Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 06 Jun 2022, 15:23


04.06.2022.

Sveži pidgin paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/pidgin-2.14.10-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://www.pidgin.im/posts/2022-06-2.14.10-released/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 Jun 2022, 16:49


08.06.2022.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/httpd-2.4.54-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
  Information Disclosure in mod_lua with websockets.
  mod_sed denial of service.
  Denial of service in mod_lua r:parsebody.
  Read beyond bounds in ap_strcmp_match().
  Read beyond bounds via ap_rwrite().
  Read beyond bounds in mod_isapi.
  mod_proxy_ajp: Possible request smuggling.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.54
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Jun 2022, 19:53


13.06.2022.

Sveži php paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/php-7.4.30-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 26 Jun 2022, 22:33


22.06.2022.

Sveži openssl paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/openssl-1.1.1p-i586-1_slack15.0.txz:  Upgraded.
  In addition to the c_rehash shell command injection identified in
  CVE-2022-1292, further circumstances where the c_rehash script does not
  properly sanitise shell metacharacters to prevent command injection were
  found by code review.
  When the CVE-2022-1292 was fixed it was not discovered that there
  are other places in the script where the file names of certificates
  being hashed were possibly passed to a command executed through the shell.
  For more information, see:
    https://www.openssl.org/news/secadv/20220621.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1p-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Jul 2022, 14:42


28.06.2022.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/curl-7.84.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Set-Cookie denial of service.
  HTTP compression denial of service.
  Unpreserved file permissions.
  FTP-KRB bad message verification.
  For more information, see:
    https://curl.se/docs/CVE-2022-32205.html
    https://curl.se/docs/CVE-2022-32206.html
    https://curl.se/docs/CVE-2022-32207.html
    https://curl.se/docs/CVE-2022-32208.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
  (* Security fix *)
Sveži mozilla-firefox paketi za Slackware 15 i -current:

Code: Select all

patches/packages/mozilla-firefox-91.11.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-25/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
Sveži openssl paketi za Slackware 14.2:

Code: Select all

patches/packages/openssl-1.0.2u-i586-4_slack14.2.txz:  Rebuilt.
  We're sending out the Slackware 14.2 updates again because the package
  build number wasn't incremented which caused slackpkg to not pick up the
  updates. It's been bumped and the packages rebuilt - otherwise there are
  no new changes. Thanks to John Jenkins for the report.
  For reference, here's the information from the previous advisory:
  In addition to the c_rehash shell command injection identified in
  CVE-2022-1292, further circumstances where the c_rehash script does not
  properly sanitise shell metacharacters to prevent command injection were
  found by code review.
  When the CVE-2022-1292 was fixed it was not discovered that there
  are other places in the script where the file names of certificates
  being hashed were possibly passed to a command executed through the shell.
  For more information, see:
    https://www.openssl.org/news/secadv/20220621.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2u-i586-4_slack14.2.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Jul 2022, 14:43


30.06.2022.

Sveži mozilla-thunderbird paketi za Slackware 15 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-91.11.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Jul 2022, 19:22


05.07.2022

Sveži openssl paketi za Slackware 15 i -current:

Code: Select all

patches/packages/openssl-1.1.1q-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Heap memory corruption with RSA private key operation.
  AES OCB fails to encrypt some bytes.
  For more information, see:
    https://www.openssl.org/news/secadv/20220705.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1q-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Jul 2022, 19:23


07.07.2022.

Sveži gnupg2 paketi za Slackware 15 i -current:

Code: Select all

patches/packages/gnupg2-2.2.36-i586-1_slack15.0.txz:  Upgraded.
  g10: Fix possibly garbled status messages in NOTATION_DATA.  This bug could
  trick GPGME and other parsers to accept faked status lines.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2022, 13:24


10.07.2022.

Sveži wavpack paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/wavpack-5.5.0-i586-1_slack15.0.txz:  Upgraded.
  WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially
  crafted DSD file causes an out-of-bounds read exception.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2022, 13:26


11.07.2022.

Sveži seamonkey paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/seamonkey-2.53.13-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.13
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 29 guests