Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Sep 2023, 23:39


21. IX 2023.

Sveži bind i seamonkey paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/bind-9.16.44-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.53.17.1-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17.1
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
Sveži cups paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/cups-2.4.7-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fixed Heap-based buffer overflow when reading Postscript in PPD files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4504
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2023, 08:09


26. IX 2023.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.3.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/
    https://www.cve.org/CVERecord?id=CVE-2023-5168
    https://www.cve.org/CVERecord?id=CVE-2023-5169
    https://www.cve.org/CVERecord?id=CVE-2023-5171
    https://www.cve.org/CVERecord?id=CVE-2023-5174
    https://www.cve.org/CVERecord?id=CVE-2023-5176
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 30 Sep 2023, 08:09


28. IX 2023.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.3.1esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains a security fix.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Oct 2023, 19:20


30. IX 2023.

Sveži mozilla-thunderbird i libvpx paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.3.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains a security fix for a critical heap buffer overflow in
  the libvpx VP8 encoder.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)

Code: Select all

patches/packages/libvpx-1.12.0-i586-1_slack15.0.txz:  Upgraded.
  This release contains two security related fixes -- one each for VP8 and VP9.
  For more information, see:
    https://crbug.com/1486441
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Oct 2023, 19:07


03. X 2023.

Sveži libX11 i libXpm paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/libX11-1.8.7-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)

Code: Select all

patches/packages/libXpm-3.5.17-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
  libXpm: out of bounds read on XPM with corrupted colormap.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43788
    https://www.cve.org/CVERecord?id=CVE-2023-43789
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 08 Oct 2023, 20:05


06. X 2023.

Sveži netatalk paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/netatalk-3.1.18-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Harden create_appledesktop_folder().
  For more information, see:
    https://netatalk.sourceforge.io/CVE-2022-22995.php
    https://www.cve.org/CVERecord?id=CVE-2022-22995
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Oct 2023, 14:21


10. X 2023.

Sveži libcue, libnotify, nghttp2 i samba paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libcue-2.2.1-i586-4_slack15.0.txz:  Rebuilt.
  Fixed a bug which could allow memory corruption resulting in arbitrary
  code execution.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-43641
  (* Security fix *)

Code: Select all

patches/packages/libnotify-0.8.3-i586-1_slack15.0.txz:  Upgraded.
  This release contains a critical stability/minor security update which
  affects Electron applications that utilize Portal notifications (eg,
  through Flatpak). It is highly recommended that all users of libnotify
  0.8.x update to this release.
  (* Security fix *)

Code: Select all

patches/packages/nghttp2-1.57.0-i586-1_slack15.0.txz:  Upgraded.
  This release has a fix to mitigate the HTTP/2 Rapid Reset vulnerability.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg
    https://www.cve.org/CVERecord?id=CVE-2023-44487
  (* Security fix *)

Code: Select all

patches/packages/samba-4.18.8-i586-1_slack15.0.txz:  Upgraded.
  This is a security release in order to address the following defects:
  Unsanitized pipe names allow SMB clients to connect as root to existing
  unix domain sockets on the file system.
  SMB client can truncate files to 0 bytes by opening files with OVERWRITE
  disposition when using the acl_xattr Samba VFS module with the smb.conf
  setting "acl_xattr:ignore system acls = yes"
  An RODC and a user with the GET_CHANGES right can view all attributes,
  including secrets and passwords. Additionally, the access check fails
  open on error conditions.
  Calls to the rpcecho server on the AD DC can request that the server block
  for a user-defined amount of time, denying service.
  Samba can be made to start multiple incompatible RPC listeners, disrupting
  service on the AD DC.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2023-3961.html
    https://www.samba.org/samba/security/CVE-2023-4091.html
    https://www.samba.org/samba/security/CVE-2023-4154.html
    https://www.samba.org/samba/security/CVE-2023-42669.html
    https://www.samba.org/samba/security/CVE-2023-42670.html
    https://www.cve.org/CVERecord?id=CVE-2023-3961
    https://www.cve.org/CVERecord?id=CVE-2023-4091
    https://www.cve.org/CVERecord?id=CVE-2023-4154
    https://www.cve.org/CVERecord?id=CVE-2023-42669
    https://www.cve.org/CVERecord?id=CVE-2023-42670
  (* Security fix *)
Sveži curl paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/curl-8.4.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Cookie injection with none file.
  SOCKS5 heap buffer overflow.
  For more information, see:
    https://curl.se/docs/CVE-2023-38546.html
    https://curl.se/docs/CVE-2023-38545.html
    https://www.cve.org/CVERecord?id=CVE-2023-38546
    https://www.cve.org/CVERecord?id=CVE-2023-38545
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 16 Oct 2023, 14:21


11. X 2023.

Sveži libcaca paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libcaca-0.99.beta20-i586-1_slack15.0.txz:  Upgraded.
  Fixed a crash bug (a crafted file defining width of zero leads to divide by
  zero and a crash). Seems to be merely a bug rather than a security issue, but
  I'd been meaning to get beta20 building so this was a good excuse.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-0856
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Oct 2023, 14:52


17. X 2023.

Sveži util-linux paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/util-linux-2.37.4-i586-2_slack15.0.txz:  Rebuilt.
  Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
  '-h' option, used (for example) by telnetd. If -h is used without
  /etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
  will be ignored, possibly allowing root to login from a tty that is not
  considered secure. Of course, the usual disclaimers about the security of
  telnet/telnetd apply.
  Thanks to HytronBG and Petri Kaukasoina.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3526
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Oct 2023, 14:53


19. X 2023.

Sveži httpd paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/httpd-2.4.58-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
  right away on RST.
  low: mod_macro buffer over-read.
  low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.58
    https://www.cve.org/CVERecord?id=CVE-2023-45802
    https://www.cve.org/CVERecord?id=CVE-2023-31122
    https://www.cve.org/CVERecord?id=CVE-2023-43622
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest