Novosti u vezi Slackware Linuxa
Moderator: Urednik
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 03 Dec 2023, 23:23
30. XI 2023.
Sveži samba paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/samba-4.18.9-i586-1_slack15.0.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.html
https://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:25
09. XII 2023.
Sveži libxml2 paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:
Code: Select all
patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz: Upgraded.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:26
13. XII 2023.
Sveži xorg-server paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/xorg-server-1.20.14-i586-10_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-9_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:27
14. XII 2023.
Sveži bluez paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/bluez-5.71-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
It may have been possible for an attacker within Bluetooth range to inject
keystrokes (and possibly execute commands) while devices were discoverable.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-45866
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:29
19. XII 2023.
Sveži mozilla-thunderbird i mozilla-firefox paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/mozilla-thunderbird-115.6.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.cve.org/CVERecord?id=CVE-2023-50762
https://www.cve.org/CVERecord?id=CVE-2023-50761
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
Code: Select all
patches/packages/mozilla-firefox-115.6.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6865
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
Sveži libssh paketi za Slackware 14.2, 15.0 i -current:
Code: Select all
patches/packages/libssh-0.10.6-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:30
20. XII 2023.
Sveži proftpd paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:
Code: Select all
patches/packages/proftpd-1.3.8b-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:31
23. XII 2023.
Sveži postfix paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/postfix-3.6.13-i586-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 15 Jan 2024, 23:31
25. XII 2023.
Sveži kernel paketi za Slackware 15.0:
Code: Select all
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jan 2024, 21:16
16. I 2024.
Sveži gnutls i xorg-server paketi za Slackware 15.0 i -current:
Code: Select all
patches/packages/gnutls-3.8.3-i586-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *)
Code: Select all
patches/packages/xorg-server-1.20.14-i586-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
-
- Posts: 3523
- Joined: 01 Apr 2012, 13:50
- Location: Mlečni put
Post
Napisano: 25 Jan 2024, 21:17
21. I 2024.
Sveži tigervnc paketi za Slackware 15.0 i -current:
Code: Select all
extra/tigervnc/tigervnc-1.12.0-i586-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”
Who is online
Users browsing this forum: No registered users and 1 guest