How facing Slackware security breaches?

Introduce yourself, create test postings or talk nonsense
Post Reply
User avatar
icaroperseo
Donor
Posts: 67
Joined: 19. Nov 2014, 01:12
Contact:

How facing Slackware security breaches?

Post by icaroperseo »

Hi, all!

As some will know, I am a newcomer to Slacker way so I still find adapting myself to the environment, but situations like this disturb me a bit...

These last days have been several announcements regarding important safety gaps in various applications same as far as I know have already been resolved in most distributions but on Slackware not yet. Following the official ChangeLog, Slackware has provided security patches until the day March 5 this year (ftp://ftp.osuosl.org/pub/slackware/slac ... ngeLog.txt) leaving pending security patches for applications such as: Mozilla Firefox, SeaMonkey and OpenSSL the latter being the most important. At the moment seems to be no official announcement about it (whether solely to alert indicating that situation or to indicate that they are currently working on it).

The above situation makes me ask the following questions:
  • Is this the natural behavior that follow Slackware developers to deal the security breaches or is it just an exceptional situation?
  • How users we are on our own and therefore we must do what is necessary to solve such problems by ourselves? This question is to know what I must stick.
  • If the answer to the above question is yes, Is it advisable or should make use of solutions like this: https://www.linuxquestions.org/question ... st5337654?? If someone could suggest something better I would greatly appreciate it.
To finish, Honestly I do not want to seem inconsiderate, but as I stated earlier these situations quite confused me!

Thanks in advance.
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: How facing Slackware security breaches?

Post by gapan »

Hi,

Salix is not using the mozilla-firefox packages from slackware, so you don't have to worry about those. We use our own firefox ESR packages and these are up to date.

For openssl, at first glance it is kind of strange that Slackware has not updated the package yet, but if you take a close look at the advisory, you'll see that the openssl versions in slackware (and hence, in salix) have no vulnerability that is rated "High". So, I'm guessing that could be a reason why there is no update.

So, I wouldn't worry about it too much.
Image
Image
User avatar
icaroperseo
Donor
Posts: 67
Joined: 19. Nov 2014, 01:12
Contact:

Re: How facing Slackware security breaches?

Post by icaroperseo »

gapan wrote:Hi,

Salix is not using the mozilla-firefox packages from slackware, so you don't have to worry about those. We use our own firefox ESR packages and these are up to date.

For openssl, at first glance it is kind of strange that Slackware has not updated the package yet, but if you take a close look at the advisory, you'll see that the openssl versions in slackware (and hence, in salix) have no vulnerability that is rated "High". So, I'm guessing that could be a reason why there is no update.

So, I wouldn't worry about it too much.
It's great to know. Thanks gapan!
Post Reply