LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

mats_b_tegner 01-26-2016 01:52 PM

Firefox 44.0 fixes the following:
https://www.mozilla.org/en-US/securi...ities/firefox/
https://ftp.mozilla.org/pub/firefox/....source.tar.xz

mats_b_tegner 01-27-2016 06:30 AM

cURL 7.47.0 is out. Fixes CVEs 2016-0754 and 2016-0755:
http://curl.haxx.se/changes.html#7_47_0
http://curl.haxx.se/download/curl-7.47.0.tar.bz2
http://curl.haxx.se/download/curl-7.47.0.tar.bz2.asc

cwizardone 01-28-2016 11:55 AM

openssl-1.0.2f has been released.

Severity: High. DH small subgroups (CVE-2016-0701)

Advisory here, https://www.openssl.org/news/secadv/20160128.txt

elcore 01-28-2016 12:36 PM

There are bots in ntp servers sniffing for open ports.
Recommend: Disable ntp

cowlitzron 02-07-2016 02:00 AM

libsndfile 1.0.26 was released fixing CVE-2015-7805, CVE-2014-9756, AND CVE-2014-9496. Two of the CVSS severities are listed as high.

http://www.mega-nerd.com/libsndfile/...-1.0.26.tar.gz

gmgf 02-07-2016 02:06 AM

Quote:

Originally Posted by cowlitzron (Post 5496544)
libsndfile 1.0.26 was released fixing CVE-2015-7805, CVE-2014-9756, AND CVE-2014-9496. Two of the CVSS severities are listed as high.

http://www.mega-nerd.com/libsndfile/...-1.0.26.tar.gz

already posted in (request for current) here ;)

http://www.linuxquestions.org/questi...77/page22.html

WinFree 02-17-2016 01:20 PM

glibc buffer overflow making headlines
CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow

WinFree 02-19-2016 07:21 AM

Linux Kernel Vulnerability (CVE-2016-0728)

Probably affects Slackware 14.1 and -current.

GazL 02-19-2016 09:02 AM

Not an issue in current.

http://www.cve.mitre.org/cgi-bin/cve...ame=2016-0728:
Quote:

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
4.4.1 Changelog:
Quote:

commit e4a46f02b1d0eaadea4e6b00e29922cd00d6de53
Author: Yevgeny Pats <xxxxxxxxxxxxxxxx>
Date: Tue Jan 19 22:09:04 2016 +0000

KEYS: Fix keyring ref leak in join_session_keyring()

commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 upstream.

This fixes CVE-2016-0728.

voegelas 02-20-2016 04:04 AM

NTP and BIND updates
 
It seems that NTP-4.2.8p6 and BIND 9.10.3-P3 haven't been mentioned yet. See http://support.ntp.org/bin/view/Main...ulnerabilities and https://kb.isc.org/article/AA-01346 for details.

mancha 02-21-2016 05:54 AM

Quote:

Originally Posted by WinFree (Post 5501738)
glibc buffer overflow making headlines
CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow

Fix for Slackware 14.1 (glibc 2.17): glibc-2.17_CVE-2015-7547.diff

--mancha

cwizardone 02-21-2016 12:09 PM

Mancha,
Long time, no see.
Welcome back!
:)

mancha 02-28-2016 05:44 AM

Quote:

Originally Posted by cwizardone (Post 5503798)
Mancha,
Long time, no see.
Welcome back!
:)

Thanks for the welcome! I've /bin/busy lately with a few projects.

Will try to check in a bit more often (especially now that 14.2 is right around the corner - fun).

Cheers.

--mancha

BrZ 03-01-2016 11:31 AM

OpenSSL CVE-2016-0800

Skaendo 03-01-2016 05:56 PM

Quote:

Originally Posted by BrZ (Post 5508489)

Some more info?:
http://arstechnica.com/security/2016...yption-attack/


All times are GMT -5. The time now is 06:51 PM.