-   Slackware (
-   -   [Slackware security] vulnerabilities outstanding 20140101 (

mats_b_tegner 01-22-2021 09:34 PM

Mutt 2.0.5 was released on January 21, 2021. This is a bug-fix release, fixing a few memory leaks, including CVE-2021-3181.

fskmh 01-26-2021 06:32 PM

CVE-2021-3156 sudo heap buffer overflow
1 Attachment(s)
Heap buffer overflow affecting sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.

Patch is here.

Additional note: Conditional check of libpam symbolic link in sudo.Slackbuild fails on Slackware64 because LIBDIRSUFFIX is not defined in the arch detection stanza like it usually is.

drgibbon 01-26-2021 06:56 PM

Fixed in -current (and 14.0, 14.1, 14.2).

upnort 01-26-2021 07:53 PM

Recently several dnsmasq vulnerabilities were reported. Version 2.78 in 14.2 is affected.

mats_b_tegner 02-06-2021 09:41 AM

CVE-2021-21148 affects Google Chrome/Chromium-based browsers
Upgrade to Chromium 88.0.4324.150 or later.

mats_b_tegner 02-11-2021 08:01 AM

GNU Screen up to and including version 4.8.0 is vulnerable to CVE-2021-26937
A patch is available here:

The patch seems to apply cleanly on 4.8.0 running Slackware-current as far as I can tell.

mats_b_tegner 02-16-2021 01:25 PM

OpenSSL 1.1.1j
Upgraded in -current according to the latest ChangeLogs:

n/openssl-1.1.1j-i586-1.txz: Upgraded.
n/openssl-1.1.1j-x86_64-1.txz: Upgraded.
This fixes bugs and denial of service vulnerabilities.
For more information, see:
(* Security fix *)

ttk 02-18-2021 07:03 PM

python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

Not aware of any patch yet.

ponce 02-19-2021 02:01 AM


Originally Posted by ttk (Post 6221917)
python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

Not aware of any patch yet.

this should be the backported patch from the development branch

nobodino 02-23-2021 01:20 AM

Bind-9.10.12 affected by a serious bug according to this:

it's advised to downgrade to bind-9.10.11 + a sed patch.

Jan K. 02-23-2021 11:05 AM

Kinda "nice" thread, but perhaps unstick it and create [Slackware security] vulnerabilities outstanding 20210301 ?

Or whatever month/day we go beyond Slackware 15 beta...

mats_b_tegner 02-24-2021 04:20 AM

Thunderbird 78.8.0 fixes the following security vulnerabilities:

mats_b_tegner 02-24-2021 04:21 AM

duplicate post.

All times are GMT -5. The time now is 03:37 AM.