Slackware 1126 Published by

The following updates has been released for Slackware Linux:

bind (SSA:2015-188-04)
cups (SSA:2015-188-01)
mozilla-firefox (SSA:2015-188-02)
ntp (SSA:2015-188-03)



bind (SSA:2015-188-04)


New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.7_P1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue where an attacker who can cause
a validating resolver to query a zone containing specifically constructed
contents can cause that resolver to fail an assertion and terminate due
to a defect in validation code. This means that a recursive resolver that
is performing DNSSEC validation can be deliberately stopped by an attacker
who can cause the resolver to perform a query against a
maliciously-constructed zone. This will result in a denial of service to
clients who rely on that resolver.
For more information, see:
https://kb.isc.org/article/AA-01267/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P1-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P2-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
38e658538037036f3d77108dcf0865c3 bind-9.9.7_P1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
ce60a95cf08aae43ad371c3344b5ceac bind-9.9.7_P1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
32873005a0cf1fefe87c968dabaa69f7 bind-9.9.7_P1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
b4660cadd8c2c0db82b63bce019cd425 bind-9.9.7_P1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
60559eab25abe9c4227e786dfbda5ec0 bind-9.9.7_P1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
466a456646c4f7a36646d7f802364877 bind-9.9.7_P1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
c333a145f504bd7457030e8b8a016ed2 bind-9.9.7_P1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
79d7fb87a229627e8a48ed2cdfb0b000 bind-9.9.7_P1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
8c5c206b1a1d9ceab53efc04904afcda bind-9.9.7_P1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
01e296eacac7717a2b42090be480007f bind-9.9.7_P1-x86_64-1_slack14.1.txz

Slackware -current package:
ec06a2234cb84ed6509cdc34355a1ca2 n/bind-9.10.2_P2-i486-1.txz

Slackware x86_64 -current package:
7dacb77256d58669f8426a1e0137c4b3 n/bind-9.10.2_P2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.9.7_P1-i486-1_slack14.1.txz

Then, restart the name server:
# /etc/rc.d/rc.bind restart

cups (SSA:2015-188-01)


New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/cups-1.5.4-i486-4_slack14.1.txz: Rebuilt.
This release fixes a security issue:
CWE-911: Improper Update of Reference Count - CVE-2015-1158
This bug could allow an attacker to upload a replacement CUPS
configuration file and mount further attacks.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/cups-1.3.11-i486-3_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/cups-1.3.11-x86_64-3_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.5-i486-3_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.5-x86_64-3_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/cups-1.4.6-i486-2_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/cups-1.4.6-x86_64-2_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/cups-1.5.4-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/cups-1.5.4-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/cups-1.5.4-i486-4_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/cups-1.5.4-x86_64-4_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.0.3-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.0.3-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
f013abe1761fb1a3a962ee6bb63bb12c cups-1.3.11-i486-3_slack13.0.txz

Slackware x86_64 13.0 package:
88c5e1cf46eab8fd0d101e8411f10251 cups-1.3.11-x86_64-3_slack13.0.txz

Slackware 13.1 package:
f71f2b3066f4af9c407df75b1535f179 cups-1.4.5-i486-3_slack13.1.txz

Slackware x86_64 13.1 package:
2bf27108c7c2772e8adbd984efb0c55e cups-1.4.5-x86_64-3_slack13.1.txz

Slackware 13.37 package:
0db4e57246873b1817f7332f90dd245f cups-1.4.6-i486-2_slack13.37.txz

Slackware x86_64 13.37 package:
8d3ce5ec82218ebb001c0b46d891895a cups-1.4.6-x86_64-2_slack13.37.txz

Slackware 14.0 package:
c9130b507a69775f68eb1ca71c2c746c cups-1.5.4-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
e91436f9885350bc63a2d9484f974e66 cups-1.5.4-x86_64-3_slack14.0.txz

Slackware 14.1 package:
e7887e9c90b7501edca14157a85f7c3c cups-1.5.4-i486-4_slack14.1.txz

Slackware x86_64 14.1 package:
712faf20c729a442d6229de6942aefc5 cups-1.5.4-x86_64-4_slack14.1.txz

Slackware -current package:
b92d4ad6d8da3487ca0445915ef6aa38 ap/cups-2.0.3-i486-1.txz

Slackware x86_64 -current package:
f740e4376110c797ef1926d5a94bea5a ap/cups-2.0.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg cups-1.5.4-i486-4_slack14.1.txz

Then, restart the cups server:
# sh /etc/rc.d/rc.cups restart

mozilla-firefox (SSA:2015-188-02)


New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.8.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-firefox-31.8.0esr-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-firefox-31.8.0esr-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-39.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-39.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
503b55a60dd3d7770160949eeb3cb311 mozilla-firefox-31.8.0esr-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
910a9a27694055c6691167e09b52a31c mozilla-firefox-31.8.0esr-x86_64-1_slack14.1.txz

Slackware -current package:
8b9524c9bd82a45fc843e15b65c314ba xap/mozilla-firefox-39.0-i586-1.txz

Slackware x86_64 -current package:
70c227998959f7393654985834a0ac5a xap/mozilla-firefox-39.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-31.8.0esr-i486-1_slack14.1.txz

ntp (SSA:2015-188-03)


New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p3-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue where under specific circumstances an
attacker can send a crafted packet to cause a vulnerable ntpd instance to
crash. Since this requires 1) ntpd set up to allow remote configuration
(not allowed by default), and 2) knowledge of the configuration password,
and 3) access to a computer entrusted to perform remote configuration,
the vulnerability is considered low-risk.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p3-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p3-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p3-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p3-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p3-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p3-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p3-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p3-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p3-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p3-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p3-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p3-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
a1780621556bf581833f0a46c21812cd ntp-4.2.8p3-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
fbece86086ef7e84e02e959cfab92883 ntp-4.2.8p3-x86_64-1_slack13.0.txz

Slackware 13.1 package:
020367073707b66ec4992de74b315f0f ntp-4.2.8p3-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
87663d4a7c7699df446fc93705442681 ntp-4.2.8p3-x86_64-1_slack13.1.txz

Slackware 13.37 package:
c9a263e726932d81eab293725b4cb84f ntp-4.2.8p3-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
d2cdaf7078872c162161c5356af82057 ntp-4.2.8p3-x86_64-1_slack13.37.txz

Slackware 14.0 package:
db95841f80cd3e019109416636e6e8bd ntp-4.2.8p3-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
7f6094e35e892e4d77201602b04430b7 ntp-4.2.8p3-x86_64-1_slack14.0.txz

Slackware 14.1 package:
cb60dd8aa75c7ac9e7a3a38cc055df9b ntp-4.2.8p3-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
bba510875648be7eb2e6f206947824a7 ntp-4.2.8p3-x86_64-1_slack14.1.txz

Slackware -current package:
db3a89a88447f5886a4b4fe4f24680a7 n/ntp-4.2.8p3-i486-1.txz

Slackware x86_64 -current package:
feff97f062bf9e536e4ebf31c7bd2361 n/ntp-4.2.8p3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ntp-4.2.8p3-i486-1_slack14.1.txz

Then, restart the NTP daemon:
# sh /etc/rc.d/rc.ntpd restart