Slackware 1131 Published by

The following updates has been released for Slackware Linux:

bind (SSA:2015-349-01)
libpng (SSA:2015-349-02)
mozilla-firefox (SSA:2015-349-03)
openssl (SSA:2015-349-04)



bind (SSA:2015-349-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz: Upgraded.
This update fixes three security issues:
Update allowed OpenSSL versions as named is potentially vulnerable
to CVE-2015-3193.
Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure when
those records were subsequently cached. (CVE-2015-8000)
Address fetch context reference count handling error on socket error.
(CVE-2015-8461)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.8_P2-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.8_P2-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.8_P2-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.8_P2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.8_P2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.3_P2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.3_P2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
ef466df7b5c30de3b1823ae2ef7c0820 bind-9.9.8_P2-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
4d6fd1a921302be279fb00b8f3c5209f bind-9.9.8_P2-x86_64-1_slack13.0.txz

Slackware 13.1 package:
de9cea0aaf0123e1b480582a97b5a483 bind-9.9.8_P2-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
3d06836402ee2265194d819bf59ebef5 bind-9.9.8_P2-x86_64-1_slack13.1.txz

Slackware 13.37 package:
084270843411521f1d5f7dfee0faf05a bind-9.9.8_P2-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
2cb2bfdb94e52725bccecea29e5a5bc1 bind-9.9.8_P2-x86_64-1_slack13.37.txz

Slackware 14.0 package:
b653a7dd7b8591ccbd434bb2ec2e395f bind-9.9.8_P2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
d6db5ba1f2c1ae0c99457b1866d9b752 bind-9.9.8_P2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
ffaf96b22a3148f23d6cb0349c4fa745 bind-9.9.8_P2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
5382418d8d2044f567934b24f280592b bind-9.9.8_P2-x86_64-1_slack14.1.txz

Slackware -current package:
8a998dd407304fb10e8df8c92655ff54 n/bind-9.10.3_P2-i586-1.txz

Slackware x86_64 -current package:
545b71ea3107b6a7796fb21cf1dfd311 n/bind-9.10.3_P2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.9.8_P2-i486-1_slack14.1.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

libpng (SSA:2015-349-02)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz: Upgraded.
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.55-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.55-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.18-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.18-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.18-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.18-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.18-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.18-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.18-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.20-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.20-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
0ee9224ad5684fad22c1b0c90605c63b libpng-1.2.55-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
d9b29264e8312baf0c511c81ad779e59 libpng-1.2.55-x86_64-1_slack13.0.txz

Slackware 13.1 package:
28f6f162e3808d1dcdf6a3a98a8ccd69 libpng-1.4.18-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
156846c2db1a60cc840ed6e545ad9ec3 libpng-1.4.18-x86_64-1_slack13.1.txz

Slackware 13.37 package:
6c2eb1e0434a742f837b3d136d09fa89 libpng-1.4.18-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
099974c30fce3f57ba60249e6cd4ad99 libpng-1.4.18-x86_64-1_slack13.37.txz

Slackware 14.0 package:
b546c957f439e78bbee7bdd429953a76 libpng-1.4.18-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
66903cc8d9eea2c47698ff0776da13e2 libpng-1.4.18-x86_64-1_slack14.0.txz

Slackware 14.1 package:
f2dfcb4aa0a05fccf81f60f913bc7e8e libpng-1.4.18-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
c06efdbec225394a156860a4f571dd59 libpng-1.4.18-x86_64-1_slack14.1.txz

Slackware -current package:
6f2e6e7f5f8c3760a372cc9ae3130060 l/libpng-1.6.20-i586-1.txz

Slackware x86_64 -current package:
8be8af75ec81e9463adf345c0bf48432 l/libpng-1.6.20-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.4.18-i486-1_slack14.1.txz

mozilla-firefox (SSA:2015-349-03)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.5.0esr-x86_64-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-firefox-38.5.0esr-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-firefox-38.5.0esr-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-43.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-43.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
39da55ece856a5538cf79ec918fb243f mozilla-firefox-38.5.0esr-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
4ec7096e26027845217966bc00bdfda2 mozilla-firefox-38.5.0esr-x86_64-1_slack14.1.txz

Slackware -current package:
e0dff689596f0fd1e8f43ffdba95a98d xap/mozilla-firefox-43.0-i586-1.txz

Slackware x86_64 -current package:
49636e80a7d8799aee87740e978e388a xap/mozilla-firefox-43.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-38.5.0esr-i486-1_slack14.1.txz

openssl (SSA:2015-349-04)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193).
Certificate verify crash with missing PSS parameter (CVE-2015-3194).
X509_ATTRIBUTE memory leak (CVE-2015-3195).
Race condition handling PSK identify hint (CVE-2015-3196).
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794).
For more information, see:
https://openssl.org/news/secadv_20151203.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
(* Security fix *)
patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz
0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz
122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz
2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz
483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz
b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz
17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz
52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz
156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz
fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz
bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages:
27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz
940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages:
8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz
87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz