Showing posts from July, 2015

More security updates: bind, httpd, and php

Three security updates has been released in the last two updates. They were bind which is now upgraded to 9.10.2-P3, httpd to 2.4.16 and php to 5.6.11 in current (stable might have different version number).

You might notice that Pat is now building some packages in i586 instead of the old i486 for 32 bit machine. That was intentional and the reason was some mesa drivers weren't buildable in i486 opcode anymore, thus a change in 586 is necessary.

KDE Updates: 5_15.07

Eric Hameleers has just pushed his latest work on KDE 5 sets which is composed of KDE Framework 5.12.0, KDE Plasma 5.3.2, and KDE Applications 15.04.3. The updates to Applications also contain the usual KDE 4 Long Term Support (LTS) updates for kdelibs, kdepimlibs, kdepim, kdepim-runtime and kde-workplace.

There are no major or new framework on this release, just pure bug fixing and bringing more stability on the packages along with more translations updates.

As always, you can grab the packages from the following mirror sites: URI: rsync:// URI: rsync:// URI: rsync:// URI: rsync:// Remember that this packages are intended for Slackware-Current users. Don't install this on Slackware 14…

security update: openssl

Yesterday, OpenSSL team announced a critical vulnerability exists on several OpenSSL version and also proving a new release. Pat has pushed the update this morning and you should upgrade this package as soon as possible.

Here are the description about the vulnerabilities:

Alternative chains certificate forgery (CVE-2015-1793). During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. Th…

security update: cups, cups-filter, bind, ntp, firefox

After almost a month without any updates, finally some new packages were pushed both to -stable and -current to fix security vulnerabilities as well as fix things or just a bump to the latest version. Here are the recap:
cups, cups-filter: Upgraded to 2.0.3 and 1.0.71gstreamer1, gst-plugins-*: Upgraded to 1.4.5python: Upgraded to 2.7.10bind, ntp, firefox: Upgraded to 9.10.2_P2, 4.2.8P3, and 39.0glade3, gst-plugins-base0, notify-python, pygtk, scim-hangul: Rebuilt to remove remaining libpng14 referencepidgin: Patched to use gstreamer1nano, screen, lm_sensors: Upgraded to 2.4.2, 4.3.1, and 3.3.5New config for Linux Kernel 4.1.x (LTS release) in testing/