slackware -current package: 3f49e6ae783a0b00f5c8d3ffea30ba59 xap/mozilla-thunderbird-60.0-i686-2.txz Slackware x86_64 -current package: 6c101f5b87b6ea889fd591cb6df9a96d xap/mozilla-thunderbird-60.0-x86_64-2.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-60.0-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAluQuYAACgkQakRjwEAQIjP5nQCfR4vymN1j1PvwhQ1lhXxQNNcr QSQAmwa2TCk0rksJz4J50v1WcPm0ZR7J =Cakg -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2018-249-03)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-249-03) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.2.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.2.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.2.0esr-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 32278345f4b7a9cb0ff02c3bc8e04abb mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: 481c7228e9aa9254b5a2fa4578093f81 mozilla-firefox-60.2.0esr-x86_64-1_slack14.2.txz Slackware -current package: 3d3c927841c9f031f8d8ec547e94ec8f xap/mozilla-firefox-60.2.0esr-i686-1.txz Slackware x86_64 -current package: 26e23f3fefe69405c01edffcedb6034b xap/mozilla-firefox-60.2.0esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAluQuX4ACgkQakRjwEAQIjMzOgCfcHc4fULkWDxK7oJNmvaKCIpW tXkAnAp/nfw1PGIs33KYr8mhnTAZJDuw =JzNO -END PGP SIGNATURE-
[slackware-security] curl (SSA:2018-249-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2018-249-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded. This update fixes an NTLM password overflow via integer overflow. For more information, see: https://curl.haxx.se/docs/CVE-2018-14618.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: d6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz Slackware 14.1 package: fff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz Slackware 14.2 package: e130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz Slackware -current package: 7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz Slackware x86_64 -current package: b96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg curl-7.61.1-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAluQuXoACgkQakRjwEAQIjNQpQCfV+JwZCkgsEJKAdUkX/R2yAmK O3EAniuqSmYEIYEoUqijofglDbxfsJIh =KHZZ -END PGP SIGNATURE-
[slackware-security] ghostscript (SSA:2018-249-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] ghostscript (SSA:2018-249-02) New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/ghostscript-9.24-i586-1_slack14.2.txz: Upgraded. Patched multiple -dSAFER sandbox bypass vulnerabilities. Thanks to Tavis Ormandy. For more information, see: https://www.ghostscript.com/doc/9.24/News.htm https://www.kb.cert.org/vuls/id/332928 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ghostscript-9.24-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ghostscript-9.24-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/ghostscript-9.24-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/ghostscript-9.24-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 31db329be5c3d8f4e9180b4a6388532f ghostscript-9.24-i586-1_slack14.2.txz Slackware x86_64 14.2 package: c46941538e179ca8351596f2877bd5f7 ghostscript-9.24-x86_64-1_slack14.2.txz Slackware -current package: 575de8c5b4f34bf362bec25dd7044ecc ap/ghostscript-9.24-i586-1.txz Slackware x86_64 -current package: c5d7538a368994111f3f9e4d7f024721 ap/ghostscript-9.24-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg ghostscript-9.24-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAluQuXwACgkQakRjwEAQIjNPRACeNWW8ZpZUSt4f9aHaz1fyfVcC p/EAn2XCQU9U9skx4/uTzHFKIIEwMX1e =forG -END PGP SIGNATURE-
[slackware-security] Slackware 14.2 kernel (SSA:2018-240-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/linux-4.4.153/*: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz MD5 signatures: +-+ Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are no
[slackware-security] libX11 (SSA:2018-233-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libX11 (SSA:2018-233-01) New libX11 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/libX11-1.6.6-i586-1_slack14.2.txz: Upgraded. This update fixes some security issues: Fixed crash on invalid reply (CVE-2018-14598). Fixed off-by-one writes (CVE-2018-14599). Fixed out of boundary write (CVE-2018-14600). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libX11-1.6.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libX11-1.6.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libX11-1.6.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libX11-1.6.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libX11-1.6.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libX11-1.6.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libX11-1.6.6-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libX11-1.6.6-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 9bb8475057d8a2608b2fd12c0a1cbd21 libX11-1.6.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 58161eb995afd54e46c54ac7f8514863 libX11-1.6.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 12b07f273428650137f8f1ed7e8a47ee libX11-1.6.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 9e3744bcdbeb040bf74e1cf60e65a6e3 libX11-1.6.6-x86_64-1_slack14.1.txz Slackware 14.2 package: e8dce4b7c0084e08cf5e98b01623e96d libX11-1.6.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0066b709becabab5661427863f9cbc37 libX11-1.6.6-x86_64-1_slack14.2.txz Slackware -current package: 6ec3f2b5f2f314f5e9360e54864c70e5 x/libX11-1.6.6-i586-1.txz Slackware x86_64 -current package: 44e4bd7fd0842ff5f980d812828e78e9 x/libX11-1.6.6-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg libX11-1.6.6-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlt8XK4ACgkQakRjwEAQIjOvFwCdGaLZ7IhPJG3l5aDdlfrsIZJ4 4bkAn2gUXrsSmYnTVO3F+Y5grweBzchg =sDQy -END PGP SIGNATURE-
[slackware-security] ntp (SSA:2018-229-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] ntp (SSA:2018-229-01) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz: Upgraded. This release improves on one security fix in ntpd: LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7 and with significant additional protections for this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in the new noepeer support. Originally reported by Matt Van Gundy of Cisco. Edge-case hole reported by Martin Burnicki of Meinberg. And fixes another security issue in ntpq and ntpdc: LOW: Sec 3505: The openhost() function used during command-line hostname processing by ntpq and ntpdc can write beyond its buffer limit, which could allow an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. Reported by Fakhri Zulkifli. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p12-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p12-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p12-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p12-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p12-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p12-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p12-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 4a4cc8e4dc6964dc4521058ce776ce4e ntp-4.2.8p12-i486-1_slack14.0.txz Slackware x86_64 14.0 package: d3a0c36c39e1c0cf5e3b8707f948a180 ntp-4.2.8p12-x86_64-1_slack14.0.txz Slackware 14.1 package: 7c42e1d9fa476c162be9375a7b662654 ntp-4.2.8p12-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 75472911bb9a76a949c94aa21471f6f0 ntp-4.2.8p12-x86_64-1_slack14.1.txz Slackware 14.2 package: 2ecd58c0cb1f6d035b36de9098e0d075 ntp-4.2.8p12-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 96844a4152a8dba26ed73d91662122ce ntp-4.2.8p12-x86_64-1_slack14.2.txz Slackware -current package: dc3f52b871f3edc1a64e2d9ef1649591 n/ntp-4.2.8p12-i586-1.txz Slackware x86_64 -current package: ecd43289b917c81e682b9b00077c1409 n/ntp-4.2.8p12-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg ntp-4.2.8p12-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | +---
[slackware-security] samba (SSA:2018-229-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] samba (SSA:2018-229-02) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/samba-4.6.16-i586-1_slack14.2.txz: Upgraded. This is a security release in order to address the following defects: Insufficient input validation on client directory listing in libsmbclient. A malicious server could return a directory entry that could corrupt libsmbclient memory. Confidential attribute disclosure from the AD LDAP server. Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions. For more information, see: https://www.samba.org/samba/security/CVE-2018-10858.html https://www.samba.org/samba/security/CVE-2018-10919.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/samba-4.6.16-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/samba-4.6.16-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.6.16-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.6.16-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/samba-4.6.16-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/samba-4.6.16-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.8.4-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.8.4-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: 77145495c7596179c765c11515034dee samba-4.6.