Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Dec 2022, 09:42


21. XII 2022.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-102.6.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains a security fix and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/
    https://www.cve.org/CVERecord?id=CVE-2022-46874
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Jan 2023, 19:02


03. I 2023.

Sveži libtiff paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/libtiff-4.4.0-i586-1_slack15.0.txz:  Upgraded.
  Patched various security bugs.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-2056
    https://www.cve.org/CVERecord?id=CVE-2022-2057
    https://www.cve.org/CVERecord?id=CVE-2022-2058
    https://www.cve.org/CVERecord?id=CVE-2022-3970
    https://www.cve.org/CVERecord?id=CVE-2022-34526
  (* Security fix *)
Sveži rxvt-unicode paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/rxvt-unicode-9.26-i586-3_slack15.0.txz:  Rebuilt.
  When the "background" extension was loaded, an attacker able to control the
  data written to the terminal would be able to execute arbitrary code as the
  terminal's user. Thanks to David Leadbeater and Ben Collver.
  For more information, see:
    https://www.openwall.com/lists/oss-security/2022/12/05/1
    https://www.cve.org/CVERecord?id=CVE-2022-4170
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Jan 2023, 19:03


04. I 2023.

Sveži vim paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/vim-9.0.1146-i586-1_slack15.0.txz:  Upgraded.
  Fixed security issues:
  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0049
    https://www.cve.org/CVERecord?id=CVE-2023-0051
  (* Security fix *)
patches/packages/vim-gvim-9.0.1146-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 09 Jan 2023, 19:03


06. I 2023.

Sveži mozilla-nss i php paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-nss-3.87-i586-1_slack15.0.txz:  Upgraded.
  Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
  For more information, see:
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
    https://www.cve.org/CVERecord?id=CVE-2021-43527
  (* Security fix *)

Code: Select all

patches/packages/php-7.4.33-i586-2_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  PDO::quote() may return unquoted string.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31631
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2023, 21:30


13. I 2023.

Sveži netatalk paketi Slackware 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/netatalk-3.1.14-i586-1_slack15.0.txz:  Upgraded.
  Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
  resulting in code execution via a crafted .appl file.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45188
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Feb 2023, 16:53


17. I 2023.

Sveži git, httpd, i libXpm paketi Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/git-2.35.6-i586-1_slack15.0.txz:  Upgraded.
  This release fixes two security issues:
  * CVE-2022-41903:
  git log has the ability to display commits using an arbitrary
  format with its --format specifiers. This functionality is also
  exposed to git archive via the export-subst gitattribute.
  When processing the padding operators (e.g., %<(, %<|(, %>(,
  %>>(, or %><( ), an integer overflow can occur in
  pretty.c::format_and_pad_commit() where a size_t is improperly
  stored as an int, and then added as an offset to a subsequent
  memcpy() call.
  This overflow can be triggered directly by a user running a
  command which invokes the commit formatting machinery (e.g., git
  log --format=...). It may also be triggered indirectly through
  git archive via the export-subst mechanism, which expands format
  specifiers inside of files within the repository during a git
  archive.
  This integer overflow can result in arbitrary heap writes, which
  may result in remote code execution.
  * CVE-2022-23521:
  gitattributes are a mechanism to allow defining attributes for
  paths. These attributes can be defined by adding a `.gitattributes`
  file to the repository, which contains a set of file patterns and
  the attributes that should be set for paths matching this pattern.
  When parsing gitattributes, multiple integer overflows can occur
  when there is a huge number of path patterns, a huge number of
  attributes for a single pattern, or when the declared attribute
  names are huge.
  These overflows can be triggered via a crafted `.gitattributes` file
  that may be part of the commit history. Git silently splits lines
  longer than 2KB when parsing gitattributes from a file, but not when
  parsing them from the index. Consequentially, the failure mode
  depends on whether the file exists in the working tree, the index or
  both.
  This integer overflow can result in arbitrary heap reads and writes,
  which may result in remote code execution.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-41903
    https://www.cve.org/CVERecord?id=CVE-2022-23521
  (* Security fix *)

