Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 26 Mar 2023, 19:36


20. III 2023.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/curl-8.0.1-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  SSH connection too eager reuse still.
  HSTS double-free.
  GSS delegation too eager connection re-use.
  FTP too eager connection reuse.
  SFTP path ~ resolving discrepancy.
  TELNET option IAC injection.
  For more information, see:
    https://curl.se/docs/CVE-2023-27538.html
    https://curl.se/docs/CVE-2023-27537.html
    https://curl.se/docs/CVE-2023-27536.html
    https://curl.se/docs/CVE-2023-27535.html
    https://curl.se/docs/CVE-2023-27534.html
    https://curl.se/docs/CVE-2023-27533.html
    https://www.cve.org/CVERecord?id=CVE-2023-27538
    https://www.cve.org/CVERecord?id=CVE-2023-27537
    https://www.cve.org/CVERecord?id=CVE-2023-27536
    https://www.cve.org/CVERecord?id=CVE-2023-27535
    https://www.cve.org/CVERecord?id=CVE-2023-27534
    https://www.cve.org/CVERecord?id=CVE-2023-27533
  (* Security fix *)
Sveži vim paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/vim-9.0.1418-i586-1_slack15.0.txz:  Upgraded.
  Fixed security issues:
  NULL pointer dereference issue in utfc_ptr2len.
  Incorrect Calculation of Buffer Size.
  Heap-based Buffer Overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-1264
    https://www.cve.org/CVERecord?id=CVE-2023-1175
    https://www.cve.org/CVERecord?id=CVE-2023-1170
  (* Security fix *)
patches/packages/vim-gvim-9.0.1418-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 26 Mar 2023, 19:37


24. III 2023.

Sveži tar paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/tar-1.34-i586-2_slack15.0.txz:  Rebuilt.
  GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
  of uninitialized memory for a conditional jump. Exploitation to change the
  flow of control has not been demonstrated. The issue occurs in from_header
  in list.c via a V7 archive in which mtime has approximately 11 whitespace
  characters.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48303
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Apr 2023, 20:08


29. III 2023.

Sveži mozilla-thunderbird i xorg-server paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-102.9.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
    https://www.cve.org/CVERecord?id=CVE-2023-28427
  (* Security fix *)

Code: Select all

patches/packages/xorg-server-1.20.14-i586-8_slack15.0.txz:  Rebuilt.
  [PATCH] composite: Fix use-after-free of the COW.
  Fix use-after-free that can lead to local privileges elevation on systems
  where the X server is running privileged and remote code execution for ssh
  X forwarding sessions.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-March/003374.html
    https://www.cve.org/CVERecord?id=CVE-2023-1393
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-7_slack15.0.txz:  Rebuilt.
  [PATCH] composite: Fix use-after-free of the COW.
  Fix use-after-free that can lead to local privileges elevation on systems
  where the X server is running privileged and remote code execution for ssh
  X forwarding sessions.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-March/003374.html
    https://www.cve.org/CVERecord?id=CVE-2023-1393
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Apr 2023, 20:09


31. III 2023.

Sveži ruby i seamonkey paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/ruby-3.0.6-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  ReDoS vulnerability in URI.
  ReDoS vulnerability in Time.
  For more information, see:
    https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
    https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
    https://www.cve.org/CVERecord?id=CVE-2023-28755
    https://www.cve.org/CVERecord?id=CVE-2023-28756
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.53.16-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.16
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 03 Apr 2023, 20:10


02. IV 2023.

Sveži irssi paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/irssi-1.4.4-i586-1_slack15.0.txz:  Upgraded.
  Do not crash Irssi when one line is printed as the result of another line
  being printed.
  Also solve a memory leak while printing unformatted lines.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Apr 2023, 20:17


11. IV 2023.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-102.10.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 Apr 2023, 20:18


12. IV 2023.

Sveži mozilla-thinderbird paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-102.10.0-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-0547
    https://www.cve.org/CVERecord?id=CVE-2023-29479
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29542
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2023, 12:43


25. IV 2023.

Sveži git paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/git-2.35.8-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  By feeding specially crafted input to `git apply --reject`, a
  path outside the working tree can be overwritten with partially
  controlled contents (corresponding to the rejected hunk(s) from
  the given patch).
  When Git is compiled with runtime prefix support and runs without
  translated messages, it still used the gettext machinery to
  display messages, which subsequently potentially looked for
  translated messages in unexpected places. This allowed for
  malicious placement of crafted messages.
  When renaming or deleting a section from a configuration file,
  certain malicious configuration values may be misinterpreted as
  the beginning of a new configuration section, leading to arbitrary
  configuration injection.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-25652
    https://www.cve.org/CVERecord?id=CVE-2023-25815
    https://www.cve.org/CVERecord?id=CVE-2023-29007
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2023, 12:44


01. V 2023.

Sveži netatalk paketi za Slackware 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/netatalk-3.1.15-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues, including a critical vulnerability that
  allows remote attackers to execute arbitrary code on affected installations
  of Netatalk. Authentication is not required to exploit this vulnerability.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-43634
    https://www.cve.org/CVERecord?id=CVE-2022-45188
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2023, 12:44


04. V 2023.

Sveži libssh paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/libssh-0.10.5-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A NULL dereference during rekeying with algorithm guessing.
  A possible authorization bypass in pki_verify_data_signature under
  low-memory conditions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-1667
    https://www.cve.org/CVERecord?id=CVE-2023-2283
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 35 guests