Sveži git paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/git-2.17.6-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
On case-insensitive file systems with support for symbolic links, if Git is
configured globally to apply delay-capable clean/smudge filters (such as Git
LFS), Git could be fooled into running remote code during a clone. Credit for
finding and fixing this vulnerability goes to Matheus Tavares, helped by
Johannes Schindelin.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300
(* Security fix *)
Sveži kernel paketi za Slackware 14.2:
Code: Select all
patches/packages/linux-4.4.261/*: Upgraded.
These updates fix various bugs and security issues, including the recently
announced iSCSI vulnerabilities allowing local privilege escalation.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365
(* Security fix *)
Sveži xterm paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/xterm-367-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
xterm before Patch #366 allows remote attackers to execute arbitrary code or
cause a denial of service (segmentation fault) via a crafted UTF-8 combining
character sequence.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135
(* Security fix *)
Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:
Code: Select all
patches/packages/curl-7.76.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Authentication Bypass by Spoofing.
Exposure of Private Personal Information to an Unauthorized Actor.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876
(* Security fix *)
Code: Select all
patches/packages/seamonkey-2.53.7-i686-1_slack14.2.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.7
(* Security fix *)