Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Aug 2021, 09:36


11.03.20021.

Sveži git paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/git-2.17.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  On case-insensitive file systems with support for symbolic links, if Git is
  configured globally to apply delay-capable clean/smudge filters (such as Git
  LFS), Git could be fooled into running remote code during a clone. Credit for
  finding and fixing this vulnerability goes to Matheus Tavares, helped by
  Johannes Schindelin.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300
  (* Security fix *)
13.03.2021.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

patches/packages/linux-4.4.261/*:  Upgraded.
  These updates fix various bugs and security issues, including the recently
  announced iSCSI vulnerabilities allowing local privilege escalation.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365
  (* Security fix *)
27.03.2021.

Sveži xterm paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/xterm-367-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  xterm before Patch #366 allows remote attackers to execute arbitrary code or
  cause a denial of service (segmentation fault) via a crafted UTF-8 combining
  character sequence.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135
  (* Security fix *)
31.03.2021.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.76.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  Authentication Bypass by Spoofing.
  Exposure of Private Personal Information to an Unauthorized Actor.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876
  (* Security fix *)
Sveži seamonkey paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/seamonkey-2.53.7-i686-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.7
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Aug 2021, 09:40


12.04.2021.

Sveži dnsmasq i irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/dnsmasq-2.85-i586-1_slack14.2.txz:  Upgraded.
  Use random source ports where possible if source addresses/interfaces in use.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3448
  (* Security fix *)

Code: Select all

patches/packages/irssi-1.2.3-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  See the NEWS file for details.
  (* Security fix *)
20.04.2021.

Sveži seamonkey paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/seamonkey-2.53.7.1-i686-1_slack14.2.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.7.1
  (* Security fix *)
28.04.2021.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.11.31-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  A specially crafted GSS-TSIG query could cause a buffer overflow in the
  ISC implementation of SPNEGO.
  named crashed when a DNAME record placed in the ANSWER section during DNAME
  chasing turned out to be the final answer to a client query.
  Insufficient IXFR checks could result in named serving a zone without an SOA
  record at the apex, leading to a RUNTIME_CHECK assertion failure when the
  zone was subsequently refreshed. This has been fixed by adding an owner name
  check for all SOA records which are included in a zone transfer.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Aug 2021, 09:45


15.05.2021.

Sveži libxml2 paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libxml2-2.9.12-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a denial-of-service security issue.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
  (* Security fix *)
19.05.2021.

Sveži libX11 paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/libX11-1.7.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes missing request length checks in libX11 that can lead to
  the emission of extra X protocol requests to the X server.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2021-May/003088.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535
  (* Security fix *)
23.05.2021.

Sveži expat paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/expat-2.4.1-i586-1_slack14.2.txz:  Upgraded.
  This update provides new mitigations against the "billion laughs" denial
  of service attack.
  For more information, see:
    https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340
  (* Security fix *)
25.05.2021.

Sveži gnutls paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/gnutls-3.6.16-i586-1_slack14.2.txz:  Upgraded.
  Fixed potential miscalculation of ECDSA/EdDSA code backported from Nettle.
  In GnuTLS, as long as it is built and linked against the fixed version of
  Nettle, this only affects GOST curves.  [CVE-2021-20305]
  Fixed potential use-after-free in sending "key_share" and "pre_shared_key"
  extensions. When sending those extensions, the client may dereference a
  pointer no longer valid after realloc. This happens only when the client
  sends a large Client Hello message, e.g., when HRR is sent in a resumed
  session previously negotiated large FFDHE parameters, because the initial
  allocation of the buffer is large enough without having to call realloc
  (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305
  (* Security fix *)
26.05.2021.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.77.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  schannel cipher selection surprise
  TELNET stack contents disclosure
  TLS session caching disaster
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22297
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22298
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901
  (* Security fix *)
29.05.2021.

Sveži dhcp paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/dhcp-4.4.2_P1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Corrected a buffer overwrite possible when parsing hexadecimal
  literals with more than 1024 octets. Reported by Jon Franklin from Dell,
  and also by Pawel Wieczorkiewicz from Amazon Web Services. [Gitlab #182]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Aug 2021, 09:48


07.06.2021.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.48-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_http2: Fix a potential NULL pointer dereference.
  Unexpected <Location> section matching with 'MergeSlashes OFF'.
  mod_auth_digest: possible stack overflow by one nul byte while validating
  the Digest nonce.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service with a malicious backend
  server and SessionHeader.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
  negotiation.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
  (* Security fix *)
Sveži polkit paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/polkit-0.113-i586-3_slack14.2.txz:  Rebuilt.
  This update includes a mitigation for local privilege escalation using
  polkit_system_bus_name_get_creds_sync().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Aug 2021, 09:50


20.07.2021.

Sveži kernel paketi za Slackware 14.2:

Code: Select all

Wed Jul 21 05:30:44 UTC 2021
patches/packages/linux-4.4.276/*:  Upgraded.
  These updates fix various bugs and security issues, including the recently
  announced local privilege escalation vulnerability in the filesystem layer
  (CVE-2021-33909).
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
    Fixed in 4.4.262:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19060
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20261
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232
    Fixed in 4.4.263:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28972
    Fixed in 4.4.264:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688
    Fixed in 4.4.265:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483
    Fixed in 4.4.266:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
    Fixed in 4.4.267:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25673
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
    Fixed in 4.4.269:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916
    Fixed in 4.4.270:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
    Fixed in 4.4.271:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399
    Fixed in 4.4.272:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587
    Fixed in 4.4.274:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
    Fixed in 4.4.276:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909
  (* Security fix *)
21.07.2021.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.78.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  CURLOPT_SSLCERT mixup with Secure Transport
  TELNET stack contents disclosure again
  Bad connection reuse due to flawed path name checks
  Metalink download sends credentials
  Wrong content via metalink not discarded
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22926
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Sep 2021, 19:30


31.08.2021.

Sveži ntfs-3g paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/ntfs-3g-2021.8.22-i586-1_slack14.2.txz:  Upgraded.
  Shared library .so-version bump.
  Fixed vulnerabilities that may allow an attacker using a maliciously
  crafted NTFS-formatted image file or external storage to potentially
  execute arbitrary privileged code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33285
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35269
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35268
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33289
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33286
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35266
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33287
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35267
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39251
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39252
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39253
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39254
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39255
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39256
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39257
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39258
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39259
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39260
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39261
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39262
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39263
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Sep 2021, 16:48


15.09.2021.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.79.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  clear the leftovers pointer when sending succeeds.
  do not ignore --ssl-reqd.
  reject STARTTLS server response pipelining.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Sep 2021, 16:49


16.09.2021.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.49-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
  core: ap_escape_quotes buffer overflow
  mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
  core: null pointer dereference on malformed request
  mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 22 Sep 2021, 09:00


21.09.2021.

Sveži alpine paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/alpine-2.25-i586-1_slack14.2.txz:  Upgraded.
  Fixed a denial-of-service security issue where untagged responses from an
  IMAP server are accepted before STARTTLS.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38370
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3073
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 10 Feb 2022, 23:22


05.10.2021.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.50-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  Fixed null pointer dereference in h2 fuzzing.
  Fixed path traversal and file disclosure vulnerability.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41524
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
  (* Security fix *)
07.10.2021.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/httpd-2.4.51-i586-1_slack14.2.txz:  Upgraded.
  SECURITY: CVE-2021-42013: Path Traversal and Remote Code
  Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
  fix of CVE-2021-41773) (cve.mitre.org)
  It was found that the fix for CVE-2021-41773 in Apache HTTP
  Server 2.4.50 was insufficient.  An attacker could use a path
  traversal attack to map URLs to files outside the directories
  configured by Alias-like directives.
  If files outside of these directories are not protected by the
  usual default configuration "require all denied", these requests
  can succeed. If CGI scripts are also enabled for these aliased
  pathes, this could allow for remote code execution.
  This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
  earlier versions.
  Credits: Reported by Juan Escobar from Dreamlab Technologies,
  Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
  (* Security fix *)
27.10.2021.

Sveži bind paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/bind-9.11.36-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and the following security issue:
  The "lame-ttl" option is now forcibly set to 0. This effectively disables
  the lame server cache, as it could previously be abused by an attacker to
  significantly degrade resolver performance.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest