Slackware 1078 Published by

The following updates has been released for Slackware Linux:

curl (SSA:2017-279-01)
openjpeg (SSA:2017-279-02)
xorg-server (SSA:2017-279-03)



curl (SSA:2017-279-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.56.0-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
libcurl may read outside of a heap allocated buffer when doing FTP.
For more information, see:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.56.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.56.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.56.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.56.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.56.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.56.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.56.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.56.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
880c7281862df00ffe344295bd422f7a curl-7.56.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
6025ce06e93ddf6520f5bc731ff0888d curl-7.56.0-x86_64-1_slack14.0.txz

Slackware 14.1 package:
0d887113412626fcc3f4fefa72456a6c curl-7.56.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
1d99e50e4a8f0ea7efe4784fb0b68ac8 curl-7.56.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
4130d13192b46d033d7d7931628733d5 curl-7.56.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
de3bf8673814b9a4f07b04de8719357a curl-7.56.0-x86_64-1_slack14.2.txz

Slackware -current package:
80d914f7e63eaef96538ae032227dfea n/curl-7.56.0-i586-1.txz

Slackware x86_64 -current package:
19b32807404f534a5ce33cd0a3f31a01 n/curl-7.56.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg curl-7.56.0-i586-1_slack14.2.txz

openjpeg (SSA:2017-279-02)

New openjpeg packages are available for Slackware 14.2 and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues which may lead to a denial of service
or possibly remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openjpeg-2.3.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/openjpeg-2.3.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/openjpeg-2.3.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 package:
c78cde70d1a1747d2f4cf426938ab9c3 openjpeg-2.3.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
5f835fa6479eb3090d4268fac1e5205e openjpeg-2.3.0-x86_64-1_slack14.2.txz

Slackware -current package:
c7e3989424543c80b46a80ae428bc8c5 l/openjpeg-2.3.0-i586-1.txz

Slackware x86_64 -current package:
55bb3a432bed62fcf69c5a33f86529f6 l/openjpeg-2.3.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg openjpeg-2.3.0-i586-1_slack14.2.txz

xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz: Rebuilt.
This update fixes two security issues:
Xext/shm: Validate shmseg resource id, otherwise it can belong to a
non-existing client and abort X server with FatalError "client not
in use", or overwrite existing segment of another existing client.
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13723
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz: Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-4_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-4_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-5_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-5_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-4_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.4-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
7992d91e05b7888845f3a3c75194ca4e xorg-server-1.12.4-i486-4_slack14.0.txz
0701a7bb89d14c0eb04e0f20bfc2eb5c xorg-server-xephyr-1.12.4-i486-4_slack14.0.txz
7246c52a663c0e14bb73814f6ef8a0f4 xorg-server-xnest-1.12.4-i486-4_slack14.0.txz
d7dcf92cfe38f890e0801e0dc7b1247c xorg-server-xvfb-1.12.4-i486-4_slack14.0.txz

Slackware x86_64 14.0 packages:
f1629560ee97f40e77caf09936e3901d xorg-server-1.12.4-x86_64-4_slack14.0.txz
1e43220cca3b7bff7323985557d2d9f4 xorg-server-xephyr-1.12.4-x86_64-4_slack14.0.txz
0b7deb02ac2a65a5bf5c626781de7115 xorg-server-xnest-1.12.4-x86_64-4_slack14.0.txz
a7b1e5a61e140dd773de748e8798a669 xorg-server-xvfb-1.12.4-x86_64-4_slack14.0.txz

Slackware 14.1 packages:
dd9c442c38ce7907ebe3ce4c03f550ea xorg-server-1.14.3-i486-5_slack14.1.txz
b5080cc5047fd311fa66c100117ce84d xorg-server-xephyr-1.14.3-i486-5_slack14.1.txz
d85416e48fe4bda5a573b23c820cdb4f xorg-server-xnest-1.14.3-i486-5_slack14.1.txz
90980d1f2335fb6efe33d0c717e80b72 xorg-server-xvfb-1.14.3-i486-5_slack14.1.txz

Slackware x86_64 14.1 packages:
f06a124a5452df626e8537938ff42377 xorg-server-1.14.3-x86_64-5_slack14.1.txz
e1e1fa0c7989b8b1aae5989f29b730b0 xorg-server-xephyr-1.14.3-x86_64-5_slack14.1.txz
a0830913185532efe2f8d42d2cd7b703 xorg-server-xnest-1.14.3-x86_64-5_slack14.1.txz
31ee2a54dfb2dfb4ef165455994e943d xorg-server-xvfb-1.14.3-x86_64-5_slack14.1.txz

Slackware 14.2 packages:
b1309bf76678749b0f353ab786eac4f9 xorg-server-1.18.3-i586-4_slack14.2.txz
b3e4de152de501ef28d0d638f2c63ca0 xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz
325aee76a2fb475b5d2b85a923db5c75 xorg-server-xnest-1.18.3-i586-4_slack14.2.txz
78e3e9a598888d6a0971744fd734687c xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz

Slackware x86_64 14.2 packages:
a62e18070d91f19da8d847de732a0a92 xorg-server-1.18.3-x86_64-4_slack14.2.txz
f701943b0097def2d5ca527916220c94 xorg-server-xephyr-1.18.3-x86_64-4_slack14.2.txz
aa56252779925f47f2174c2792e14ade xorg-server-xnest-1.18.3-x86_64-4_slack14.2.txz
507ff04d45b120df461d9c24b0df1cbd xorg-server-xvfb-1.18.3-x86_64-4_slack14.2.txz

Slackware -current packages:
386ba989276aafd4d0c0c1e6cf991a0d x/xorg-server-1.19.4-i586-1.txz
37523585a8551808cc674eaa321636df x/xorg-server-xephyr-1.19.4-i586-1.txz
47e6944988f69a709a1c72792ae1c998 x/xorg-server-xnest-1.19.4-i586-1.txz
02e911fc786cac11d70c6273db25c628 x/xorg-server-xvfb-1.19.4-i586-1.txz

Slackware x86_64 -current packages:
1ccb0221b7603c4db7f8d16ebb3fd027 x/xorg-server-1.19.4-x86_64-1.txz
e2498dbbd9775508681ee7b6fdf1992b x/xorg-server-xephyr-1.19.4-x86_64-1.txz
a0550c5d304dedb5fa9a631f7508f399 x/xorg-server-xnest-1.19.4-x86_64-1.txz
9290dd947843f9611af59d1a7814923a x/xorg-server-xvfb-1.19.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz