Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 18:15


28. III 2024.

Sveži seamonkey, util-linux, coreutils paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
  (* Security fix *)

Code: Select all

patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz:  Rebuilt.
  This release fixes a vulnerability where the wall command did not filter
  escape sequences from command line arguments, allowing unprivileged users
  to put arbitrary text on other users terminals.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-28085
  (* Security fix *)

Code: Select all

patches/packages/coreutils-9.5-i586-1_slack15.0.txz:  Upgraded.
  chmod -R now avoids a race where an attacker may replace a traversed file
  with a symlink, causing chmod to operate on an unintended file.
  [This bug was present in "the beginning".]
  split --line-bytes with a mixture of very long and short lines no longer
  overwrites the heap.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0684
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 19:18


03. IV 2024.

Sveži xorg-server paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 19:20


04. IV 2024.

Sveži httpd i nghttp2 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/httpd-2.4.59-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)

Code: Select all

patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 19:21


05. IV 2024.

Sveži tigervnc paketi za Slackware 15.0 i -current:

Code: Select all

extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including the latest patches for
  several security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 19:21


08. IV 2024.

Sveži libarchive paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libarchive-3.7.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix possible vulnerability in tar error reporting introduced in f27c173
  by JiaT75.
  For more information, see:
    https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c3f04ff34f
    https://github.com/libarchive/libarchive/pull/2101
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 14 Apr 2024, 19:22


12. IV 2024.

Sveži php paketi za Slackware 15.0 i -current:

Code: Select all

extra/php81/php81-8.1.28-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Command injection via array-ish $command parameter of proc_open.
  __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
  Password_verify can erroneously return true, opening ATO risk.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.28
    https://www.cve.org/CVERecord?id=CVE-2024-1874
    https://www.cve.org/CVERecord?id=CVE-2024-2756
    https://www.cve.org/CVERecord?id=CVE-2024-3096
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 08:59


14. IV 2024.

Sveži less paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/less-653-i586-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  less through 653 allows OS command execution via a newline character in the
  name of a file, because quoting is mishandled in filename.c. Exploitation
  typically requires use with attacker-controlled file names, such as the files
  extracted from an untrusted archive. Exploitation also requires the LESSOPEN
  environment variable, but this is set by default in many common cases.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32487
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:00


16. IV 2024.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-19/
    https://www.cve.org/CVERecord?id=CVE-2024-3852
    https://www.cve.org/CVERecord?id=CVE-2024-3854
    https://www.cve.org/CVERecord?id=CVE-2024-3857
    https://www.cve.org/CVERecord?id=CVE-2024-2609
    https://www.cve.org/CVERecord?id=CVE-2024-3859
    https://www.cve.org/CVERecord?id=CVE-2024-3861
    https://www.cve.org/CVERecord?id=CVE-2024-3863
    https://www.cve.org/CVERecord?id=CVE-2024-3302
    https://www.cve.org/CVERecord?id=CVE-2024-3864
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:01


17. IV 2024.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3485
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:01


18. IV 2024.

Sveži glibc paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz:  Rebuilt.
patches/packages/glibc-2.33-i586-6_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  The iconv() function in the GNU C Library versions 2.39 and older may
  overflow the output buffer passed to it by up to 4 bytes when converting
  strings to the ISO-2022-CN-EXT character set, which may be used to crash
  an application or overwrite a neighbouring variable.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-2961
  (* Security fix *)
patches/packages/glibc-i18n-2.33-i586-6_slack15.0.txz:  Rebuilt.
patches/packages/glibc-profile-2.33-i586-6_slack15.0.txz:  Rebuilt.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 3 guests