Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jan 2024, 21:17
22. I 2024.
Sveži postfix paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/postfix-3.6.14-i586-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jan 2024, 21:18
23. I 2024.
Sveži mozilla-firefox i mozilla-thunderbird paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-firefox-115.7.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
Code: Select all
patches/packages/mozilla-thunderbird-115.7.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 03 Feb 2024, 21:10
26. I 2024.
Sveži pam paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/pam-1.6.0-i586-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 03 Feb 2024, 21:11
31. I 2024.
Sveži sendmail paketi za Slackware 15.0 i -current:
Code: Select all
extra/sendmail/sendmail-8.18.1-i586-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 12 Feb 2024, 21:06
04. II 2024.
Sveži libxml2 paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/libxml2-2.11.7-i586-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 12 Feb 2024, 21:07
07. II 2024.
Sveži expat paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/expat-2.6.0-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 12 Feb 2024, 21:07
09. II 2024.
Sveži xpdf paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/xpdf-4.05-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
Fix a deadlock when an object stream's length field is contained in another
object stream. Thanks to Jiahao Liu for the bug report.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2018-7453
https://www.cve.org/CVERecord?id=CVE-2018-16369
https://www.cve.org/CVERecord?id=CVE-2022-36561
https://www.cve.org/CVERecord?id=CVE-2022-41844
https://www.cve.org/CVERecord?id=CVE-2023-2663
https://www.cve.org/CVERecord?id=CVE-2023-2664
https://www.cve.org/CVERecord?id=CVE-2023-3044
https://www.cve.org/CVERecord?id=CVE-2023-3436
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 18 Feb 2024, 22:59
13. II 2024.
Sveži bind i dnsmasq paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/bind-9.16.48-i586-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-6516
https://www.cve.org/CVERecord?id=CVE-2023-6516
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
Code: Select all
patches/packages/dnsmasq-2.90-i586-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Mar 2024, 17:17
20. II 2024.
Sveži mozilla-firefox i libuv paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
Code: Select all
patches/packages/libuv-1.48.0-i586-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Mar 2024, 17:18
21. II 2024.
Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 1 guest