Slackware 1126 Published by

The following updates has been released for Slackware Linux:

curl (SSA:2018-249-01)
ghostscript (SSA:2018-249-02)
mozilla-firefox (SSA:2018-249-03)
Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04)



curl (SSA:2018-249-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded.
This update fixes an NTLM password overflow via integer overflow.
For more information, see:
https://curl.haxx.se/docs/CVE-2018-14618.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
d6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
fff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
fe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
e130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz

Slackware -current package:
7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz

Slackware x86_64 -current package:
b96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg curl-7.61.1-i586-1_slack14.2.txz

ghostscript (SSA:2018-249-02)

New ghostscript packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ghostscript-9.24-i586-1_slack14.2.txz: Upgraded.
Patched multiple -dSAFER sandbox bypass vulnerabilities.
Thanks to Tavis Ormandy.
For more information, see:
https://www.ghostscript.com/doc/9.24/News.htm
https://www.kb.cert.org/vuls/id/332928
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ghostscript-9.24-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ghostscript-9.24-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/ghostscript-9.24-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/ghostscript-9.24-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
31db329be5c3d8f4e9180b4a6388532f ghostscript-9.24-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c46941538e179ca8351596f2877bd5f7 ghostscript-9.24-x86_64-1_slack14.2.txz

Slackware -current package:
575de8c5b4f34bf362bec25dd7044ecc ap/ghostscript-9.24-i586-1.txz

Slackware x86_64 -current package:
c5d7538a368994111f3f9e4d7f024721 ap/ghostscript-9.24-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ghostscript-9.24-i586-1_slack14.2.txz

mozilla-firefox (SSA:2018-249-03)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.2.0esr-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.2.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.2.0esr-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
32278345f4b7a9cb0ff02c3bc8e04abb mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz

Slackware x86_64 14.2 package:
481c7228e9aa9254b5a2fa4578093f81 mozilla-firefox-60.2.0esr-x86_64-1_slack14.2.txz

Slackware -current package:
3d3c927841c9f031f8d8ec547e94ec8f xap/mozilla-firefox-60.2.0esr-i686-1.txz

Slackware x86_64 -current package:
26e23f3fefe69405c01edffcedb6034b xap/mozilla-firefox-60.2.0esr-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-60.2.0esr-i686-1_slack14.2.txz

Slackware 14.2 mozilla-thunderbird (SSA:2018-249-04)

New mozilla-thunderbird packages are available for Slackware 14.2 to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-60.0-i686-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-60.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-60.0-i686-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-60.0-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
e7308af192cfb4c5413b1c213d3aa563 mozilla-thunderbird-60.0-i686-1_slack14.2.txz

Slackware x86_64 14.2 package:
a25acbbc4045f0d584e3a792d6d53d9d mozilla-thunderbird-60.0-x86_64-1_slack14.2.txz

Slackware -current package:
3f49e6ae783a0b00f5c8d3ffea30ba59 xap/mozilla-thunderbird-60.0-i686-2.txz

Slackware x86_64 -current package:
6c101f5b87b6ea889fd591cb6df9a96d xap/mozilla-thunderbird-60.0-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-60.0-i686-1_slack14.2.txz