The following updates has been released for Slackware Linux:
bind (SSA:2016-054-01)
glibc (SSA:2016-054-02)
libgcrypt (SSA:2016-054-03)
ntp (SSA:2016-054-04)
bind (SSA:2016-054-01)
glibc (SSA:2016-054-02)
libgcrypt (SSA:2016-054-03)
ntp (SSA:2016-054-04)
bind (SSA:2016-054-01)
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.8_P3-i486-1_slack14.1.txz: Upgraded.
This release fixes two possible denial-of-service issues:
render_ecs errors were mishandled when printing out a OPT record resulting
in a assertion failure. (CVE-2015-8705) [RT #41397]
Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.8_P3-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.8_P3-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.8_P3-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.8_P3-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.8_P3-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.8_P3-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.8_P3-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.8_P3-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.8_P3-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.8_P3-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.3_P3-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.3_P3-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
3b67681ed79359599b2ed70316539ec6 bind-9.9.8_P3-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
261cd1e1e2e4c1e6a00afa449f23864c bind-9.9.8_P3-x86_64-1_slack13.0.txz
Slackware 13.1 package:
8005fc9542efb158d2601b4c9f653050 bind-9.9.8_P3-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
0ac1e735613d76bead299cdebe7a63ab bind-9.9.8_P3-x86_64-1_slack13.1.txz
Slackware 13.37 package:
46063a583aec5d76c94c82b76b00fe41 bind-9.9.8_P3-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
1bb5759d7f828c4a973a1117adc8665e bind-9.9.8_P3-x86_64-1_slack13.37.txz
Slackware 14.0 package:
d39a1a49bb26a4a2aaee2d354f99b35e bind-9.9.8_P3-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
7dcafce17e72eea384073699b87fbc81 bind-9.9.8_P3-x86_64-1_slack14.0.txz
Slackware 14.1 package:
94a347a0e619429e3bf6d68825a4e0c7 bind-9.9.8_P3-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
529f00547620aa6be1897b277f433d8a bind-9.9.8_P3-x86_64-1_slack14.1.txz
Slackware -current package:
4a440e83768d8d3814304e2b1b60e1cb n/bind-9.10.3_P3-i586-1.txz
Slackware x86_64 -current package:
2fb5db12e612a5ed16a52f2a6dccf40d n/bind-9.10.3_P3-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.9.8_P3-i486-1_slack14.1.txz
Then, restart the name server:
# /etc/rc.d/rc.bind restart
glibc (SSA:2016-054-02)
New glibc packages are available for Slackware 14.1 and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt.
This update provides a patch to fix the stack-based buffer overflow in
libresolv that could allow specially crafted DNS responses to seize
control of execution flow in the DNS client (CVE-2015-7547). However,
due to a patch applied to Slackware's glibc back in 2009 (don't use the
gethostbyname4() lookup method as it was causing some cheap routers to
misbehave), we were not vulnerable to that issue. Nevertheless it seems
prudent to patch the overflows anyway even if we're not currently using
the code in question. Thanks to mancha for the backported patch.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
(* Security fix *)
patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt.
patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.1 packages:
4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz
5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz
a937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz
442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz
Slackware x86_64 14.1 packages:
eec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz
d8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz
e7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz
629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz
Slackware -current packages:
b11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz
5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz
ae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz
61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz
Slackware x86_64 -current packages:
c48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz
36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz
e0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz
f5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg glibc-*.txz
libgcrypt (SSA:2016-054-03)
New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz: Upgraded.
Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
Use ciphertext blinding for Elgamal decryption.
For more information, see:
http://www.cs.tau.ac.IL/~tromer/ecdh/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libgcrypt-1.5.5-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libgcrypt-1.5.5-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libgcrypt-1.5.5-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libgcrypt-1.5.5-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.6.5-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.6.5-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
ee3c5323fa919cab4d2320e55af631f0 libgcrypt-1.5.5-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
979a5918264781ecd1f9243f66409e20 libgcrypt-1.5.5-x86_64-1_slack13.0.txz
Slackware 13.1 package:
7fd7b00cc75620cf7700532240dd75de libgcrypt-1.5.5-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
5ac468107f7975050ceb0d508fb5e68a libgcrypt-1.5.5-x86_64-1_slack13.1.txz
Slackware 13.37 package:
8a6b50ba89c28ab4949f4a38efe3debb libgcrypt-1.5.5-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
bde7d812f1780786c577f1df0257f312 libgcrypt-1.5.5-x86_64-1_slack13.37.txz
Slackware 14.0 package:
e6bcce67129fe08ffde7aa63d300b9b5 libgcrypt-1.5.5-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
0bf6b0b75a3f9101f37b74d3d9b83cab libgcrypt-1.5.5-x86_64-1_slack14.0.txz
Slackware 14.1 package:
76c5ad1857cefd4c9b056bd78ee9f256 libgcrypt-1.5.5-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
636607a48bd342760289913bb7f34b54 libgcrypt-1.5.5-x86_64-1_slack14.1.txz
Slackware -current package:
6f9a32f64d09f9a6609fae3646779da7 n/libgcrypt-1.6.5-i586-1.txz
Slackware x86_64 -current package:
2dda7d79b8e4c6e567ba7f5f52b2513c n/libgcrypt-1.6.5-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg libgcrypt-1.5.5-i486-1_slack14.1.txz
ntp (SSA:2016-054-04)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several low and medium severity vulnerabilities.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p6-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p6-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p6-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p6-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p6-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p6-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
31365ae4f12849e65d4ad1c8c7d5f89a ntp-4.2.8p6-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5a2d24bdacd8dd05ab9e0613c829212b ntp-4.2.8p6-x86_64-1_slack13.0.txz
Slackware 13.1 package:
e70f7422bc81c144e6fac1df2c202634 ntp-4.2.8p6-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
f6637f6d24b94a6b17c68467956a6283 ntp-4.2.8p6-x86_64-1_slack13.1.txz
Slackware 13.37 package:
82601e105f95e324dfd1e2f0df513673 ntp-4.2.8p6-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
d3ba32d46f7eef8f75a3444bbee4c677 ntp-4.2.8p6-x86_64-1_slack13.37.txz
Slackware 14.0 package:
c5ff13e58fbbea0b7a677e947449e7b1 ntp-4.2.8p6-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
9e2abfaf0b0b7bf84a8a4db89f60eff6 ntp-4.2.8p6-x86_64-1_slack14.0.txz
Slackware 14.1 package:
e1e6b84808b7562314e0e29479153553 ntp-4.2.8p6-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
8db0a4ca68805c7f5e487d5bcd69d098 ntp-4.2.8p6-x86_64-1_slack14.1.txz
Slackware -current package:
f96f443f54a74c20b5eb67467f5958ea n/ntp-4.2.8p6-i586-1.txz
Slackware x86_64 -current package:
5e256f2e1906b4c75047a966996a7a41 n/ntp-4.2.8p6-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg ntp-4.2.8p6-i486-1_slack14.1.txz
Then, restart the NTP daemon:
# sh /etc/rc.d/rc.ntpd restart