Code: Select all

patches/packages/httpd-2.4.55-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  mod_proxy allows a backend to trigger HTTP response splitting.
  mod_proxy_ajp possible request smuggling.
  mod_dav out of bounds read, or write of zero byte.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.55
    https://www.cve.org/CVERecord?id=CVE-2022-37436
    https://www.cve.org/CVERecord?id=CVE-2022-36760
    https://www.cve.org/CVERecord?id=CVE-2006-20001
  (* Security fix *)

Code: Select all

patches/packages/libXpm-3.5.15-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Infinite loop on unclosed comments.
  Runaway loop with width of 0 and enormous height.
  Compression commands depend on $PATH.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-46285
    https://www.cve.org/CVERecord?id=CVE-2022-44617
    https://www.cve.org/CVERecord?id=CVE-2022-4883
  (* Security fix *)
Sveži mozilla-firefox paketi Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-102.7.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
    https://www.cve.org/CVERecord?id=CVE-2022-46871
    https://www.cve.org/CVERecord?id=CVE-2023-23598
    https://www.cve.org/CVERecord?id=CVE-2023-23599
    https://www.cve.org/CVERecord?id=CVE-2023-23601
    https://www.cve.org/CVERecord?id=CVE-2023-23602
    https://www.cve.org/CVERecord?id=CVE-2022-46877
    https://www.cve.org/CVERecord?id=CVE-2023-23603
    https://www.cve.org/CVERecord?id=CVE-2023-23605
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Feb 2023, 16:54


18. I 2023.

Sveži sudo paketi Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/sudo-1.9.12p2-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
  a malicious user with sudoedit privileges to edit arbitrary files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-22809
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Feb 2023, 16:55


20. I 2023.

Sveži mozilla-thunderbird i seamonkey paketi Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-102.7.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.7
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.53.15-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.15
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Feb 2023, 16:56


25. I 2023.

Sveži bind i vim paketi Slackware 15.0 i -current:

Code: Select all

patches/packages/bind-9.16.37-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  An UPDATE message flood could cause :iscman:`named` to exhaust all
  available memory. This flaw was addressed by adding a new
  :any:`update-quota` option that controls the maximum number of
  outstanding DNS UPDATE messages that :iscman:`named` can hold in a
  queue at any given time (default: 100).
  :iscman:`named` could crash with an assertion failure when an RRSIG
  query was received and :any:`stale-answer-client-timeout` was set to a
  non-zero value. This has been fixed.
  :iscman:`named` running as a resolver with the
  :any:`stale-answer-client-timeout` option set to any value greater
  than ``0`` could crash with an assertion failure, when the
  :any:`recursive-clients` soft quota was reached. This has been fixed.
  For more information, see:
    https://kb.isc.org/docs/cve-2022-3094
    https://kb.isc.org/docs/cve-2022-3736
    https://kb.isc.org/docs/cve-2022-3924
    https://www.cve.org/CVERecord?id=CVE-2022-3094
    https://www.cve.org/CVERecord?id=CVE-2022-3736
    https://www.cve.org/CVERecord?id=CVE-2022-3924
  (* Security fix *)

Code: Select all

patches/packages/vim-9.0.1241-i586-1_slack15.0.txz:  Upgraded.
  Fixed a security issue:
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0433
  (* Security fix *)
patches/packages/vim-gvim-9.0.1241-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 05 Feb 2023, 16:57


01. II 2023.

Sveži apr, apr-util i mozilla-thunderbird paketi Slackware 15.0 i -current:

Code: Select all

patches/packages/apr-1.7.2-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Integer Overflow or Wraparound vulnerability in apr_encode functions of
  Apache Portable Runtime (APR) allows an attacker to write beyond bounds
  of a buffer. (CVE-2022-24963)
  Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
  (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
  later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-24963
    https://www.cve.org/CVERecord?id=CVE-2021-35940
    https://www.cve.org/CVERecord?id=CVE-2017-12613
  (* Security fix *)

Code: Select all

patches/packages/apr-util-1.6.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Integer Overflow or Wraparound vulnerability in apr_base64 functions
  of Apache Portable Runtime Utility (APR-util) allows an attacker to
  write beyond bounds of a buffer. (CVE-2022-25147)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-25147
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-102.7.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/
    https://www.cve.org/CVERecord?id=CVE-2023-0430
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 47 guests