Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Nov 2023, 19:53


22. X 2023.

Sveži LibRaw paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/LibRaw-0.20.2-i586-4_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
  gets(char*, int), which could lead to privilege escalation or application
  crash.
  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
  application crash by maliciously crafted input file.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-32142
    https://www.cve.org/CVERecord?id=CVE-2023-1729
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Nov 2023, 19:54


24. X 2023.

Sveži vim i mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.4.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-46/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)

Code: Select all

patches/packages/vim-9.0.2063-i586-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free security issue.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-5535
  (* Security fix *)
patches/packages/vim-gvim-9.0.2063-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Nov 2023, 19:56


26. X 2023.

Sveži mozilla-thunderbird i xorg-server paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.4.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)

Code: Select all

patches/packages/xorg-server-1.20.14-i586-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-8_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 12 Nov 2023, 12:46


07. XI 2023.

Sveži sudo paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/sudo-1.9.15-i586-1_slack15.0.txz:  Upgraded.
  The sudoers plugin has been modified to make it more resilient to ROWHAMMER
  attacks on authentication and policy matching.
  The sudoers plugin now constructs the user time stamp file path name using
  the user-ID instead of the user name. This avoids a potential problem with
  user names that contain a path separator ('/') being interpreted as part of
  the path name.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42465
    https://www.cve.org/CVERecord?id=CVE-2023-42456
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Nov 2023, 19:26


13. XI 2023.

Sveži tigervnc paketi za Slackware 15.0 i -current:

Code: Select all

extra/tigervnc/tigervnc-1.12.0-i586-4_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including patches for several
  security issues. Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-3550
    https://www.cve.org/CVERecord?id=CVE-2022-3551
    https://www.cve.org/CVERecord?id=CVE-2022-3553
    https://www.cve.org/CVERecord?id=CVE-2022-4283
    https://www.cve.org/CVERecord?id=CVE-2022-46340
    https://www.cve.org/CVERecord?id=CVE-2022-46341
    https://www.cve.org/CVERecord?id=CVE-2022-46342
    https://www.cve.org/CVERecord?id=CVE-2022-46343
    https://www.cve.org/CVERecord?id=CVE-2022-46344
    https://www.cve.org/CVERecord?id=CVE-2023-0494
    https://www.cve.org/CVERecord?id=CVE-2023-1393
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Nov 2023, 19:26


14. XI 2023.

Sveži mariadb paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mariadb-10.5.23-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Vulnerability allows high privileged attacker with network access via
  multiple protocols to compromise the server. Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 18 Nov 2023, 19:27


16. XI 2023.

Sveži gimp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gimp-2.10.36-i586-1_slack15.0.txz:  Upgraded.
  This release fixes security issues:
  If a user loads a malicious DDS, PSD, or PSP file, this could result in a
  program crash or possibly the execution of arbitrary code.
  Please note that this package also requires the updated gegl package.
  Thanks to henca for the heads-up.
  For more information, see:
    https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Dec 2023, 23:21


21. XI 2023.

Sveži kernel paketi za Slackware 15.0:

Code: Select all

patches/packages/linux-5.15.139/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.116:
    https://www.cve.org/CVERecord?id=CVE-2023-35788
    https://www.cve.org/CVERecord?id=CVE-2022-45887
    https://www.cve.org/CVERecord?id=CVE-2022-45886
    https://www.cve.org/CVERecord?id=CVE-2023-3212
    https://www.cve.org/CVERecord?id=CVE-2022-45919
    Fixed in 5.15.117:
    https://www.cve.org/CVERecord?id=CVE-2023-2124
    https://www.cve.org/CVERecord?id=CVE-2023-34255
    Fixed in 5.15.118:
    https://www.cve.org/CVERecord?id=CVE-2023-3609
    https://www.cve.org/CVERecord?id=CVE-2023-3117
    https://www.cve.org/CVERecord?id=CVE-2023-3390
    https://www.cve.org/CVERecord?id=CVE-2023-3338
    Fixed in 5.15.119:
    https://www.cve.org/CVERecord?id=CVE-2023-3610
    Fixed in 5.15.121:
    https://www.cve.org/CVERecord?id=CVE-2023-31248
    https://www.cve.org/CVERecord?id=CVE-2023-38432
    https://www.cve.org/CVERecord?id=CVE-2023-3866
    https://www.cve.org/CVERecord?id=CVE-2023-2898
    https://www.cve.org/CVERecord?id=CVE-2023-44466
    https://www.cve.org/CVERecord?id=CVE-2023-4132
    https://www.cve.org/CVERecord?id=CVE-2023-3611
    https://www.cve.org/CVERecord?id=CVE-2022-48502
    https://www.cve.org/CVERecord?id=CVE-2023-3865
    https://www.cve.org/CVERecord?id=CVE-2023-35001
    https://www.cve.org/CVERecord?id=CVE-2023-3776
    https://www.cve.org/CVERecord?id=CVE-2023-3863
    Fixed in 5.15.122:
    https://www.cve.org/CVERecord?id=CVE-2023-20593
    Fixed in 5.15.123:
    https://www.cve.org/CVERecord?id=CVE-2023-3777
    https://www.cve.org/CVERecord?id=CVE-2023-4004
    Fixed in 5.15.124:
    https://www.cve.org/CVERecord?id=CVE-2023-4015
    https://www.cve.org/CVERecord?id=CVE-2023-4147
    https://www.cve.org/CVERecord?id=CVE-2023-1206
    Fixed in 5.15.125:
    https://www.cve.org/CVERecord?id=CVE-2022-40982
    https://www.cve.org/CVERecord?id=CVE-2023-20569
    Fixed in 5.15.126:
    https://www.cve.org/CVERecord?id=CVE-2023-20588
    https://www.cve.org/CVERecord?id=CVE-2023-4128
    https://www.cve.org/CVERecord?id=CVE-2023-4208
    https://www.cve.org/CVERecord?id=CVE-2023-4206
    https://www.cve.org/CVERecord?id=CVE-2023-4207
    https://www.cve.org/CVERecord?id=CVE-2023-40283
    Fixed in 5.15.128:
    https://www.cve.org/CVERecord?id=CVE-2023-4569
    https://www.cve.org/CVERecord?id=CVE-2023-39194
    https://www.cve.org/CVERecord?id=CVE-2023-4273
    https://www.cve.org/CVERecord?id=CVE-2023-3772
    Fixed in 5.15.132:
    https://www.cve.org/CVERecord?id=CVE-2023-4921
    https://www.cve.org/CVERecord?id=CVE-2023-4623
    https://www.cve.org/CVERecord?id=CVE-2023-42753
    https://www.cve.org/CVERecord?id=CVE-2023-42752
    https://www.cve.org/CVERecord?id=CVE-2023-39189
    https://www.cve.org/CVERecord?id=CVE-2023-4881
    https://www.cve.org/CVERecord?id=CVE-2023-45871
    https://www.cve.org/CVERecord?id=CVE-2023-39193
    https://www.cve.org/CVERecord?id=CVE-2023-39192
    Fixed in 5.15.133:
    https://www.cve.org/CVERecord?id=CVE-2023-42755
    Fixed in 5.15.134:
    https://www.cve.org/CVERecord?id=CVE-2023-42754
    https://www.cve.org/CVERecord?id=CVE-2023-4563
    https://www.cve.org/CVERecord?id=CVE-2023-4244
    https://www.cve.org/CVERecord?id=CVE-2023-5197
    Fixed in 5.15.135:
    https://www.cve.org/CVERecord?id=CVE-2023-34324
    https://www.cve.org/CVERecord?id=CVE-2023-31085
    https://www.cve.org/CVERecord?id=CVE-2023-5158
    Fixed in 5.15.136:
    https://www.cve.org/CVERecord?id=CVE-2023-35827
    Fixed in 5.15.137:
    https://www.cve.org/CVERecord?id=CVE-2023-46813
    https://www.cve.org/CVERecord?id=CVE-2023-5717
    https://www.cve.org/CVERecord?id=CVE-2023-5178
  (* Security fix *)
Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.5.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  Thanks to zuriel for the taskbar icon fix on Wayland. :-)
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-50/
    https://www.cve.org/CVERecord?id=CVE-2023-6204
    https://www.cve.org/CVERecord?id=CVE-2023-6205
    https://www.cve.org/CVERecord?id=CVE-2023-6206
    https://www.cve.org/CVERecord?id=CVE-2023-6207
    https://www.cve.org/CVERecord?id=CVE-2023-6208
    https://www.cve.org/CVERecord?id=CVE-2023-6209
    https://www.cve.org/CVERecord?id=CVE-2023-6212
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Dec 2023, 23:22


22. XI 2023.

Sveži mozilla-thunderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-115.5.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
    https://www.cve.org/CVERecord?id=CVE-2023-6204
    https://www.cve.org/CVERecord?id=CVE-2023-6205
    https://www.cve.org/CVERecord?id=CVE-2023-6206
    https://www.cve.org/CVERecord?id=CVE-2023-6207
    https://www.cve.org/CVERecord?id=CVE-2023-6208
    https://www.cve.org/CVERecord?id=CVE-2023-6209
    https://www.cve.org/CVERecord?id=CVE-2023-6212
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3441
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Dec 2023, 23:23


24. XI 2023.

Sveži vim paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/vim-9.0.2127-i586-1_slack15.0.txz:  Upgraded.
  Fixed security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-48231
    https://www.cve.org/CVERecord?id=CVE-2023-48232
    https://www.cve.org/CVERecord?id=CVE-2023-48233
    https://www.cve.org/CVERecord?id=CVE-2023-48234
    https://www.cve.org/CVERecord?id=CVE-2023-48235
    https://www.cve.org/CVERecord?id=CVE-2023-48236
    https://www.cve.org/CVERecord?id=CVE-2023-48237
  (* Security fix *)
patches/packages/vim-gvim-9.0.2127-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests