Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:02


19. IV 2024.

Sveži freerdp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/freerdp-2.11.6-i586-1_slack15.0.txz:  Upgraded.
  This release is a security release and addresses multiple issues:
  [Low] OutOfBound Read in zgfx_decompress_segment.
  [Moderate] Integer overflow & OutOfBound Write in
  clear_decompress_residual_data.
  [Low] integer underflow in nsc_rle_decode.
  [Low] OutOfBound Read in planar_skip_plane_rle.
  [Low] OutOfBound Read in ncrush_decompress.
  [Low] OutOfBound Read in interleaved_decompress.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32041
    https://www.cve.org/CVERecord?id=CVE-2024-32039
    https://www.cve.org/CVERecord?id=CVE-2024-32040
    https://www.cve.org/CVERecord?id=CVE-2024-32458
    https://www.cve.org/CVERecord?id=CVE-2024-32459
    https://www.cve.org/CVERecord?id=CVE-2024-32460
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:02


22. IV 2024.

Sveži freerdp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/freerdp-2.11.7-i586-1_slack15.0.txz:  Upgraded.
  This release eliminates a bunch of issues detected during oss-fuzz runs.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:03


23. IV 2024.

Sveži ruby paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/ruby-3.0.7-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Arbitrary memory address read vulnerability with Regex search.
  RCE vulnerability with .rdoc_options in RDoc.
  Buffer overread vulnerability in StringIO.
  For more information, see:
    https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
    https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
    https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
    https://www.cve.org/CVERecord?id=CVE-2024-27282
    https://www.cve.org/CVERecord?id=CVE-2024-27281
    https://www.cve.org/CVERecord?id=CVE-2024-27280
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:03


25. IV 2024.

Sveži libarchive paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz:  Rebuilt.
  Patched an out-of-bound error in the rar e8 filter that could allow for
  the execution of arbitrary code.
  Thanks to gmgf for the heads-up.
  For more information, see:
    https://github.com/advisories/GHSA-2jc9-36w4-pmqw
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:44


13. V 2024.

Sveži libxml2 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libxml2-2.11.8-i586-1_slack15.0.txz:  Upgraded.
  Fix buffer overread with "xmllint --htmlout".
  xmllint: Fix --pedantic option.
  save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-34459
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:45


14. V 2024.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.11.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-22/
    https://www.cve.org/CVERecord?id=CVE-2024-4367
    https://www.cve.org/CVERecord?id=CVE-2024-4767
    https://www.cve.org/CVERecord?id=CVE-2024-4768
    https://www.cve.org/CVERecord?id=CVE-2024-4769
    https://www.cve.org/CVERecord?id=CVE-2024-4770
    https://www.cve.org/CVERecord?id=CVE-2024-4777
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:46


15. V 2024.

Sveži gdk-pixbuf2 i git paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz:  Upgraded.
  ani: Reject files with multiple INA or IART chunks.
  ani: Reject files with multiple anih chunks.
  ani: validate chunk size.
  Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48622
  (* Security fix *)

Code: Select all

patches/packages/git-2.39.4-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Recursive clones on case-insensitive filesystems that support symbolic
  links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.
  Repositories can be configured to execute arbitrary code during local
  clones. To address this, the ownership checks introduced in v2.30.3
  are now extended to cover cloning local repositories.
  Local clones may end up hardlinking files into the target repository's
  object database when source and target repository reside on the same
  disk. If the source repository is owned by a different user, then
  those hardlinked files may be rewritten at any point in time by the
  untrusted user.
  When cloning a local source repository that contains symlinks via the
  filesystem, Git may create hardlinks to arbitrary user-readable files
  on the same filesystem as the target repository in the objects/
  directory.
  It is supposed to be safe to clone untrusted repositories, even those
  unpacked from zip archives or tarballs originating from untrusted
  sources, but Git can be tricked to run arbitrary code as part of the
  clone.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32002
    https://www.cve.org/CVERecord?id=CVE-2024-32004
    https://www.cve.org/CVERecord?id=CVE-2024-32020
    https://www.cve.org/CVERecord?id=CVE-2024-32021
    https://www.cve.org/CVERecord?id=CVE-2024-32465
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2024, 19:13


20. V 2024.

Sveži mariadb paketi za Slackware 15.0 i -current:

Code: Select all

  This update fixes bugs and a security issue:
  Difficult to exploit vulnerability allows unauthenticated attacker with
  logon to the infrastructure where MariaDB Server executes to compromise the
  server. This could result in unauthorized update, insert or delete access
  to some of the data as well as unauthorized read access to a subset of the
  data and unauthorized ability to cause a partial denial of service.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-21096
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2024, 19:14


