Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Sep 2022, 07:40


20.09.2022.

Sveži mozilla-firefox paketi za Slackware 15 i -current:

Code: Select all

patches/packages/mozilla-firefox-102.3.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-41/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Sep 2022, 07:41


21.09.2022.

Sveži bind paketi za Slackware 15 i -current:

Code: Select all

patches/packages/bind-9.16.33-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  Fix memory leak in EdDSA verify processing.
  Fix memory leak in ECDSA verify processing.
  Fix serve-stale crash that could happen when stale-answer-client-timeout
  was set to 0 and there was a stale CNAME in the cache for an incoming query.
  Prevent excessive resource use while processing large delegations.
  For more information, see:
    https://kb.isc.org/docs/cve-2022-38178
    https://kb.isc.org/docs/cve-2022-38177
    https://kb.isc.org/docs/cve-2022-3080
    https://kb.isc.org/docs/cve-2022-2795
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 25 Sep 2022, 07:41


23.09.2022.

Sveži vim paketi za Slackware 15 i -current:

Code: Select all

patches/packages/vim-9.0.0558-i586-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
  (* Security fix *)
patches/packages/vim-gvim-9.0.0558-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Oct 2022, 15:34


26.09.2022.

Sveži dnsmasq paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/dnsmasq-2.87-i586-1_slack15.0.txz:  Upgraded.
  Fix write-after-free error in DHCPv6 server code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934
  (* Security fix *)

Sveži vim paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/vim-9.0.0594-i586-1_slack15.0.txz:  Upgraded.
  Fixed stack-based buffer overflow.
  Thanks to marav for the heads-up.
  In addition, Mig21 pointed out an issue where the defaults.vim file might
  need to be edited for some purposes as its contents will override the
  settings in the system-wide vimrc. Usually this file is replaced whenever
  vim is upgraded, which in those situations would be inconvenient for the
  admin. So, I've added support for a file named defaults.vim.custom which
  (if it exists) will be used instead of the defaults.vim file shipped in
  the packages and will persist through upgrades.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
  (* Security fix *)
patches/packages/vim-gvim-9.0.0594-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Oct 2022, 15:35


28.09.2022.

Sveži xorg-server-xwayland paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/xorg-server-xwayland-21.1.4-i586-2_slack15.0.txz:  Rebuilt.
  xkb: switch to array index loops to moving pointers.
  xkb: add request length validation for XkbSetGeometry.
  xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
  I hadn't realized that the xorg-server patches were needed (or applied
  cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-)
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 01 Oct 2022, 15:37


30.09.2022.

Sveži mozilla-thunderbird, php, seamonkey i vim paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/mozilla-thunderbird-102.3.1-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236
  (* Security fix *)

Code: Select all

patches/packages/php-7.4.32-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)

Code: Select all

patches/packages/seamonkey-2.53.14-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.14
  (* Security fix *)

Code: Select all

patches/packages/vim-9.0.0623-i586-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free and stack-based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324
  (* Security fix *)
patches/packages/vim-gvim-9.0.0623-i586-1_slack15.0.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Oct 2022, 14:31


05.10.2022.

Sveži dhcp paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz:  Upgraded.
  This update fixes two security issues:
  Corrected a reference count leak that occurs when the server builds
  responses to leasequery packets.
  Corrected a memory leak that occurs when unpacking a packet that has an
  FQDN option (81) that contains a label with length greater than 63 bytes.
  Thanks to VictorV of Cyber Kunlun Lab for reporting these issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Oct 2022, 14:33


08.10.2022.

Sveži libksba paketi za Slackware 14.2, 15.0 i -current:

Code: Select all

patches/packages/libksba-1.6.2-i586-1_slack15.0.txz:  Upgraded.
  Detect a possible overflow directly in the TLV parser.
  This patch detects possible integer overflows immmediately when creating
  the TI object.
  Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 15 Oct 2022, 14:34


13.10.2022.

Sveži python3 paketi za Slackware 15.0 i -current:

Code: Select all

patches/packages/python3-3.9.15-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap
  use-after-free vulnerability in function doContent.
  gh-97616: a fix for a possible buffer overflow in list *= int.
  gh-97612: a fix for possible shell injection in the example script
  get-remote-certificate.py.
  gh-96577: a fix for a potential buffer overrun in msilib.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 3451
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 24 Oct 2022, 06:43


15.10.2022.

Sveži zlib paketi za Slackware 14.0, 14.1, 14.2, 15.0 i -current:

Code: Select all

patches/packages/zlib-1.2.13-i586-1_slack15.0.txz:  Upgraded.
  Fixed a bug when getting a gzip header extra field with inflateGetHeader().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 30 guests