Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Mar 2024, 17:19


26. II 2024.

Sveži openjpeg paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/openjpeg-2.5.1-i586-1_slack15.0.txz:  Upgraded.
  Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
  sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
  this to execute arbitrary code with the permissions of the application
  compiled against openjpeg.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-3575
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Mar 2024, 17:19


28. II 2024.

Sveži wpa_supplicant paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/wpa_supplicant-2.10-i586-2_slack15.0.txz:  Rebuilt.
  Patched the implementation of PEAP in wpa_supplicant to prevent an
  authentication bypass. For a successful attack, wpa_supplicant must be
  configured to not verify the network's TLS certificate during Phase 1
  authentication, and an eap_peap_decrypt vulnerability can then be abused
  to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
  Success packet instead of starting Phase 2. This allows an adversary to
  impersonate Enterprise Wi-Fi networks.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52160
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 Mar 2024, 23:19


05. III 2024.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.8.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
    https://www.cve.org/CVERecord?id=CVE-2024-1936
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 11 Mar 2024, 23:20


07. III 2024.

Sveži ghostscript paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txz:  Rebuilt.
  Fixes security issues:
  A vulnerability was identified in the way Ghostscript/GhostPDL called
  tesseract for the OCR devices, which could allow arbitrary code execution.
  Thanks to J_W for the heads-up.
  Mishandling of permission validation for pipe devices could allow arbitrary
  code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:55


13. III 2024.

Sveži expat paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/expat-2.6.2-i586-1_slack15.0.txz:  Upgraded.
  Prevent billion laughs attacks with isolated use of external parsers.
  For more information, see:
    https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8
    https://www.cve.org/CVERecord?id=CVE-2024-28757
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:56


19. III 2024.

Sveži gnutls, mozilla-firefox, mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gnutls-3.8.4-i586-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  libgnutls: Fix side-channel in the deterministic ECDSA.
  Reported by George Pantelakis (#1516).
  libgnutls: Fixed a bug where certtool crashed when verifying a certificate
  chain with more than 16 certificates. Reported by William Woodruff (#1525)
  and yixiangzhike (#1527).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-28834
    https://www.cve.org/CVERecord?id=CVE-2024-28835
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-115.9.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-13/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-115.9.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:57


20. III 2024.

Sveži python3 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/python3-3.9.19-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  bundled libexpat was updated to 2.6.0.
  zipfile is now protected from the "quoted-overlap" zipbomb.
  tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
  working around file system permission errors.
  For more information, see:
    https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html
    https://www.cve.org/CVERecord?id=CVE-2023-52425
    https://www.cve.org/CVERecord?id=CVE-2024-0450
    https://www.cve.org/CVERecord?id=CVE-2023-6597
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:57


23. III 2024.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz:  Upgraded.
  This update fixes a critical security issue:
  An attacker was able to inject an event handler into a privileged object
  that would allow arbitrary JavaScript execution in the parent process.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-16/
    https://www.cve.org/CVERecord?id=CVE-2024-29944
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:58


24. III 2024.

Sveži emacs paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/emacs-29.3-i586-1_slack15.0.txz:  Upgraded.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 17:58


27. III 2024.

Sveži curl paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/curl-8.7.1-i586-1_slack15.0.txz:  Upgraded.
  This release fixes the following security issues:
  TLS certificate check bypass with mbedTLS.
  HTTP/2 push headers memory-leak.
  QUIC certificate check bypass with wolfSSL.
  Usage of disabled protocol.
  For more information, see:
    https://curl.se/docs/CVE-2024-2466.html
    https://curl.se/docs/CVE-2024-2398.html
    https://curl.se/docs/CVE-2024-2379.html
    https://curl.se/docs/CVE-2024-2004.html
    https://www.cve.org/CVERecord?id=CVE-2024-2466
    https://www.cve.org/CVERecord?id=CVE-2024-2398
    https://www.cve.org/CVERecord?id=CVE-2024-2379
    https://www.cve.org/CVERecord?id=CVE-2024-2004
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest