Slackware 1129 Published by

The following updates has been released for Slackware Linux:

libXres (SSA:2017-291-01)
wpa_supplicant (SSA:2017-291-02)
xorg-server (SSA:2017-291-03)



libXres (SSA:2017-291-01)


New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)
XResQueryClients and (2) XResQueryClientResources functions.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libXres-1.2.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libXres-1.2.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libXres-1.2.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libXres-1.2.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libXres-1.2.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libXres-1.2.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
1253ba59f7e08295d24a434a75faf448 libXres-1.2.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
f42004623a5f42c6280bf540decadb81 libXres-1.2.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
4256978c619753254402fc77ca2fc1fc libXres-1.2.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
2e1e0fea3a504c181e58cb5bfc0cf22a libXres-1.2.0-x86_64-1_slack14.2.txz

Slackware -current package:
9cfb1ab01a0178323c37a518621ff02b x/libXres-1.2.0-i586-1.txz

Slackware x86_64 -current package:
8bcf91141af69be10620e6e4f529b0c5 x/libXres-1.2.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libXres-1.2.0-i586-1_slack14.2.txz

wpa_supplicant (SSA:2017-291-02)


New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.
This update includes patches to mitigate the WPA2 protocol issues known
as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
hijack TCP connections, and to forge and inject packets. This is the
list of vulnerabilities that are addressed here:
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame.
For more information, see:
https://www.krackattacks.com/
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

Slackware 14.1 package:
15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

Slackware 14.2 package:
c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

Slackware -current package:
28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

Slackware x86_64 -current package:
464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

xorg-server (SSA:2017-291-03)


New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz: Rebuilt.
This update fixes integer overflows and other possible security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-5_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-5_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-5_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-6_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-6_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-6_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-5_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-5_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-5_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.5-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.5-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.5-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.5-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.5-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
ee4f90528fba8452ac4b408139d15a8c xorg-server-1.12.4-i486-5_slack14.0.txz
d8e91a703e61ec232cd213fb203841d9 xorg-server-xephyr-1.12.4-i486-5_slack14.0.txz
c1c61f569b84bedfacd1ec4bbae7f568 xorg-server-xnest-1.12.4-i486-5_slack14.0.txz
fbe593fb781e38956ea6e3a2f18a41a8 xorg-server-xvfb-1.12.4-i486-5_slack14.0.txz

Slackware x86_64 14.0 packages:
9828963c75bf1462b4eed4c152928da7 xorg-server-1.12.4-x86_64-5_slack14.0.txz
480a631f0a1d75c473a4e324a43c7f94 xorg-server-xephyr-1.12.4-x86_64-5_slack14.0.txz
a989e04fa0c6c2caca1f52d557f60815 xorg-server-xnest-1.12.4-x86_64-5_slack14.0.txz
2d71d40ceceb34a76b55af5f743b941c xorg-server-xvfb-1.12.4-x86_64-5_slack14.0.txz

Slackware 14.1 packages:
5f9b0c906ec30045e6b29758613d2c05 xorg-server-1.14.3-i486-6_slack14.1.txz
aa1fdecf4ca8706f135454bfaa4be2c7 xorg-server-xephyr-1.14.3-i486-6_slack14.1.txz
bf7b97f60180a3ba8bd456cf532e56c0 xorg-server-xnest-1.14.3-i486-6_slack14.1.txz
bec259851aa1ab066a224bf33ea3f817 xorg-server-xvfb-1.14.3-i486-6_slack14.1.txz

Slackware x86_64 14.1 packages:
63d9afb9c1c9532066fe5f085493d875 xorg-server-1.14.3-x86_64-6_slack14.1.txz
1c7464fc92dea70b7f80233a2ee047d8 xorg-server-xephyr-1.14.3-x86_64-6_slack14.1.txz
bad6772b5b5c8b588ebf3f95d98dc03a xorg-server-xnest-1.14.3-x86_64-6_slack14.1.txz
8faef6f79f1f6fd5249ab7b746d0e4b8 xorg-server-xvfb-1.14.3-x86_64-6_slack14.1.txz

Slackware 14.2 packages:
61c7132d039462d979487e5ed2a611bb xorg-server-1.18.3-i586-5_slack14.2.txz
4d8d3eb2e9d8fce26f0879547e5777ff xorg-server-xephyr-1.18.3-i586-5_slack14.2.txz
6eb112e044c2734667d9e76493ec71f8 xorg-server-xnest-1.18.3-i586-5_slack14.2.txz
cf2749d66863b59d2fd14a6115efa0f3 xorg-server-xvfb-1.18.3-i586-5_slack14.2.txz

Slackware x86_64 14.2 packages:
5fff5415b9ebb8421235a424332e62e6 xorg-server-1.18.3-x86_64-5_slack14.2.txz
35ba4c0335299fbf61d1bd1e6cfdcc37 xorg-server-xephyr-1.18.3-x86_64-5_slack14.2.txz
95c20b04b29755c13d6fa92a2d175ef0 xorg-server-xnest-1.18.3-x86_64-5_slack14.2.txz
f7d95a5fb1d54c987e3d7edcb71dd574 xorg-server-xvfb-1.18.3-x86_64-5_slack14.2.txz

Slackware -current packages:
83a74f6cc1ea6b0fdb4498c7aa72d75f x/xorg-server-1.19.5-i586-1.txz
0be91844d8ceb230b5ba955d6b60bb27 x/xorg-server-xephyr-1.19.5-i586-1.txz
47131515bad9b52fe2d150a01b702ab7 x/xorg-server-xnest-1.19.5-i586-1.txz
52f3f0675addadbbddc2ed19a6bb1087 x/xorg-server-xvfb-1.19.5-i586-1.txz

Slackware x86_64 -current packages:
f6c7fae66c9ecaa208a736985cd3c9e5 x/xorg-server-1.19.5-x86_64-1.txz
7616cd451052e2c2e303a5484b1b1f22 x/xorg-server-xephyr-1.19.5-x86_64-1.txz
3b6ecf3590c330ed3beaad1c29334284 x/xorg-server-xnest-1.19.5-x86_64-1.txz
6eba0b3b6135a16222948d2d05c510b6 x/xorg-server-xvfb-1.19.5-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz