Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 18:15
28. III 2024.
Sveži seamonkey, util-linux, coreutils paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
Code: Select all
patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz: Rebuilt.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
Code: Select all
patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 19:18
03. IV 2024.
Sveži xorg-server paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-12_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-12_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-12_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 19:20
04. IV 2024.
Sveži httpd i nghttp2 paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/httpd-2.4.59-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
Code: Select all
patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 19:21
05. IV 2024.
Sveži tigervnc paketi za Slackware 15.0 i -current:
Code: Select all
extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 19:21
08. IV 2024.
Sveži libarchive paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/libarchive-3.7.3-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 14 Apr 2024, 19:22
12. IV 2024.
Sveži php paketi za Slackware 15.0 i -current:
Code: Select all
extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 May 2024, 08:59
14. IV 2024.
Sveži less paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/less-653-i586-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 May 2024, 09:00
16. IV 2024.
Sveži mozilla-firefox paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 May 2024, 09:01
17. IV 2024.
Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3507
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 04 May 2024, 09:01
18. IV 2024.
Sveži glibc paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-i586-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-profile-2.33-i586-6_slack15.0.txz: Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 1 guest