SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A slackware forum thread dedicaced to the latest slackware-15.0 changelog
This will at least give some visibility on the latest updates here on the forum
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Thu Dec 22 03:40:55 UTC 2022
patches/packages/bind-9.16.36-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/curl-7.87.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/mozilla-thunderbird-102.6.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/
https://www.cve.org/CVERecord?id=CVE-2022-46874
(* Security fix *)
testing/packages/bind-9.16.36-x86_64-1_slack15.0.txz: Upgraded.
I'll strive to timely post here any update of Slackware 15.0 changelog.
I'll use the output of marav script provided at http://marav8.free.fr/report/slack-15.0-x86_64.txt
Should you detect the update before me, don't hesitate to post it.
I won't have any hard feeling about it
On the subject of the changelog, I don't follow the testing directory, but I did notice that bind under testing has reverted to 9.16.36 (matching what was added in patches).
Back in March, version 9.18 slipped into patches by mistake, and PV put it into testing when reverting back to 9.16. Did 9.16 get added to testing by mistake?
Quote:
Mon Mar 21 20:24:16 UTC 2022
patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz: Upgraded.
Sorry folks, I had not meant to bump BIND to the newer branch. I've moved
the other packages into /testing.
I believe that Slackware is a great distribution, more than worth to be spelled its name with capital "S" letter, that's why I ask you to be kind to edit the thread title s/slackware/Slackware
I could not find a way to edit the thread title (Edit doesn't allow that and there is no entry in Thread Tool).
Any pointer on how to change the thread title is welcome.
--EDIT-- forget about it. I found it (in Edit "Advanced")
Last edited by gegechris99; 12-23-2022 at 01:54 AM.
Reason: found it!!!
3 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 1 rebuilt
Code:
Wed Jan 4 02:18:08 UTC 2023
patches/packages/libtiff-4.4.0-x86_64-1_slack15.0.txz: Upgraded.
Patched various security bugs.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-2056
https://www.cve.org/CVERecord?id=CVE-2022-2057
https://www.cve.org/CVERecord?id=CVE-2022-2058
https://www.cve.org/CVERecord?id=CVE-2022-3970
https://www.cve.org/CVERecord?id=CVE-2022-34526
(* Security fix *)
patches/packages/rxvt-unicode-9.26-x86_64-3_slack15.0.txz: Rebuilt.
When the "background" extension was loaded, an attacker able to control the
data written to the terminal would be able to execute arbitrary code as the
terminal's user. Thanks to David Leadbeater and Ben Collver.
For more information, see:
https://www.openwall.com/lists/oss-security/2022/12/05/1
https://www.cve.org/CVERecord?id=CVE-2022-4170
(* Security fix *)
patches/packages/whois-5.5.15-x86_64-1_slack15.0.txz: Upgraded.
Updated the .bd, .nz and .tv TLD servers.
Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
Updated the .ac.uk and .gov.uk SLD servers.
Recursion has been enabled for whois.nic.tv.
Updated the list of new gTLDs with four generic TLDs assigned in October 2013
which were missing due to a bug.
Removed 4 new gTLDs which are no longer active.
Added the Georgian translation, contributed by Temuri Doghonadze.
Updated the Finnish translation, contributed by Lauri Nurmi.
4 updates (x86_64). Including a (* Security fix *)! : 3 upgraded, 1 rebuilt
Code:
Sat Jan 7 01:50:00 UTC 2023
extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz: Upgraded.
Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
https://www.cve.org/CVERecord?id=CVE-2021-43527
(* Security fix *)
patches/packages/php-7.4.33-x86_64-2_slack15.0.txz: Rebuilt.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
Tue Jan 10 21:32:00 UTC 2023
patches/packages/ca-certificates-20221205-noarch-2_slack15.0.txz: Rebuilt.
Make sure that if we're installing this package on another partition (such as
when using installpkg with a --root parameter) that the updates are done on
that partition. Thanks to fulalas.
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Fri Jan 13 20:29:55 UTC 2023
patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txz: Upgraded.
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
resulting in code execution via a crafted .appl file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45188
(* Security fix *)
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Wed Jan 18 06:11:54 UTC 2023
patches/packages/git-2.35.6-x86_64-1_slack15.0.txz: Upgraded.
This release fixes two security issues:
* CVE-2022-41903:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(,
%>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
* CVE-2022-23521:
gitattributes are a mechanism to allow defining attributes for
paths. These attributes can be defined by adding a `.gitattributes`
file to the repository, which contains a set of file patterns and
the attributes that should be set for paths matching this pattern.
When parsing gitattributes, multiple integer overflows can occur
when there is a huge number of path patterns, a huge number of
attributes for a single pattern, or when the declared attribute
names are huge.
These overflows can be triggered via a crafted `.gitattributes` file
that may be part of the commit history. Git silently splits lines
longer than 2KB when parsing gitattributes from a file, but not when
parsing them from the index. Consequentially, the failure mode
depends on whether the file exists in the working tree, the index or
both.
This integer overflow can result in arbitrary heap reads and writes,
which may result in remote code execution.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-41903
https://www.cve.org/CVERecord?id=CVE-2022-23521
(* Security fix *)
patches/packages/httpd-2.4.55-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy allows a backend to trigger HTTP response splitting.
mod_proxy_ajp possible request smuggling.
mod_dav out of bounds read, or write of zero byte.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.55
https://www.cve.org/CVERecord?id=CVE-2022-37436
https://www.cve.org/CVERecord?id=CVE-2022-36760
https://www.cve.org/CVERecord?id=CVE-2006-20001
(* Security fix *)
patches/packages/libXpm-3.5.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Infinite loop on unclosed comments.
Runaway loop with width of 0 and enormous height.
Compression commands depend on $PATH.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-46285
https://www.cve.org/CVERecord?id=CVE-2022-44617
https://www.cve.org/CVERecord?id=CVE-2022-4883
(* Security fix *)
patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
https://www.cve.org/CVERecord?id=CVE-2022-46871
https://www.cve.org/CVERecord?id=CVE-2023-23598
https://www.cve.org/CVERecord?id=CVE-2023-23599
https://www.cve.org/CVERecord?id=CVE-2023-23601
https://www.cve.org/CVERecord?id=CVE-2023-23602
https://www.cve.org/CVERecord?id=CVE-2022-46877
https://www.cve.org/CVERecord?id=CVE-2023-23603
https://www.cve.org/CVERecord?id=CVE-2023-23605
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Thu Jan 19 00:40:12 UTC 2023
patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
a malicious user with sudoedit privileges to edit arbitrary files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22809
(* Security fix *)
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Fri Jan 20 23:58:24 UTC 2023
patches/packages/mozilla-thunderbird-102.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.7
(* Security fix *)
patches/packages/seamonkey-2.53.15-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.15
(* Security fix *)
Last edited by gegechris99; 01-21-2023 at 04:02 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
