[slackware-security] libksba (SSA:2022-354-01)
New libksba packages are available for Slackware 14.2, 15.0, and -current to fix a security issue
Läs mer...Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libksba-1.6.3-i586-1_slack15.0.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
+--------------------------+
Redigerad: 2022-12-21 21:33:06 av: mdkdio
Batch batch batch...
6.1.1-rc1 med 25 uppdateringar/ändringar sedan 6.1
6.0.15-rc1 med 28 uppdateringar/ändringar sedan 6.0.14
5.15.85-rc1 med 17 uppdateringar/ändringar sedan 5.15.84
5.10.161-rc med 18 uppdateringar/ändringar sedan 5.10.160
Ovan listade kärnor är nu släppta
Sun Dec 18 11:24:49 UTC 2022
chromium: updated to 108.0.5359.124 for 64bit (Slackware 14.2 and onwards).
chromium-ungoogled: updated to 108.0.5359.124 for 64bit (Slackware 14.2 and onwards).
Ladda ned paketen ifrån t.ex. slackware.uk
Redigerad: 2022-12-18 09:18:17 av: mdkdio
[slackware-security] samba (SSA:2022-351-01)
New samba packages are available for Slackware 15.0 and -current to fix security issues.
Läs mer...Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/samba-4.15.13-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed
that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue
rc4-hmac encrypted tickets despite the target server supporting better
encryption (eg aes256-cts-hmac-sha1-96).
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.samba.org/samba/security/CVE-2022-45141.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
https://www.cve.org/CVERecord?id=CVE-2022-45141
(* Security fix *)
+--------------------------+
Redigerad: 2022-12-19 20:22:51 av: mdkdio
En liten kernel batch
6.0.14-rc1 med 16 uppdateringar/ändringar sedan 6.0.13
5.15.84-rc1 med 14 uppdateringar/ändringar sedan 5.15.83
5.10.160-rc med 15 uppdateringar/ändringar sedan 5.10.159
5.4.228-rc1 med 9 uppdateringar/ändringar sedan 5.4.227
Ovan listade kärnor släpptes tidigare idag. Länk för nedladdning samt ChangeLog finner du
till höger på sidan som vanligt...
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering