Posts

Showing posts from June, 2014

Multiple Security Updates

Slackware has issued 5 security advisories today, accumulated from upstream releases on various projects. They are:
GnuPG: Upgraded to 1.4.17 and backported back to Slackware 13.0 to fix a denial of service using garbled compressed data packets. GnuPG2: Upgraded to 2.0.24 to stop a denial of service using
garbled compressed data packets which can be used to put gpg into an  infinite loop. This update is backported back to Slackware 13.37Samba: Upgraded to 3.6.24 for Slackware 14.0 and 4.1.9 for Slackware 14.1 and current to bring fixes and security issues which can cause a denial of service, and reveal potentially private server informationSeamonkey: Upgraded to 2.26.1 for Slackware 14.0, 14.1, and currentBind: Upgraded to 9.8.7_P1 for Slackware 13.0, 13.1, and 13.37, 9.9.5_P1 for Slackware 14.0, 14.1, and Current. There's also a new package in testing for Bind 9.10.0_P2. For Slackware-Current, there are two additional packages: man (rebuilt to move config to /etc) and  man-pages up…

Slow Pace of Current Progress

It's mid June and the development for the next Slackware release is still slow without significant changes over packages. Pat only updates small number of packages which is considered safe without breaking other applications besides security updates.

The latest changes including rebuilding ncurses to apply upstream patch which should fixed a screen problem (reported in LQ), rebuilding yptools to fix non-changeable password in yppasswd, and upgrading xscreensaver to 5.29.

Security Updates: Mozilla Thunderbird

Following Firefox update in -Stable, Thunderbird is now updated to 24.6.0 in Slackware 14.1 and -Current. Slackware-Current also updated Firefox to 30.0 and dddrescue to 1.18.1.

There are no big changes in basic toolchains and packages which usually gets upgraded on the very early stage of development.

KDE Maintenance Updates: 4.13.2 Released

KDE Team has released another monthly maintenance release for 4.13.x branch: KDE 4.13.2. This release brings more bug fixes and translations updates, along with updated Plasma Workspaces 4.11.10.

This release incorporated more than 40 bug fixes across all modules, including improvements to Personal Information Management suite Kontact, Umbrello UML Modeller, the Desktop search functionality, web browser Konqueror and the file manager Dolphin. More info taken from KDE's announcement:
Additional and noteworthy: this release of KDE Applications includes a number of important fixes for Kopete: a decrease in the exit time of Kopete with enabled statistics plugin, a fix for the compilation of jabber libjingle for non x86 architectures and another fix for voice call support in the jabber libjingle library. Without this last fix, voice calls worked only with the old Google Talk windows jingle client. Now after applying the patches it was tested with GMail web plugin, old Google Ta…

PHP Security Update

PHP Package has been updated to the latest version for all supported Slackware release to fix security vulnerabilities, including a possible denial of service, and an issue where insecure default permissions on the FPM socket may allow local users to run arbitrary code as the apache user.

Slackware 13.0 up to 13.37 will get PHP 5.3.28 update while 14.0 and newer will get PHP 5.4.29

Multiple Security Advisories: OpenSSL, Sendmail, GnuTLS, and Libtasn1

There are multiple security fixes released today and they were backported back to Slackware 13.0 whenever possible:
libtasn1 is upgraded to 2.1.4 for Slackware 14.0 and 3.6 for Slackware 14.1 and Slackware-Currentsendmail is upgraded to 8.14.9 for Slackware 13.0 and newergnutls is upgraded to 2.8.4 for Slackware 13.0, 2.8.6 for Slackware 13.1, 2.10.5 for Slackware 13.37, 3.0.32 for Slackware 14.0, 3.1.25 for Slackware 14.1, and 3.2.5 for Slackware-Current.openssl is upgraded to 0.9.8za for Slackware 13.0, 13.1, and 13.37, 1.0.1h for Slackware 14.0 and newer For Slackware-Current, there are additional packages:
nano is upgraded to 2.3.4irssi is upgraded to 0.8.16

Security Update: MariaDB

After two weeks without any updates, Slackware development and maintenance phase continues and issued one security advisory for mariadb for Slackware 14.1 and current users (now upgraded to 5.5.37). This fixed many security advisories released by CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440  On -current, several new changes has been introduced, such as:
Linux Kernel 3.14.5GCC 4.8.3nano 2.3.3 Also there were 2 packages gets rebuilt:
gawk: remove symlink and compress man pagemake:  Patched to fix a bug with pa…