Wednesday, March 9, 2016

Security Update: samba, firefox, php

Three security vulnerabilities were released yesterday:
  • PHP: Upgraded to 5.6.19 for Slackware 14.0 and newer
  • Mozilla Firefox: Upgraded to 38.7.0 for Slackware 14.1 and 45.0 for current
  • Samba: Upgraded to 4.1.23 for Slackware 14.1 and 4.3.6 for current
As for current development, there were some bumps for many packages in all categories. Here's the complete changelog for yesterday's update:

Tue Mar 8 20:30:19 UTC 2016
l/shared-mime-info-1.6-i586-1.txz: Upgraded.
n/samba-4.3.6-i586-1.txz: Upgraded.
       This update fixes bugs, and two security issues:
       Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).
       Out-of-bounds read in internal DNS server (CVE-2016-0771).
       For more information, see:
       (* Security fix *)
xap/mozilla-firefox-45.0-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       (* Security fix *)
Tue Mar 8 01:54:33 UTC 2016
A few more updates. Thanks to Robby Workman for prepping most of
the minor version bumps.
a/acpid-2.0.26-i586-1.txz: Upgraded.
a/ed-1.13-i586-1.txz: Upgraded.
a/hwdata-0.284-noarch-1.txz: Upgraded.
a/lvm2-2.02.145-i586-1.txz: Upgraded.
a/pciutils-3.4.1-i586-1.txz: Upgraded.
ap/cups-filters-1.8.2-i586-1.txz: Upgraded.
ap/diffstat-1.60-i586-1.txz: Upgraded.
ap/enscript-1.6.6-i586-1.txz: Upgraded.
ap/foomatic-filters-4.0.17-i486-1.txz: Removed.
       The cups-filters package contains these programs.
ap/lxc-1.1.5-i586-3.txz: Rebuilt.
       Added modified versions of a few init scripts instead of having the
       lxc-slackware template try to patch them (which invariably led to the
       template breaking every time any of the other files were changed).
ap/man-pages-4.04-noarch-1.txz: Upgraded.
ap/sysstat- Upgraded.
d/binutils-2.26-i586-3.txz: Rebuilt.
       Rebuilt with --enable-install-libiberty, since the binutils version of
       libiberty.a will be built with -fPIC where needed.
d/cscope-15.8b-i586-1.txz: Upgraded.
d/gcc-5.3.0-i586-3.txz: Rebuilt.
       Rebuilt with --disable-install-libiberty.
d/gcc-g++-5.3.0-i586-3.txz: Rebuilt.
d/gcc-gfortran-5.3.0-i586-3.txz: Rebuilt.
d/gcc-gnat-5.3.0-i586-3.txz: Rebuilt.
d/gcc-go-5.3.0-i586-3.txz: Rebuilt.
d/gcc-java-5.3.0-i586-3.txz: Rebuilt.
d/gcc-objc-5.3.0-i586-3.txz: Rebuilt.
d/pkg-config-0.29.1-i586-1.txz: Upgraded.
d/python-setuptools-20.1.1-i586-1.txz: Upgraded.
l/LibRaw-0.17.1-i586-1.txz: Upgraded.
l/aspell- Upgraded.
l/fribidi-0.19.7-i586-1.txz: Upgraded.
l/fuse-2.9.5-i586-1.txz: Upgraded.
l/gtk+2-2.24.30-i586-1.txz: Upgraded.
l/gvfs-1.26.3-i586-1.txz: Upgraded.
l/libgsf-1.14.36-i586-1.txz: Upgraded.
l/libnl3-3.2.27-i586-1.txz: Upgraded.
l/libsecret-0.18.4-i586-1.txz: Upgraded.
l/libwpg-0.3.1-i586-1.txz: Upgraded.
l/mpfr-3.1.4-i586-1.txz: Upgraded.
l/pycurl-7.43.0-i586-1.txz: Upgraded.
l/v4l-utils-1.10.0-i586-1.txz: Upgraded.
n/lftp-4.6.5-i586-1.txz: Upgraded.
n/nettle-3.2-i586-1.txz: Upgraded.
n/netwatch-1.3.1_2-i586-1.txz: Upgraded.
n/openssh-7.2p1-i586-1.txz: Upgraded.
       Thanks to Alan Brantley for updating the libwrap patch.
n/p11-kit-0.23.2-i586-1.txz: Upgraded.
n/php-5.6.19-i586-1.txz: Upgraded.
       This release fixes bugs and security issues.
       For more information, see:
       (* Security fix *)
x/libdrm-2.4.67-i586-1.txz: Upgraded.
x/libva-1.6.2-i586-1.txz: Upgraded.
x/libva-intel-driver-1.6.2-i586-1.txz: Upgraded.
x/xorg-server-1.18.1-i586-2.txz: Rebuilt.
       Applied a patch to fix crashes when making MPlayer (and some other video
       players) go fullscreen after a resume. Thanks to orbea.
x/xorg-server-xephyr-1.18.1-i586-2.txz: Rebuilt.
x/xorg-server-xnest-1.18.1-i586-2.txz: Rebuilt.
x/xorg-server-xvfb-1.18.1-i586-2.txz: Rebuilt.
xap/geeqie-1.2.1-i586-2.txz: Rebuilt.
       Patched to fix crashes and high CPU usage when used with modern versions
       of GTK+. Thanks to Jas for pointing out the patch in upstream git.
extra/bash-completion/bash-completion-2.2-noarch-1.txz: Upgraded.