SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Tue Feb 28 21:33:32 UTC 2023
patches/packages/whois-5.5.16-x86_64-1_slack15.0.txz: Upgraded.
Add bash completion support, courtesy of Ville Skytta.
Updated the .tr TLD server.
Removed support for -metu NIC handles.
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Wed Mar 8 20:26:54 UTC 2023
patches/packages/httpd-2.4.56-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Thu Mar 16 23:34:56 UTC 2023
patches/packages/bind-9.16.39-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
https://www.cve.org/CVERecord?id=CVE-2023-25751
https://www.cve.org/CVERecord?id=CVE-2023-28164
https://www.cve.org/CVERecord?id=CVE-2023-28162
https://www.cve.org/CVERecord?id=CVE-2023-25752
https://www.cve.org/CVERecord?id=CVE-2023-28163
https://www.cve.org/CVERecord?id=CVE-2023-28176
(* Security fix *)
patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz: Upgraded.
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
For more information, see:
https://www.openssh.com/txt/release-9.3
(* Security fix *)
testing/packages/bind-9.18.13-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
(The website still hasn't updated. I manually added the formatting information. Hope I did it correctly.)
Thanks for the heads-up
This happens sometimes, I have to identify why, for the moment it's not very clear...
The script seems to make a 2nd pass, with an empty diff
So when this happens, you can find the 1st pass with the -old.txt file in the html tree
2 updates (x86_64). Including a (* Security fix *)! : 1 upgraded, 1 rebuilt
Code:
Fri Mar 24 19:42:46 UTC 2023
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
7 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 5 rebuilt
Code:
Wed Mar 29 20:56:21 UTC 2023
patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
https://www.cve.org/CVERecord?id=CVE-2023-28427
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Fri Mar 31 18:01:09 UTC 2023
patches/packages/ruby-3.0.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
https://www.cve.org/CVERecord?id=CVE-2023-28755
https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
patches/packages/seamonkey-2.53.16-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Sun Apr 2 18:33:01 UTC 2023
patches/packages/irssi-1.4.4-x86_64-1_slack15.0.txz: Upgraded.
Do not crash Irssi when one line is printed as the result of another line
being printed.
Also solve a memory leak while printing unformatted lines.
(* Security fix *)
Wed Apr 5 18:31:03 UTC 2023
patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. The primary focus is to correct a rare corruption
bug in high compression mode. While the probability might be very small,
corruption issues are nonetheless very serious, so an update to this version
is highly recommended, especially if you employ high compression modes
(levels 16+).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
