LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-23-2015, 01:08 PM   #1
donrich39
LQ Newbie
 
Registered: Jun 2008
Location: Uniontown, OH
Distribution: slackware
Posts: 9

Rep: Reputation: 0
Why are we only getting patches for 14.1 and current?


It seems that we are only getting patches for Slack 14.1 and current. Even 14.0 hasn't gotten patches recently, firefox is at version 17.
 
Old 03-23-2015, 01:16 PM   #2
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 9,039

Rep: Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903Reputation: 3903
The last patch for 14.0 was in mid February. Just a month and a week ago.

http://ftp.oregonstate.edu/pub/slack.../ChangeLog.txt

Was Firefox 17 (in 14.0) affected by the security vulnerabilities that affected the later versions that were included with 14.1, and which necessitated them being upgraded in 14.1?

Last edited by dugan; 03-23-2015 at 01:19 PM.
 
Old 03-23-2015, 01:19 PM   #3
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,367

Rep: Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840
Older releases of Slackware get patches 'where feasible'. Slackware 14.0 received some patches last month. As for Firefox, as far as I know newer versions of Firefox will not compile on the older releases of Slackware (its dependencies are too old). You would be best off using ruario's latest-firefox script which downloads and repackages the official upstream Mozilla binary build, which is compiled for broad use and should still work on older versions of Slackware.
 
Old 03-23-2015, 01:33 PM   #4
donrich39
LQ Newbie
 
Registered: Jun 2008
Location: Uniontown, OH
Distribution: slackware
Posts: 9

Original Poster
Rep: Reputation: 0
OK, point taken.
I will investigate https://gist.github.com/ruario/9672798 as suggested by T3slider.
Thanks much.
 
Old 03-23-2015, 02:20 PM   #5
donrich39
LQ Newbie
 
Registered: Jun 2008
Location: Uniontown, OH
Distribution: slackware
Posts: 9

Original Poster
Rep: Reputation: 0
ruario's latest-firefox script is awesome!
Thanks so much.
 
Old 03-23-2015, 03:13 PM   #6
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 6,121

Rep: Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815Reputation: 3815
He also has one for Chrome, if you're interested in running Chrome versions (it was always such a pain to update Chrome using the official method in extra/).
 
Old 03-25-2015, 10:18 PM   #7
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
Quote:
Originally Posted by dugan View Post
Was Firefox 17 (in 14.0) affected by the security vulnerabilities that affected the later versions that were included with 14.1, and which necessitated them being upgraded in 14.1?
The short answer is yes.

The longer answer is you can look at Mozilla's FF-ESR known vulnerabilities list. The mapping will not be one-to-one with FF ESR17
because some of the later vulnerabilities might be in code introduced after ESR17 EOL'd. On the other hand, there might be
undiscovered vulnerabilities in ESR17 code that has since been ripped out for non-security reasons in later versions. To make a
precise assessment you'll have to actually review source code.

However, there's another important dimension aside from security bugs in the FF codebase - the constant wave of implementation
improvements of secure protocols. For example, with regard to the recent'ish POODLE attack, FF34 disabled SSLv3 and FF35 went
further and introduced TLS_FALLBACK_SCSV.

Similarly, FF32 began phasing-in preloaded key-pinning and FF35 introduced HPKP. Both quite relevant given the recent troubling
news
of an intermediate Certificate Authority, under CNNIC auspices, issuing fake Google certificates. Anyone using FF earlier than
FF33 would have thought those fake Google certs were OK (the browser would have taken them to be 100% valid).

I could go on but I think I've made my point. Yes, older FF versions do have vulnerabilities in their code and that's a problem. But
at least equally as important, older FFs lack significant innovations that address real-world security issues.

The moral of the story: keep your FF very up-to-date.

--mancha
 
2 members found this post helpful.
  


Reply

Tags
patches, updates


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Any Current Ports of Ubuntu Font Patches Available? joncr Slackware 12 05-08-2014 06:06 PM
SBo-git - slackbuilds.org on git (with patches for current) ponce Slackware 47 03-12-2011 05:12 AM
Solaris 8,9 Current OS Level Patches dwarf007 Solaris / OpenSolaris 4 03-01-2006 05:53 AM
Does -current include latest KDE security patches ?? small_boy22 Slackware 4 06-03-2005 02:09 PM
RedHat patches vs open source patches paulsh2k4 Linux - Software 1 10-14-2004 03:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration