Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2022, 13:34


13.07.2022.

Sveži xorg-server za Slackware 15.0 i -current:

Code: Select all

patches/packages/xorg-server-1.20.14-i586-3_slack15.0.txz:  Rebuilt.
  xkb: switch to array index loops to moving pointers.
  xkb: add request length validation for XkbSetGeometry.
  xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-3_slack15.0.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 23 Jul 2022, 14:44


21.07.2022.

Sveži net-snmp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/net-snmp-5.9.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
  an out-of-bounds memory access.
  A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
  pointer dereference.
  Improper Input Validation when SETing malformed OIDs in master agent and
  subagent simultaneously.
  A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
  can cause an out-of-bounds memory access.
  A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
  NULL pointer dereference.
  A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
  dereference.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jul 2022, 21:16


25.07.2022.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-91.12.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jul 2022, 21:17


27.07.2022.

Sveži samba paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/samba-4.15.9-i586-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  Samba AD users can bypass certain restrictions associated with changing
  passwords.
  Samba AD users can forge password change requests for any user.
  Samba AD users can crash the server process with an LDAP add or modify
  request.
  Samba AD users can induce a use-after-free in the server process with an
  LDAP add or modify request.
  Server memory information leak via SMB1.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2031.html
    https://www.samba.org/samba/security/CVE-2022-32744.html
    https://www.samba.org/samba/security/CVE-2022-32745.html
    https://www.samba.org/samba/security/CVE-2022-32746.html
    https://www.samba.org/samba/security/CVE-2022-32742.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jul 2022, 21:18


28.07.2022.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-91.12.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 31 Jul 2022, 21:20


29.07.2022.

Sveži gnutls paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gnutls-3.7.7-i586-1_slack15.0.txz:  Upgraded.
  libgnutls: Fixed double free during verification of pkcs7 signatures.
  Reported by Jaak Ristioja.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Aug 2022, 21:59


15.08.2022.

Sveži rsync paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/rsync-3.2.5-i586-1_slack15.0.txz:  Upgraded.
  Added some file-list safety checking that helps to ensure that a rogue
  sending rsync can't add unrequested top-level names and/or include recursive
  names that should have been excluded by the sender. These extra safety
  checks only require the receiver rsync to be updated. When dealing with an
  untrusted sending host, it is safest to copy into a dedicated destination
  directory for the remote content (i.e. don't copy into a destination
  directory that contains files that aren't from the remote host unless you
  trust the remote host).
  For more information, see:
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Aug 2022, 22:00


16.08.2022.

Sveži mariadb paketi za Slackware 15 i -current:

Code: Select all

patches/packages/mariadb-10.5.17-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 19 Aug 2022, 22:01


17.08.2022.

Sveži vim i vim-gvim paketi za Slackware 15 i -current:

Code: Select all

patches/packages/vim-8.2.4649-i586-2_slack15.0.txz:  Rebuilt.
  Fix use after free, out-of-bounds read, and heap based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-i586-2_slack15.0.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3199
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Aug 2022, 00:20


20.08.2022.

Sveži vim i vim-gvim paketi za Slackware 15 i -current:

Code: Select all

patches/packages/vim-8.2.4649-i586-3_slack15.0.txz:  Rebuilt.
  Fix use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-i586-3_slack15.0.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests