Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Dec 2023, 23:23


30. XI 2023.

Sveži samba paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/samba-4.18.9-i586-1_slack15.0.txz:  Upgraded.
  This is a security release in order to address the following defect:
  An information leak vulnerability was discovered in Samba's LDAP server.
  Due to missing access control checks, an authenticated but unprivileged
  attacker could discover the names and preserved attributes of deleted objects
  in the LDAP store. Upgrading to this package will not prevent this
  information leak - if you are using Samba as an Active Directory Domain
  Controller, you will need to follow the instructions in the samba.org link
  given below.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-14628.html
    https://www.cve.org/CVERecord?id=CVE-2018-14628
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:25


09. XII 2023.

Sveži libxml2 paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz:  Upgraded.
  Add --sysconfdir=/etc option so that this can find the xml catalog.
  Thanks to SpiderTux.
  Fix the following security issues:
  Fix integer overflows with XML_PARSE_HUGE.
  Fix dict corruption caused by entity reference cycles.
  Hashing of empty dict strings isn't deterministic.
  Fix null deref in xmlSchemaFixupComplexType.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-40303
    https://www.cve.org/CVERecord?id=CVE-2022-40304
    https://www.cve.org/CVERecord?id=CVE-2023-29469
    https://www.cve.org/CVERecord?id=CVE-2023-28484
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:26


13. XII 2023.

Sveži xorg-server paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/xorg-server-1.20.14-i586-10_slack15.0.txz:  Rebuilt.
  This update fixes two security issues:
  Out-of-bounds memory write in XKB button actions.
  Out-of-bounds memory read in RRChangeOutputProperty and
  RRChangeProviderProperty.
  For more information, see:
    https://lists.x.org/archives/xorg/2023-December/061517.html
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-9_slack15.0.txz:  Rebuilt.
  This update fixes two security issues:
  Out-of-bounds memory write in XKB button actions.
  Out-of-bounds memory read in RRChangeOutputProperty and
  RRChangeProviderProperty.
  For more information, see:
    https://lists.x.org/archives/xorg/2023-December/061517.html
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:27


14. XII 2023.

Sveži bluez paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/bluez-5.71-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  It may have been possible for an attacker within Bluetooth range to inject
  keystrokes (and possibly execute commands) while devices were discoverable.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-45866
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:29


19. XII 2023.

Sveži mozilla-thunderbird i mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.6.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
    https://www.cve.org/CVERecord?id=CVE-2023-50762
    https://www.cve.org/CVERecord?id=CVE-2023-50761
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)

Code: Select all

patches/packages/mozilla-firefox-115.6.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-54/
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6865
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6867
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)
Sveži libssh paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/libssh-0.10.6-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Command injection using proxycommand.
  Potential downgrade attack using strict kex.
  Missing checks for return values of MD functions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-6004
    https://www.cve.org/CVERecord?id=CVE-2023-48795
    https://www.cve.org/CVERecord?id=CVE-2023-6918
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:30


20. XII 2023.

Sveži proftpd paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/proftpd-1.3.8b-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  mod_sftp: implemented mitigations for "Terrapin" SSH attack.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-48795
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:31


23. XII 2023.

Sveži postfix paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/postfix-3.6.13-i586-1_slack15.0.txz:  Upgraded.
  Security: this release adds support to defend against an email spoofing
  attack (SMTP smuggling) on recipients at a Postfix server. Sites
  concerned about SMTP smuggling attacks should enable this feature on
  Internet-facing Postfix servers. For compatibility with non-standard
  clients, Postfix by default excludes clients in mynetworks from this
  countermeasure.
  The recommended settings are:
    # Optionally disconnect remote SMTP clients that send bare newlines,
    # but allow local clients with non-standard SMTP implementations
    # such as netcat, fax machines, or load balancer health checks.
    #
    smtpd_forbid_bare_newline = yes
    smtpd_forbid_bare_newline_exclusions = $mynetworks
  The smtpd_forbid_bare_newline feature is disabled by default.
  For more information, see:
    https://www.postfix.org/smtp-smuggling.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Jan 2024, 23:31


25. XII 2023.

Sveži kernel paketi za Slackware 15.0:

Code: Select all

patches/packages/linux-5.15.145/*:  Upgraded.
  These updates fix various bugs and security issues.
  Thanks to jwoithe for the PCI fix!
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.140:
    https://www.cve.org/CVERecord?id=CVE-2023-46862
    Fixed in 5.15.141:
    https://www.cve.org/CVERecord?id=CVE-2023-6121
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2024, 21:16


16. I 2024.

Sveži gnutls i xorg-server paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gnutls-3.8.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  Fix more timing side-channel inside RSA-PSK key exchange.
  Fix assertion failure when verifying a certificate chain with a cycle of
  cross signatures.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0553
    https://www.cve.org/CVERecord?id=CVE-2024-0567
  (* Security fix *)

Code: Select all

patches/packages/xorg-server-1.20.14-i586-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux context corruption.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
    https://www.cve.org/CVERecord?id=CVE-2024-0409
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-10_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3481
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2024, 21:17


21. I 2024.

Sveži tigervnc paketi za Slackware 15.0 i -current:

Code: Select all

extra/tigervnc/tigervnc-1.12.0-i586-5_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including the latest patches for
  several security issues. Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-0408
    https://www.cve.org/CVERecord?id=CVE-2024-0409
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-21886
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 1 guest