Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Mar 2024, 17:19
26. II 2024.
Sveži openjpeg paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/openjpeg-2.5.1-i586-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 02 Mar 2024, 17:19
28. II 2024.
Sveži wpa_supplicant paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/wpa_supplicant-2.10-i586-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 Mar 2024, 23:19
05. III 2024.
Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-115.8.1-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 11 Mar 2024, 23:20
07. III 2024.
Sveži ghostscript paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txz: Rebuilt.
Fixes security issues:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
Mishandling of permission validation for pipe devices could allow arbitrary
code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:55
13. III 2024.
Sveži expat paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/expat-2.6.2-i586-1_slack15.0.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:56
19. III 2024.
Sveži gnutls, mozilla-firefox, mozilla-thunderbird paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/gnutls-3.8.4-i586-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *)
Code: Select all
patches/packages/mozilla-firefox-115.9.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
Code: Select all
patches/packages/mozilla-thunderbird-115.9.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:57
20. III 2024.
Sveži python3 paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/python3-3.9.19-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:
https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2024-0450
https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:57
23. III 2024.
Sveži mozilla-firefox paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:58
24. III 2024.
Sveži emacs paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 17:58
27. III 2024.
Sveži curl paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/curl-8.7.1-i586-1_slack15.0.txz: Upgraded.
This release fixes the following security issues:
TLS certificate check bypass with mbedTLS.
HTTP/2 push headers memory-leak.
QUIC certificate check bypass with wolfSSL.
Usage of disabled protocol.
For more information, see:
https://curl.se/docs/CVE-2024-2466.html
https://curl.se/docs/CVE-2024-2398.html
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2004.html
https://www.cve.org/CVERecord?id=CVE-2024-2466
https://www.cve.org/CVERecord?id=CVE-2024-2398
https://www.cve.org/CVERecord?id=CVE-2024-2379
https://www.cve.org/CVERecord?id=CVE-2024-2004
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 1 guest