Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2024, 21:17


22. I 2024.

Sveži postfix paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/postfix-3.6.14-i586-1_slack15.0.txz:  Upgraded.
  Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
  = normalize" (default "no" for Postfix < 3.9), the Postfix
  SMTP server requires the standard End-of-DATA sequence
  <CR><LF>.<CR><LF>, and otherwise allows command or message
  content lines ending in the non-standard <LF>, processing
  them as if the client sent the standard <CR><LF>.
  The alternative setting, "smtpd_forbid_bare_newline = reject"
  will reject any command or message that contains a bare
  <LF>, and is more likely to cause problems with legitimate
  clients.
  For backwards compatibility, local clients are excluded by
  default with "smtpd_forbid_bare_newline_exclusions =
  $mynetworks".
  For more information, see:
    https://www.postfix.org/smtp-smuggling.html
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Jan 2024, 21:18


23. I 2024.

Sveži mozilla-firefox i mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.7.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-02/
    https://www.cve.org/CVERecord?id=CVE-2024-0741
    https://www.cve.org/CVERecord?id=CVE-2024-0742
    https://www.cve.org/CVERecord?id=CVE-2024-0746
    https://www.cve.org/CVERecord?id=CVE-2024-0747
    https://www.cve.org/CVERecord?id=CVE-2024-0749
    https://www.cve.org/CVERecord?id=CVE-2024-0750
    https://www.cve.org/CVERecord?id=CVE-2024-0751
    https://www.cve.org/CVERecord?id=CVE-2024-0753
    https://www.cve.org/CVERecord?id=CVE-2024-0755
  (* Security fix *)

Code: Select all

patches/packages/mozilla-thunderbird-115.7.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
    https://www.cve.org/CVERecord?id=CVE-2024-0741
    https://www.cve.org/CVERecord?id=CVE-2024-0742
    https://www.cve.org/CVERecord?id=CVE-2024-0746
    https://www.cve.org/CVERecord?id=CVE-2024-0747
    https://www.cve.org/CVERecord?id=CVE-2024-0749
    https://www.cve.org/CVERecord?id=CVE-2024-0750
    https://www.cve.org/CVERecord?id=CVE-2024-0751
    https://www.cve.org/CVERecord?id=CVE-2024-0753
    https://www.cve.org/CVERecord?id=CVE-2024-0755
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Feb 2024, 21:10


26. I 2024.

Sveži pam paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/pam-1.6.0-i586-1_slack15.0.txz:  Upgraded.
  pam_namespace.so: fixed a possible local denial-of-service vulnerability.
  For more information, see:
    https://seclists.org/oss-sec/2024/q1/31
    https://www.cve.org/CVERecord?id=CVE-2024-22365
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Feb 2024, 21:11


31. I 2024.

Sveži sendmail paketi za Slackware 15.0 i -current:

Code: Select all

extra/sendmail/sendmail-8.18.1-i586-1_slack15.0.txz:  Upgraded.
  sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
  Remote attackers can use a published exploitation technique to inject e-mail
  messages with a spoofed MAIL FROM address, allowing bypass of an SPF
  protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
  but some other popular e-mail servers do not. This is resolved in 8.18 and
  later versions with 'o' in srv_features.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-51765
  (* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Feb 2024, 21:06


04. II 2024.

Sveži libxml2 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libxml2-2.11.7-i586-1_slack15.0.txz:  Upgraded.
  Fix the following security issue:
  xmlreader: Don't expand XIncludes when backtracking.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-25062
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Feb 2024, 21:07


07. II 2024.

Sveži expat paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/expat-2.6.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fix quadratic runtime issues with big tokens that can cause
  denial of service.
  Fix billion laughs attacks for users compiling *without* XML_DTD
  defined (which is not common).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52425
    https://www.cve.org/CVERecord?id=CVE-2023-52426
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Feb 2024, 21:07


09. II 2024.

Sveži xpdf paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/xpdf-4.05-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fixed a bug in the ICCBased color space parser that was allowing the number
  of components to be zero. Thanks to huckleberry for the bug report.
  Fixed a bug in the ICCBased color space parser that was allowing the number
  of components to be zero. Thanks to huckleberry for the bug report.
  Added checks for PDF object loops in AcroForm::scanField(),
  Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
  The zero-width character problem can also happen if the page size is very
  large -- that needs to be limited too, the same way as character position
  coordinates. Thanks to jlinliu for the bug report.
  Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
  the bug report.
  Fix a deadlock when an object stream's length field is contained in another
  object stream. Thanks to Jiahao Liu for the bug report.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-2662
    https://www.cve.org/CVERecord?id=CVE-2023-2662
    https://www.cve.org/CVERecord?id=CVE-2018-7453
    https://www.cve.org/CVERecord?id=CVE-2018-16369
    https://www.cve.org/CVERecord?id=CVE-2022-36561
    https://www.cve.org/CVERecord?id=CVE-2022-41844
    https://www.cve.org/CVERecord?id=CVE-2023-2663
    https://www.cve.org/CVERecord?id=CVE-2023-2664
    https://www.cve.org/CVERecord?id=CVE-2023-3044
    https://www.cve.org/CVERecord?id=CVE-2023-3436
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Feb 2024, 22:59


13. II 2024.

Sveži bind i dnsmasq paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/bind-9.16.48-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Specific DNS answers could cause a denial-of-service condition due to DNS
  validation taking a long time.
  Query patterns that continuously triggered cache database maintenance could
  exhaust all available memory on the host running named.
  Restore DNS64 state when handling a serve-stale timeout.
  Specific queries could trigger an assertion check with nxdomain-redirect
  enabled.
  Speed up parsing of DNS messages with many different names.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-50387
    https://www.cve.org/CVERecord?id=CVE-2023-50387
    https://kb.isc.org/docs/cve-2023-6516
    https://www.cve.org/CVERecord?id=CVE-2023-6516
    https://kb.isc.org/docs/cve-2023-5679
    https://www.cve.org/CVERecord?id=CVE-2023-5679
    https://kb.isc.org/docs/cve-2023-5517
    https://www.cve.org/CVERecord?id=CVE-2023-5517
    https://kb.isc.org/docs/cve-2023-4408
    https://www.cve.org/CVERecord?id=CVE-2023-4408
  (* Security fix *)

Code: Select all

patches/packages/dnsmasq-2.90-i586-1_slack15.0.txz:  Upgraded.
  Add limits on the resources used to do DNSSEC validation.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-50387
    https://www.cve.org/CVERecord?id=CVE-2023-50868
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Mar 2024, 17:17


20. II 2024.

Sveži mozilla-firefox i libuv paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-06/
    https://www.cve.org/CVERecord?id=CVE-2024-1546
    https://www.cve.org/CVERecord?id=CVE-2024-1547
    https://www.cve.org/CVERecord?id=CVE-2024-1548
    https://www.cve.org/CVERecord?id=CVE-2024-1549
    https://www.cve.org/CVERecord?id=CVE-2024-1550
    https://www.cve.org/CVERecord?id=CVE-2024-1551
    https://www.cve.org/CVERecord?id=CVE-2024-1552
    https://www.cve.org/CVERecord?id=CVE-2024-1553
  (* Security fix *)

Code: Select all

patches/packages/libuv-1.48.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a server-side request forgery (SSRF) flaw.
  Thanks to alex2grad for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-24806
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 02 Mar 2024, 17:18


21. II 2024.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
    https://www.cve.org/CVERecord?id=CVE-2024-1546
    https://www.cve.org/CVERecord?id=CVE-2024-1547
    https://www.cve.org/CVERecord?id=CVE-2024-1548
    https://www.cve.org/CVERecord?id=CVE-2024-1549
    https://www.cve.org/CVERecord?id=CVE-2024-1550
    https://www.cve.org/CVERecord?id=CVE-2024-1551
    https://www.cve.org/CVERecord?id=CVE-2024-1552
    https://www.cve.org/CVERecord?id=CVE-2024-1553
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests