Slackware 1133 Published by

The following Slackware updates are available: libXfont (SSA:2014-013-01), openssl (SSA:2014-013-02), php (SSA:2014-013-03), and samba (SSA:2014-013-04)



libXfont (SSA:2014-013-01)

New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz: Upgraded.
This update fixes a stack overflow when reading a BDF font file containing
a longer than expected string, which could lead to crashes or privilege
escalation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libXfont-1.4.7-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libXfont-1.4.7-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libXfont-1.4.7-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libXfont-1.4.7-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libXfont-1.4.7-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libXfont-1.4.7-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libXfont-1.4.7-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libXfont-1.4.7-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libXfont-1.4.7-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libXfont-1.4.7-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libXfont-1.4.7-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
7ee623794aef580b4bf7558d866fae65 libXfont-1.4.7-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
305b7cbe9b6d350c05161eacab99a80f libXfont-1.4.7-x86_64-1_slack13.0.txz

Slackware 13.1 package:
e082bca2fd00409d91631bb7156863f9 libXfont-1.4.7-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
7c163c76b3fb28c4fa64331f9bf4027d libXfont-1.4.7-x86_64-1_slack13.1.txz

Slackware 13.37 package:
fda77265598ffa01cb0cc89b6310d0d1 libXfont-1.4.7-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
815a61cd07e88234f39badf8572d25bc libXfont-1.4.7-x86_64-1_slack13.37.txz

Slackware 14.0 package:
c7152f16dc5c93123d0850138e4ff9b8 libXfont-1.4.7-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
26e127a7546ac150b310f40738adfbec libXfont-1.4.7-x86_64-1_slack14.0.txz

Slackware 14.1 package:
8c3209463d0715b1f0bec65de5f1866f libXfont-1.4.7-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
449c00f274acdb484f9bef89c555930f libXfont-1.4.7-x86_64-1_slack14.1.txz

Slackware -current package:
23559a0985e00a5852e59918d2d51379 x/libXfont-1.4.7-i486-1.txz

Slackware x86_64 -current package:
6399e8d10d536750c815000c3a0b3679 x/libXfont-1.4.7-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libXfont-1.4.7-i486-1_slack14.1.txz
openssl (SSA:2014-013-02)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
(* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
f059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz
46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz
55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz
5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz
b6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz
5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz
d4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
1bb0907950c9f573899db21db15eb2b7 openssl-1.0.1f-i486-1_slack14.0.txz
677d7a6f86c4ae1ba507de9e9efba2f0 openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
e006bdbf032de2a5b6b6a3304e96473f openssl-1.0.1f-x86_64-1_slack14.0.txz
56958f463cc6e78451c9096a266d9085 openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
e0c4e52c930fb32aa4ddf23079ac1e42 openssl-1.0.1f-i486-1_slack14.1.txz
3e51d8f2c1a9b763f037aa8dd51ad548 openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
2f18bac7c335eab1251decd15d8fce4c openssl-1.0.1f-x86_64-1_slack14.1.txz
a61b7c01a06974b55a692c7359d16183 openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Slackware -current packages:
c07a84c4dc4dd27cc0c452fb650f2b5b a/openssl-solibs-1.0.1f-i486-1.txz
454153984c2d8bb76ff631416cc3550a n/openssl-1.0.1f-i486-1.txz

Slackware x86_64 -current packages:
9bef5de5f7d04d5c4fdd5ad62801472e a/openssl-solibs-1.0.1f-x86_64-1.txz
6523e9d4befa8e1531ffd5a9377c897b n/openssl-1.0.1f-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz
php (SSA:2014-013-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded.
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
which allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted certificate that is not
properly handled by the openssl_x509_parse function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
cc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz

Slackware 14.1 package:
1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz

Slackware -current package:
f306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz

Slackware x86_64 -current package:
3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg php-5.4.24-i486-1_slack14.1.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
samba (SSA:2014-013-04)

New samba packages are available for Slackware 14.1, and -current to
fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.4-i486-1_slack14.1.txz: Upgraded.
This update fixes a heap-based buffer overflow that may allow AD domain
controllers to execute arbitrary code via an invalid fragment length in
a DCE-RPC packet.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.1.4-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.1.4-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.1.4-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.1.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
4a8e846abd013a98fa4a4917796601fb samba-4.1.4-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
85bf2b6a49192e1cbfa6100d3302924d samba-4.1.4-x86_64-1_slack14.1.txz

Slackware -current package:
65352cf3d9e54d6a91952c0cd86e5b7b n/samba-4.1.4-i486-1.txz

Slackware x86_64 -current package:
2e7f139938fba5a5ca8ae5a697311d81 n/samba-4.1.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-4.1.4-i486-1_slack14.1.txz

Then, if Samba is running restart it:
# /etc/rc.d/rc.samba restart