Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:02


19. IV 2024.

Sveži freerdp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/freerdp-2.11.6-i586-1_slack15.0.txz:  Upgraded.
  This release is a security release and addresses multiple issues:
  [Low] OutOfBound Read in zgfx_decompress_segment.
  [Moderate] Integer overflow & OutOfBound Write in
  clear_decompress_residual_data.
  [Low] integer underflow in nsc_rle_decode.
  [Low] OutOfBound Read in planar_skip_plane_rle.
  [Low] OutOfBound Read in ncrush_decompress.
  [Low] OutOfBound Read in interleaved_decompress.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32041
    https://www.cve.org/CVERecord?id=CVE-2024-32039
    https://www.cve.org/CVERecord?id=CVE-2024-32040
    https://www.cve.org/CVERecord?id=CVE-2024-32458
    https://www.cve.org/CVERecord?id=CVE-2024-32459
    https://www.cve.org/CVERecord?id=CVE-2024-32460
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:02


22. IV 2024.

Sveži freerdp paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/freerdp-2.11.7-i586-1_slack15.0.txz:  Upgraded.
  This release eliminates a bunch of issues detected during oss-fuzz runs.
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:03


23. IV 2024.

Sveži ruby paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/ruby-3.0.7-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Arbitrary memory address read vulnerability with Regex search.
  RCE vulnerability with .rdoc_options in RDoc.
  Buffer overread vulnerability in StringIO.
  For more information, see:
    https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
    https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
    https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
    https://www.cve.org/CVERecord?id=CVE-2024-27282
    https://www.cve.org/CVERecord?id=CVE-2024-27281
    https://www.cve.org/CVERecord?id=CVE-2024-27280
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 May 2024, 09:03


25. IV 2024.

Sveži libarchive paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz:  Rebuilt.
  Patched an out-of-bound error in the rar e8 filter that could allow for
  the execution of arbitrary code.
  Thanks to gmgf for the heads-up.
  For more information, see:
    https://github.com/advisories/GHSA-2jc9-36w4-pmqw
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:44


13. V 2024.

Sveži libxml2 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/libxml2-2.11.8-i586-1_slack15.0.txz:  Upgraded.
  Fix buffer overread with "xmllint --htmlout".
  xmllint: Fix --pedantic option.
  save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-34459
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:45


14. V 2024.

Sveži mozilla-firefox paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-firefox-115.11.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-22/
    https://www.cve.org/CVERecord?id=CVE-2024-4367
    https://www.cve.org/CVERecord?id=CVE-2024-4767
    https://www.cve.org/CVERecord?id=CVE-2024-4768
    https://www.cve.org/CVERecord?id=CVE-2024-4769
    https://www.cve.org/CVERecord?id=CVE-2024-4770
    https://www.cve.org/CVERecord?id=CVE-2024-4777
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3487
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 20 May 2024, 18:46


15. V 2024.

Sveži gdk-pixbuf2 i git paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz:  Upgraded.
  ani: Reject files with multiple INA or IART chunks.
  ani: Reject files with multiple anih chunks.
  ani: validate chunk size.
  Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48622
  (* Security fix *)

Code: Select all

patches/packages/git-2.39.4-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Recursive clones on case-insensitive filesystems that support symbolic
  links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.
  Repositories can be configured to execute arbitrary code during local
  clones. To address this, the ownership checks introduced in v2.30.3
  are now extended to cover cloning local repositories.
  Local clones may end up hardlinking files into the target repository's
  object database when source and target repository reside on the same
  disk. If the source repository is owned by a different user, then
  those hardlinked files may be rewritten at any point in time by the
  untrusted user.
  When cloning a local source repository that contains symlinks via the
  filesystem, Git may create hardlinks to arbitrary user-readable files
  on the same filesystem as the target repository in the objects/
  directory.
  It is supposed to be safe to clone untrusted repositories, even those
  unpacked from zip archives or tarballs originating from untrusted
  sources, but Git can be tricked to run arbitrary code as part of the
  clone.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32002
    https://www.cve.org/CVERecord?id=CVE-2024-32004
    https://www.cve.org/CVERecord?id=CVE-2024-32020
    https://www.cve.org/CVERecord?id=CVE-2024-32021
    https://www.cve.org/CVERecord?id=CVE-2024-32465
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 4 guests