Thursday, March 3, 2016

Security Update: openssl, mailx, php

Three security vulnerabilities were released just now for openssl, mailx, and php. 2 out of 3 applied back to all Slackware releases (13.0 and newer) while php update only applied to Slackware 14.0 and newer. The mailx package was rebuilt to drop SSLv2 support, while for openssl, --enable-ssl2 parameter is still used to avoid breaking ABI thus no need to rebuild lot more packages. However, the weak or vulnerable ciphers were removed on this batch so it's safe.

In -current, some new updates are coming in:
  • kernel-firmware to the latest version from git
  • nano 2.5.3
  • sqlite 3.11.0
  • vim 7.4.1424
  • ruby 2.2.4
  • poppler 0.41.0
  • qca 2.1.1 (remaining qca-* were removed)
  • httpd 2.4.18
  • samba 4.3.5
  • all packages in tcl category were upgraded
  • xf86-video-intel to latest git
  • xrandr 1.5.0
  • xpdf 3.0.4