Hi,
Thanks. -- Best regards, Andrzej Telszewski |
Hi,
Quote:
4.4.88 with this fix has just been releases. -- Best regards, Andrzej Telszewski |
cairo-1.14.6 CVE-2016-9082
CVE-2016-9082
Cairo 'cairo-png.c' Integer Overflow Vulnerability http://www.securityfocus.com/bid/93931 A patch is provided here https://bugs.freedesktop.org/attachment.cgi?id=127421. This patch is also used in Debian's libcairo2-1.14.8 |
Quote:
Bluez 5.47 is also out with the fixes for http://cve.mitre.org/cgi-bin/cvename...E-2017-1000250 |
A vulnerability in libgcrypt which makes it easier for attackers to discover a secret key:
CVE-2017-0379 (https://nvd.nist.gov/vuln/detail/CVE-2017-0379) This has been fixed in libgcrypt 1.7.9. More details at http://security.cucumberlinux.com/se...ails.php?id=26 |
A vulnerability in gdk-pixbuf allowing for a denial of service:
CVE-2017-6311 (https://nvd.nist.gov/vuln/detail/CVE-2017-6311) This has been fixed in gdk-pixbuf 2.36.10 |
samba 4.4.16, 4.5.14, 4.6.8 are released with security fixes.
Quote:
|
A bunch of linux kernel CVEs were announced here:
https://lists.debian.org/debian-secu.../msg00243.html Checking each against the kernels now in current, 14.2 and 14.1 revealed some outstanding vulnerabilities -- I think. Please double-check. All I did was check the kernel sources for the code which introduced the vulns and/or the existence of patches which fixed them, and didn't run POCs. CVE-2017-7518: none (CONFIG_KVM=m in Slackware) CVE-2017-7558: current CVE-2017-10661: not sure CVE-2017-11600: current, 14.2, 14.1 CVE-2017-12146: current, 14.2, 14.1 CVE-2017-12134: none (no xen in Slackware; those using xen sbo should use workaround "echo 2 > /sys/block/nvme0n1/queue/nomerges") CVE-2017-12153: current, 14.2, 14.1 CVE-2017-12154: none (CONFIG_KVM=m in Slackware) CVE-2017-14106: current, 14.2, 14.1 (not finding Linus' patch in net/ipv4/tcp.c) CVE-2017-14140: 14.1 CVE-2017-14156: current, 14.2 (atyfb_base.c not present in 14.1) CVE-2017-14340: 14.1 CVE-2017-14489: current, 14.2, 14.1 CVE-2017-14497: current CVE-2017-1000111: 14.1 CVE-2017-1000112: not sure CVE-2017-1000251: none CVE-2017-1000252: current, 14.2 CVE-2017-1000370: not sure CVE-2017-1000371: 14.1 CVE-2017-1000380: 14.1 |
dnsmasq 2.78 has been released, which fixes a truckload of remotely-exploitable vulnerabilities.
2.78 release announcement Google Security blog post on the vulnerabilities they discovered |
curl 7.56.0
curl 7.56.0 fixes CVE-2017-1000254
https://curl.haxx.se/docs/adv_20171004.html |
lame , in current have CVE-2017-15018 , AND same in slackbuilds , but this is another question.
https://cve.mitre.org/cgi-bin/cvenam...CVE-2017-15018 the patch https://git.archlinux.org/svntogit/p...=packages/lame |
I posted in the current hread but , this probably need patch in 14.2 and other slack versions.
Xorg-server , ..again ! CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer CVE-2017-12180: hw/xfree86: unvalidated lengths CVE-2017-12181: hw/xfree86: unvalidated lengths CVE-2017-12182: hw/xfree86: unvalidated lengths CVE-2017-12183: xfixes: unvalidated lengths CVE-2017-12184: Unvalidated lengths CVE-2017-12185: Unvalidated lengths CVE-2017-12186: Unvalidated lengths CVE-2017-12187: Unvalidated lengths |
will Slackware update gcc to 5.5?
https://gcc.gnu.org/ml/gcc/2017-10/msg00064.html the fixes since 5.3 are rather huge https://gcc.gnu.org/bugzilla/buglist..._milestone=5.4 https://gcc.gnu.org/bugzilla/buglist..._milestone=5.5 and some of them are marked critical |
Quote:
|
KRACK Attacks
I don't know if and when WPA supplicant will be patched.
https://www.krackattacks.com/ Details should published soon. Meanwhile, I'd suggest to be careful with your WIFI connections, and prefer wired connections whenever possible, although no exploit seems to have been recorded at time of writing to my knowledge. |
All times are GMT -5. The time now is 08:19 AM. |