05. VI 2024.

Sveži kernel paketi za Slackware 15.0:

Code: Select all

patches/packages/linux-5.15.160/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.147:
    https://www.cve.org/CVERecord?id=CVE-2023-52340
    https://www.cve.org/CVERecord?id=CVE-2023-6040
    https://www.cve.org/CVERecord?id=CVE-2024-0646
    Fixed in 5.15.148:
    https://www.cve.org/CVERecord?id=CVE-2023-46838
    https://www.cve.org/CVERecord?id=CVE-2023-52436
    https://www.cve.org/CVERecord?id=CVE-2023-52438
    https://www.cve.org/CVERecord?id=CVE-2023-52439
    https://www.cve.org/CVERecord?id=CVE-2023-52443
    https://www.cve.org/CVERecord?id=CVE-2023-52444
    https://www.cve.org/CVERecord?id=CVE-2023-52445
    https://www.cve.org/CVERecord?id=CVE-2023-52448
    https://www.cve.org/CVERecord?id=CVE-2023-52449
    https://www.cve.org/CVERecord?id=CVE-2023-52451
    https://www.cve.org/CVERecord?id=CVE-2023-52454
    https://www.cve.org/CVERecord?id=CVE-2023-52456
    https://www.cve.org/CVERecord?id=CVE-2023-52458
    https://www.cve.org/CVERecord?id=CVE-2023-52463
    https://www.cve.org/CVERecord?id=CVE-2023-52464
    https://www.cve.org/CVERecord?id=CVE-2023-52467
    https://www.cve.org/CVERecord?id=CVE-2023-52469
    https://www.cve.org/CVERecord?id=CVE-2023-52470
    https://www.cve.org/CVERecord?id=CVE-2023-52609
    https://www.cve.org/CVERecord?id=CVE-2023-52610
    https://www.cve.org/CVERecord?id=CVE-2023-52612
    https://www.cve.org/CVERecord?id=CVE-2023-6356
    https://www.cve.org/CVERecord?id=CVE-2023-6536
    https://www.cve.org/CVERecord?id=CVE-2023-6915
    https://www.cve.org/CVERecord?id=CVE-2024-1085
    https://www.cve.org/CVERecord?id=CVE-2024-24860
    https://www.cve.org/CVERecord?id=CVE-2024-26586
    https://www.cve.org/CVERecord?id=CVE-2024-26589
    https://www.cve.org/CVERecord?id=CVE-2024-26591
    https://www.cve.org/CVERecord?id=CVE-2024-26597
    https://www.cve.org/CVERecord?id=CVE-2024-26598
    https://www.cve.org/CVERecord?id=CVE-2024-26631
    https://www.cve.org/CVERecord?id=CVE-2024-26633
    Fixed in 5.15.149:
    https://www.cve.org/CVERecord?id=CVE-2023-52429
    https://www.cve.org/CVERecord?id=CVE-2023-52435
    https://www.cve.org/CVERecord?id=CVE-2023-52486
    https://www.cve.org/CVERecord?id=CVE-2023-52489
    https://www.cve.org/CVERecord?id=CVE-2023-52491
    https://www.cve.org/CVERecord?id=CVE-2023-52492
    https://www.cve.org/CVERecord?id=CVE-2023-52493
    https://www.cve.org/CVERecord?id=CVE-2023-52494
    https://www.cve.org/CVERecord?id=CVE-2023-52498
    https://www.cve.org/CVERecord?id=CVE-2023-52583
    https://www.cve.org/CVERecord?id=CVE-2023-52587
    https://www.cve.org/CVERecord?id=CVE-2023-52588
    https://www.cve.org/CVERecord?id=CVE-2023-52594
    https://www.cve.org/CVERecord?id=CVE-2023-52595
    https://www.cve.org/CVERecord?id=CVE-2023-52597
    https://www.cve.org/CVERecord?id=CVE-2023-52598
    https://www.cve.org/CVERecord?id=CVE-2023-52599
    https://www.cve.org/CVERecord?id=CVE-2023-52600
    https://www.cve.org/CVERecord?id=CVE-2023-52601
    https://www.cve.org/CVERecord?id=CVE-2023-52602
    https://www.cve.org/CVERecord?id=CVE-2023-52603
    https://www.cve.org/CVERecord?id=CVE-2023-52604
    https://www.cve.org/CVERecord?id=CVE-2023-52606
    https://www.cve.org/CVERecord?id=CVE-2023-52607
    https://www.cve.org/CVERecord?id=CVE-2023-52608
    https://www.cve.org/CVERecord?id=CVE-2023-52614
    https://www.cve.org/CVERecord?id=CVE-2023-52615
    https://www.cve.org/CVERecord?id=CVE-2023-52616
    https://www.cve.org/CVERecord?id=CVE-2023-52617
    https://www.cve.org/CVERecord?id=CVE-2023-52618
    https://www.cve.org/CVERecord?id=CVE-2023-52619
    https://www.cve.org/CVERecord?id=CVE-2023-52622
    https://www.cve.org/CVERecord?id=CVE-2023-52623
    https://www.cve.org/CVERecord?id=CVE-2023-52627
    https://www.cve.org/CVERecord?id=CVE-2023-52630
    https://www.cve.org/CVERecord?id=CVE-2023-52631
    https://www.cve.org/CVERecord?id=CVE-2023-52633
    https://www.cve.org/CVERecord?id=CVE-2023-52635
    https://www.cve.org/CVERecord?id=CVE-2023-52637
    https://www.cve.org/CVERecord?id=CVE-2023-52638
    https://www.cve.org/CVERecord?id=CVE-2024-0340
    https://www.cve.org/CVERecord?id=CVE-2024-1086
    https://www.cve.org/CVERecord?id=CVE-2024-1151
    https://www.cve.org/CVERecord?id=CVE-2024-23849
    https://www.cve.org/CVERecord?id=CVE-2024-23850
    https://www.cve.org/CVERecord?id=CVE-2024-23851
    https://www.cve.org/CVERecord?id=CVE-2024-26592
    https://www.cve.org/CVERecord?id=CVE-2024-26593
    https://www.cve.org/CVERecord?id=CVE-2024-26594
    https://www.cve.org/CVERecord?id=CVE-2024-26600
    https://www.cve.org/CVERecord?id=CVE-2024-26602
    https://www.cve.org/CVERecord?id=CVE-2024-26606
    https://www.cve.org/CVERecord?id=CVE-2024-26608
    https://www.cve.org/CVERecord?id=CVE-2024-26610
    https://www.cve.org/CVERecord?id=CVE-2024-26614
    https://www.cve.org/CVERecord?id=CVE-2024-26615
    https://www.cve.org/CVERecord?id=CVE-2024-26625
    https://www.cve.org/CVERecord?id=CVE-2024-26627
    https://www.cve.org/CVERecord?id=CVE-2024-26635
    https://www.cve.org/CVERecord?id=CVE-2024-26636
    https://www.cve.org/CVERecord?id=CVE-2024-26640
    https://www.cve.org/CVERecord?id=CVE-2024-26641
    https://www.cve.org/CVERecord?id=CVE-2024-26644
    https://www.cve.org/CVERecord?id=CVE-2024-26645
    https://www.cve.org/CVERecord?id=CVE-2024-26660
    https://www.cve.org/CVERecord?id=CVE-2024-26663
    https://www.cve.org/CVERecord?id=CVE-2024-26664
    https://www.cve.org/CVERecord?id=CVE-2024-26665
    https://www.cve.org/CVERecord?id=CVE-2024-26668
    https://www.cve.org/CVERecord?id=CVE-2024-26671
    https://www.cve.org/CVERecord?id=CVE-2024-26673
    https://www.cve.org/CVERecord?id=CVE-2024-26675
    https://www.cve.org/CVERecord?id=CVE-2024-26676
    https://www.cve.org/CVERecord?id=CVE-2024-26679
    https://www.cve.org/CVERecord?id=CVE-2024-26684
    https://www.cve.org/CVERecord?id=CVE-2024-26685
    https://www.cve.org/CVERecord?id=CVE-2024-26689
    https://www.cve.org/CVERecord?id=CVE-2024-26696
    https://www.cve.org/CVERecord?id=CVE-2024-26697
    https://www.cve.org/CVERecord?id=CVE-2024-26698
    https://www.cve.org/CVERecord?id=CVE-2024-26702
    https://www.cve.org/CVERecord?id=CVE-2024-26704
    https://www.cve.org/CVERecord?id=CVE-2024-26707
    https://www.cve.org/CVERecord?id=CVE-2024-26712
    https://www.cve.org/CVERecord?id=CVE-2024-26715
    https://www.cve.org/CVERecord?id=CVE-2024-26717
    https://www.cve.org/CVERecord?id=CVE-2024-26720
    https://www.cve.org/CVERecord?id=CVE-2024-26727
    https://www.cve.org/CVERecord?id=CVE-2024-26808
    Fixed in 5.15.150:
    https://www.cve.org/CVERecord?id=CVE-2023-52434
    https://www.cve.org/CVERecord?id=CVE-2023-52497
    https://www.cve.org/CVERecord?id=CVE-2023-52640
