LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-26-2016, 12:52 PM   #481
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649

Firefox 44.0 fixes the following:
https://www.mozilla.org/en-US/securi...ities/firefox/
https://ftp.mozilla.org/pub/firefox/....source.tar.xz

Last edited by mats_b_tegner; 01-26-2016 at 12:55 PM.
 
Old 01-27-2016, 05:30 AM   #482
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware
Posts: 946

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
cURL 7.47.0 is out. Fixes CVEs 2016-0754 and 2016-0755:
http://curl.haxx.se/changes.html#7_47_0
http://curl.haxx.se/download/curl-7.47.0.tar.bz2
http://curl.haxx.se/download/curl-7.47.0.tar.bz2.asc

Last edited by mats_b_tegner; 01-27-2016 at 05:32 AM.
 
Old 01-28-2016, 10:55 AM   #483
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,015

Rep: Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186
openssl-1.0.2f has been released.

Severity: High. DH small subgroups (CVE-2016-0701)

Advisory here, https://www.openssl.org/news/secadv/20160128.txt

Last edited by cwizardone; 01-28-2016 at 10:56 AM. Reason: openssl-1.0.2f has been released.
 
1 members found this post helpful.
Old 01-28-2016, 11:36 AM   #484
elcore
Senior Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 1,747

Rep: Reputation: Disabled
There are bots in ntp servers sniffing for open ports.
Recommend: Disable ntp
 
Old 02-07-2016, 01:00 AM   #485
cowlitzron
Member
 
Registered: Feb 2011
Location: Washington state
Distribution: Devuan Daedalus 5.0, C4C Ubuntu 22.04
Posts: 190

Rep: Reputation: 37
libsndfile 1.0.26 was released fixing CVE-2015-7805, CVE-2014-9756, AND CVE-2014-9496. Two of the CVSS severities are listed as high.

http://www.mega-nerd.com/libsndfile/...-1.0.26.tar.gz
 
Old 02-07-2016, 01:06 AM   #486
gmgf
Senior Member
 
Registered: Jun 2012
Location: Bergerac, France
Distribution: Slackware
Posts: 2,185

Rep: Reputation: 985Reputation: 985Reputation: 985Reputation: 985Reputation: 985Reputation: 985Reputation: 985Reputation: 985
Quote:
Originally Posted by cowlitzron View Post
libsndfile 1.0.26 was released fixing CVE-2015-7805, CVE-2014-9756, AND CVE-2014-9496. Two of the CVSS severities are listed as high.

http://www.mega-nerd.com/libsndfile/...-1.0.26.tar.gz
already posted in (request for current) here

http://www.linuxquestions.org/questi...77/page22.html
 
Old 02-17-2016, 12:20 PM   #487
WinFree
LQ Newbie
 
Registered: Mar 2013
Posts: 23

Rep: Reputation: 9
glibc buffer overflow making headlines
CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
 
1 members found this post helpful.
Old 02-19-2016, 06:21 AM   #488
WinFree
LQ Newbie
 
Registered: Mar 2013
Posts: 23

Rep: Reputation: 9
Linux Kernel Vulnerability (CVE-2016-0728)

Probably affects Slackware 14.1 and -current.
 
1 members found this post helpful.
Old 02-19-2016, 08:02 AM   #489
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,873

Rep: Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982Reputation: 4982
Not an issue in current.

http://www.cve.mitre.org/cgi-bin/cve...ame=2016-0728:
Quote:
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
4.4.1 Changelog:
Quote:
commit e4a46f02b1d0eaadea4e6b00e29922cd00d6de53
Author: Yevgeny Pats <xxxxxxxxxxxxxxxx>
Date: Tue Jan 19 22:09:04 2016 +0000

KEYS: Fix keyring ref leak in join_session_keyring()

commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 upstream.

This fixes CVE-2016-0728.

Last edited by GazL; 02-19-2016 at 08:04 AM.
 
Old 02-20-2016, 03:04 AM   #490
anon074
Member
 
Registered: Nov 2015
Posts: 36

Rep: Reputation: Disabled
NTP and BIND updates

It seems that NTP-4.2.8p6 and BIND 9.10.3-P3 haven't been mentioned yet. See http://support.ntp.org/bin/view/Main...ulnerabilities and https://kb.isc.org/article/AA-01346 for details.
 
2 members found this post helpful.
Old 02-21-2016, 04:54 AM   #491
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by WinFree View Post
glibc buffer overflow making headlines
CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
Fix for Slackware 14.1 (glibc 2.17): glibc-2.17_CVE-2015-7547.diff

--mancha
 
4 members found this post helpful.
Old 02-21-2016, 11:09 AM   #492
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,015

Rep: Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186Reputation: 7186
Mancha,
Long time, no see.
Welcome back!
 
Old 02-28-2016, 04:44 AM   #493
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by cwizardone View Post
Mancha,
Long time, no see.
Welcome back!
Thanks for the welcome! I've /bin/busy lately with a few projects.

Will try to check in a bit more often (especially now that 14.2 is right around the corner - fun).

Cheers.

--mancha

Last edited by mancha; 02-28-2016 at 04:50 AM.
 
Old 03-01-2016, 10:31 AM   #494
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 543

Rep: Reputation: 121Reputation: 121
OpenSSL CVE-2016-0800
 
2 members found this post helpful.
Old 03-01-2016, 04:56 PM   #495
Skaendo
Senior Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 1,445

Rep: Reputation: Disabled
Quote:
Originally Posted by BrZ View Post
Some more info?:
http://arstechnica.com/security/2016...yption-attack/

Last edited by Skaendo; 03-01-2016 at 05:07 PM.
 
1 members found this post helpful.
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration