SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Wed Apr 3 19:58:56 UTC 2024
patches/packages/whois-5.5.22-x86_64-1_slack15.0.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
2 updates (x86_64). Including a (* Security fix *)! : 2 Upgraded
Code:
Thu Apr 4 20:49:23 UTC 2024
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 Rebuilt
Code:
Fri Apr 5 20:11:23 UTC 2024
extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 Upgraded
Code:
Mon Apr 8 18:44:37 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
Wed Apr 17 20:35:48 UTC 2024
patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10
(* Security fix *)
Thu Apr 18 19:17:30 UTC 2024
patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt.
testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
Fri Apr 19 05:38:28 UTC 2024
patches/packages/mozilla-thunderbird-115.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.1/releasenotes/
Fri Apr 19 19:36:17 UTC 2024
patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz: Upgraded.
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32041
https://www.cve.org/CVERecord?id=CVE-2024-32039
https://www.cve.org/CVERecord?id=CVE-2024-32040
https://www.cve.org/CVERecord?id=CVE-2024-32458
https://www.cve.org/CVERecord?id=CVE-2024-32459
https://www.cve.org/CVERecord?id=CVE-2024-32460
(* Security fix *)
Mon Apr 22 19:36:38 UTC 2024
patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
This release eliminates a bunch of issues detected during oss-fuzz runs.
(* Security fix *)
Tue Apr 23 19:48:05 UTC 2024
patches/packages/emacs-29.3-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release.
Only build the X11/GTK+3 version. Use "emacs -nw" if you want to start it
in a terminal emulator in text mode, or rebuild if you really need to get
rid of the X11 dependency for some reason.
Build using --with-pdumper=auto. It seems that --with-dumping=unexec produces
a buggy Emacs here in the modern era, with symptoms such as "child signal FD:
Invalid argument". It's possible this had something to do with the reported
memory leaks as well.
Thanks to 3Tom for the bug report.
patches/packages/krusader-2.8.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