    https://www.cve.org/CVERecord?id=CVE-2023-52641
    https://www.cve.org/CVERecord?id=CVE-2024-0565
    https://www.cve.org/CVERecord?id=CVE-2024-26601
    https://www.cve.org/CVERecord?id=CVE-2024-26603
    https://www.cve.org/CVERecord?id=CVE-2024-26733
    https://www.cve.org/CVERecord?id=CVE-2024-26735
    https://www.cve.org/CVERecord?id=CVE-2024-26736
    https://www.cve.org/CVERecord?id=CVE-2024-26737
    https://www.cve.org/CVERecord?id=CVE-2024-26743
    https://www.cve.org/CVERecord?id=CVE-2024-26744
    https://www.cve.org/CVERecord?id=CVE-2024-26747
    https://www.cve.org/CVERecord?id=CVE-2024-26748
    https://www.cve.org/CVERecord?id=CVE-2024-26749
    https://www.cve.org/CVERecord?id=CVE-2024-26751
    https://www.cve.org/CVERecord?id=CVE-2024-26752
    https://www.cve.org/CVERecord?id=CVE-2024-26754
    https://www.cve.org/CVERecord?id=CVE-2024-26763
    https://www.cve.org/CVERecord?id=CVE-2024-26764
    https://www.cve.org/CVERecord?id=CVE-2024-26766
    https://www.cve.org/CVERecord?id=CVE-2024-26769
    https://www.cve.org/CVERecord?id=CVE-2024-26771
    https://www.cve.org/CVERecord?id=CVE-2024-26772
    https://www.cve.org/CVERecord?id=CVE-2024-26773
    https://www.cve.org/CVERecord?id=CVE-2024-26774
    https://www.cve.org/CVERecord?id=CVE-2024-26776
    https://www.cve.org/CVERecord?id=CVE-2024-26777
    https://www.cve.org/CVERecord?id=CVE-2024-26778
    https://www.cve.org/CVERecord?id=CVE-2024-26779
    Fixed in 5.15.151:
    https://www.cve.org/CVERecord?id=CVE-2023-52620
    https://www.cve.org/CVERecord?id=CVE-2024-0841
    https://www.cve.org/CVERecord?id=CVE-2024-26622
    https://www.cve.org/CVERecord?id=CVE-2024-26688
    https://www.cve.org/CVERecord?id=CVE-2024-26782
    https://www.cve.org/CVERecord?id=CVE-2024-26788
    https://www.cve.org/CVERecord?id=CVE-2024-26790
    https://www.cve.org/CVERecord?id=CVE-2024-26791
    https://www.cve.org/CVERecord?id=CVE-2024-26793
    https://www.cve.org/CVERecord?id=CVE-2024-26795
    https://www.cve.org/CVERecord?id=CVE-2024-26798
    https://www.cve.org/CVERecord?id=CVE-2024-26801
    https://www.cve.org/CVERecord?id=CVE-2024-26802
    https://www.cve.org/CVERecord?id=CVE-2024-26803
    https://www.cve.org/CVERecord?id=CVE-2024-26804
    https://www.cve.org/CVERecord?id=CVE-2024-26805
    Fixed in 5.15.152:
    https://www.cve.org/CVERecord?id=CVE-2024-26659
    https://www.cve.org/CVERecord?id=CVE-2024-26787
    Fixed in 5.15.153:
    https://www.cve.org/CVERecord?id=CVE-2023-52447
    https://www.cve.org/CVERecord?id=CVE-2023-6270
    https://www.cve.org/CVERecord?id=CVE-2023-7042
    https://www.cve.org/CVERecord?id=CVE-2024-22099
    https://www.cve.org/CVERecord?id=CVE-2024-26651
    https://www.cve.org/CVERecord?id=CVE-2024-26809
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3506
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Jul 2024, 19:14


06. VI 2024.

Sveži php paketi za Slackware 15.0 i -current:

Code: Select all

extra/php81/php81-8.1.29-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Bypass of CVE-2012-1823, Argument Injection in PHP-CGI.
  Filter bypass in filter_var FILTER_VALIDATE_URL.
  Bypass of CVE-2024-1874.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.29
    https://www.cve.org/CVERecord?id=CVE-2024-4577
    https://www.cve.org/CVERecord?id=CVE-2024-5458
    https://www.cve.org/CVERecord?id=CVE-2024-5585
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests