Chromium, LibreOffice, Pipelight, Flashplayer updates
If you are subscribed to my repository’s RSS feed or if you are using slackpkg+ to keep your Slackware system updated, you will already have noticed and are probably already using the new packages – for the rest of you, here is the harvest of last week.
Chrome and Chromium were updated to version 33.0, bringing fixes for 28 security issues. The new version number is 33.0.1750.117 to be exact.
The most important fixes (for high-risk vulnerabilities) are:
- [$2000] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
- [$1000] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
- [$3000] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
- [$3000] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
- [$500] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
I have packages ready for the new chromium (Slackware 14.0, 14.1 and -current):
- http://slackware.com/~alien/slackbuilds/chromium/ (primary server)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/chromium/ (my own US mirror)
- http://alien.slackbook.org/slackbuilds/chromium/ (US)
- http://slackware.org.uk/people/alien/slackbuilds/chromium/ (UK)
In the same locations you will also find updated packages for chromium-pepperflash-plugin and chromium-pdf-plugin. Both these packages contain binaries taken from the official Chrome distribution: respectively an Adobe Flash player and a PDF reader plugin. The Flash player is a security update (new version of the Pepper Flash plugin is 184.108.40.206), just like the other Flash player plugins I will mention further down.
LibreOffice 4.2.1 packages for Slackware 14.1 and -current are ready too. The first minor increment in the 4.2 series took only 3 weeks, solving over 100 bugs which were introduced because of the relatively large amount of new code that was added since the prior 4.1 series. You can read more in the ChangeLog for 4.2.1.
Note that I ship my LibreOffice 4.1 and 4.2 packages with additional “libreoffice-dict-<language>” packages, containing dictionary and spellchecker support! If you are still running Slackware 13.37 there’s LibreOffice 3.6.7 for which I also have packages, and users of Slackware 14.0 are served well with LibreOffice 4.1.4 (I will compile packages for 4.1.5 shortly).
- http://www.slackware.com/~alien/slackbuilds/libreoffice/ (master site)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/libreoffice/ (my own US mirror)
- http://repo.ukdw.ac.id/alien-libreoffice/ (Indonesia)
- http://alien.slackbook.org/slackbuilds/libreoffice/ (US)
- http://slackware.org.uk/people/alien/slackbuilds/libreoffice/ (UK)
The new pipelight release brings updates and fixes. More Windows browser plugins are supported, but being able to view Netflix will still be the major benefit for many of its users. Note that the update will also bring you the newest Flash Player version (fixing several security issues as already pointed out when I wrote about Chrome’s PepperFlash update). Together with the newest pipelight, I also created new packages for its wine-pipelight dependency, bringing the version of Wine to 1.7.13.
Let me remind you that in my original post about pipelight, you will find full installation and configuration instructions, as well as a troubleshooting section.
Linux Flash Player
Of course there is the normal¨ Flash Player plugin for Linux as well – it received an update from Adobe just like its Chrome and Windows pendants. That same Adobe security bulletin mentions that the new version of the Linux browser plugin is 220.127.116.111. Package location:
Have fun! Eric