Quote:
https://www.imagemagick.org/discours...hp?f=4&t=29588 https://www.imagemagick.org/download....9.3-10.tar.xz https://www.imagemagick.org/download...-10.tar.xz.asc |
ImageMagick-7.0.1-1, has been released.
Source code is available, ftp://ftp.imagemagick.org/pub/ImageM...7.0.1-1.tar.xz or https://www.imagemagick.org/script/binary-releases.php |
More on the ImageMagick security problems:
http://arstechnica.com/security/2016...rocessing-bug/ Quote:
|
^^ :thumbsup:
Fixed in Tuesday night's change log. Many Thanks. :hattip: |
Quote:
|
Quote:
|
It seems, another critical problem with Imagemagick (CVE-2016-5118):
http://www.openwall.com/lists/oss-security/2016/05/29/7 |
ntp 4.2.8p8 addresses the following:
http://support.ntp.org/bin/view/Main...ulnerabilities Quote:
|
libjpeg-turbo 1.5.0 released 2016-06-07
sourceforge link Maybe not so relevant to the main tree, but alien package for 14.1 is 1.2.0 and #gentoo warned about this. Builds fine with the old SlackBuild, just needs a version bump. |
Quote:
The version in -current is, libjpeg-turbo-1.4.2. :hattip: |
Update 20160621
OpenSSL
--mancha PS If you run self-tests at compile time (i.e. make test), you need to update expired SMIME certs bundled in 1.0.1t for use in the CMS tests. Apply openssl-1.0.1t_smime-certs.diff and build. |
Quote:
I'm going to pass on these, and don't think anyone needs to be terribly concerned. |
Quote:
Re: CVE-2016-2177, I waited before posting upstream's fix given concerns raised the fix might be incomplete. Two weeks since the public commit, OpenSSL's fix still stands. Re: CVE-2016-2178, successful exploitation appears complex (as is the case with most side-channel timing attacks). Nevertheless, the fix is straightforward and good to have. I've not personally had time to audit the affected code but have deployed both fixes on my systems. --mancha |
Thunderbird 45.2.0
Thunderbird 45.2.0 has a security fix:
https://www.mozilla.org/en-US/thunde.../releasenotes/ https://www.mozilla.org/en-US/securi...s/mfsa2016-49/ https://ftp.mozilla.org/pub/thunderb....source.tar.xz |
samba-4.4.5 is released and fix one security issue.
Quote:
https://download.samba.org/pub/samba...-4.4.5.tar.asc |
All times are GMT -5. The time now is 10:43 PM. |