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: a30325cb28bdc8962baf2ed7d9825490 samba-4.6.16-x86_64-1_slack14.0.txz Slackware 14.1 package: a3ecca12612b54c71cf8ac1a2bb345a4 samba-4.6.16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ca7abaf3b91a765d14f2932ef2d4bba9 samba-4.6.16-x86_64-1_slack14.1.txz Slackware 14.2 package: 19ee8695015ead96d142a7f076def5d5 samba-4.6.16-i586-1_slack14.2.txz Slackware x86_64 14.2 package: dd0fee60c7b8c21d18f1d9fda5f7963a samba-4.6.16-x86_64-1_slack14.2.txz Slackware -current package: 843aa03e813d10d25216cb2b0fb2884d n/samba-4.8.4-i586-1.txz Slackware x86_64 -current package: d6ec2116d531e3b3e17b3c4b54fa645c n/samba-4.8.4-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg samba-4.6.16-i586-1_slack14.2.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlt2/eQACgkQakRjwEAQIjOiXQCeMPVdtwCOirC27z8I2FZhS9Ik 6aMAnA08d0oGyDEn+/0QoseSrV3vOzfI =KtVB -END PGP SIGNATURE-
[slackware-security] openssl (SSA:2018-226-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2018-226-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz: Upgraded. This update fixes two low severity security issues: Client DoS due to large DH parameter. Cache timing vulnerability in RSA Key Generation. For more information, see: https://www.openssl.org/news/secadv/20180612.txt https://www.openssl.org/news/secadv/20180416.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737 (* Security fix *) patches/packages/openssl-solibs-1.0.2p-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2p-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2p-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2p-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.0i-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.0i-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.0i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.0i-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 packages: cf7c40e9c66711e028671a7bb38abd99 openssl-1.0.2p-i586-1_slack14.2.txz d2850088b0aed90a45aa250ebffad451 openssl-solibs-1.0.2p-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 9d42083aaf9c4854928ec380307ebabb openssl-1.0.2p-x86_64-1_slack14.2.txz fd566d85eb3c5cbd82e90b7215b61c91 openssl-solibs-1.0.2p-x86_64-1_slack14.2.txz Slackware -current packages: bd79b75ed5522f75945612c2e2f5dcb8 a/openssl-solibs-1.1.0i-i586-1.txz 9aaa879284e70161ee40224c2b4660e3 n/openssl-1.1.0i-i586-1.txz Slackware x86_64 -current packages: dadf088e88d02b583c21b1855ba875b5 a/openssl-solibs-1.1.0i-x86_64-1.txz 3ee4aa3c24eb8be63ed67a5391edffe4 n/openssl-1.1.0i-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-*.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAltzXZsACgkQakRjwEAQIjMXXACghwb976ZpgZ/plicmvLqzI6JF VLsAn233hdtdBijBC0UT0PZpBYsxb8ZK =qRqS -END PGP SIGNATURE-
[slackware-security] lftp (SSA:2018-214-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/lftp-4.8.4-i586-1_slack14.2.txz: Upgraded. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/lftp-4.8.4-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/lftp-4.8.4-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/lftp-4.8.4-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/lftp-4.8.4-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/lftp-4.8.4-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/lftp-4.8.4-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/lftp-4.8.4-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/lftp-4.8.4-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: b303a9afed31b7e1e63fd89f97b930b9 lftp-4.8.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 5f9f3d0523f105f2b9208605a0f8ce8f lftp-4.8.4-x86_64-1_slack14.0.txz Slackware 14.1 package: a8bc385e644200237999bdf998ebd6cd lftp-4.8.4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 7d12b70c48cba62ca3b4e76a6a14c5d2 lftp-4.8.4-x86_64-1_slack14.1.txz Slackware 14.2 package: 52f999b2dd00680235b93dd8de488d49 lftp-4.8.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0a90effcd6dea9f0957d8d72475d0d51 lftp-4.8.4-x86_64-1_slack14.2.txz Slackware -current package: c8bdc8b30de7eb688b832a20b23d8578 n/lftp-4.8.4-i586-1.txz Slackware x86_64 -current package: a1340ec3d270601cfb9c05379ddcf7df n/lftp-4.8.4-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg lftp-4.8.4-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAltjZkQACgkQakRjwEAQIjMzyQCff5GDd+V8XHstP7vRnevCKiO6 sBUAnjwfKaQic7sF5UYjLpRaWh927/38 =8IDa -END PGP SIGNATURE-
[slackware-security] blueman (SSA:2018-213-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] blueman (SSA:2018-213-01) New blueman packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/blueman-2.0.6-i586-1_slack14.2.txz: Upgraded. This update fixes an issue where blueman-mechanism did not enforce the polkit action 'org.blueman.network.setup' for which a polkit policy is shipped. This meant that any user with access to the D-Bus system bus was able to access the related API without authentication. The result was an unspecified impact on the networking stack. Thanks to Matthias Gerstner for discovering this issue. (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/blueman-2.0.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/blueman-2.0.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/blueman-2.0.6-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/blueman-2.0.6-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 package: 408e8b08dd6014d6768cfba739940bd5 blueman-2.0.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4f3ac84da15d5e60b31da00cf91dc756 blueman-2.0.6-x86_64-1_slack14.2.txz Slackware -current package: 75b9bd804aba2b57cb3202f145c43655 xap/blueman-2.0.6-i586-1.txz Slackware x86_64 -current package: e980f38b812ea25bf99bf71597c9e955 xap/blueman-2.0.6-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg blueman-2.0.6-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAltiSagACgkQakRjwEAQIjOkqwCeP52/ZfyU4trgRF0BVYXU6UAO /GsAoJG4Ke6/KKyUHp8E8di69gI2ltHv =wnPK -END PGP SIGNATURE-
[slackware-security] seamonkey (SSA:2018-212-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-212-02) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/seamonkey-2.49.4-i586-1_slack14.2.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/seamonkey2.49.4 (* Security fix *) patches/packages/seamonkey-solibs-2.49.4-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-2.38-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-solibs-2.38-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-2.38-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-solibs-2.38-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-2.46-i486-3_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-solibs-2.46-i486-3_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-2.46-x86_64-3_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-solibs-2.46-x86_64-3_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-2.49.4-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-solibs-2.49.4-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-2.49.4-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-solibs-2.49.4-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.49.4-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.49.4-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.49.4-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.49.4-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 packages: 7f0694fec0c1debad2280d322e5d3489 seamonkey-2.38-i486-1_slack14.0.txz 4589273ce83a9de8585007298cf2a29b seamonkey-solibs-2.38-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: dcdeb252ad43afdfb45b7b1915d82c77 seamonkey-2.38-x86_64-1_slack14.0.txz 151654615bacbbce0e9380e5a0c03298 seamonkey-solibs-2.38-x86_64-1_slack14.0.txz Slackware 14.1 packages: 30e64160121118bbccf58afb2503fd50 seamonkey-2.46-i486-3_slack14.1.txz bfe2ae4f980b6c5769fd7469eb01faca seamonkey-solibs-2.46-i486-3_slack14.1.txz Slackware x86_64 14.1 packages: 7e981e36f3195466a0b2a219aa28a7bc seamonkey-2.46-x86_64-3_slack14.1.txz 38bf4f3c86921cb65cd2d758d22abe67 seamonkey-solibs-2.46-x86_64-3_slack14.1.txz Slackware 14.2 packages: 29cfb9a6f4c115428656fa9813f62675 seamonkey-2.49.4-i586-1_slack14.2.txz bb8f398ce880596493e0b4a43f614ecf seamonkey-solibs-2.49.4-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 5ef8bf07309dfe36fa0e56dbed682e02 seamonkey-2.49.4-x86_64-1_slack14.2.txz ee4f36e54015459dc4ec6d9b5a2dccc7 seamonkey-solibs-2.49.4-x86_64-1_slack14.2.txz Slackware -current packages: 89b649b7bb5f7c8d7f80743a274626da l/seamonkey-solibs-2.49.4-i586-1.txz 298ac3392a833b6b591e17ce178f4166 xap/seamonkey-2.49.4-i586-1.txz Slackware x86_64 -current packages: d416c64ef9b5d2c030596d87cdd6539d l/seamonkey-solibs-2.49.4-x86_64-1.txz cab8320ec003e8e552b1b2e13377e40b xap/seamonkey-2.49.4-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg seamonkey-2.49.4-i586-1_slack14.2.txz seamonkey-solibs-2.49.4-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email