LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] vulnerabilities outstanding 20140101 (https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-vulnerabilities-outstanding-20140101-a-4175489800/)

mats_b_tegner 01-22-2021 09:34 PM

Mutt 2.0.5 was released on January 21, 2021. This is a bug-fix release, fixing a few memory leaks, including CVE-2021-3181.
ftp://ftp.mutt.org/pub/mutt/mutt-2.0.5.tar.gz

fskmh 01-26-2021 06:32 PM

CVE-2021-3156 sudo heap buffer overflow
 
1 Attachment(s)
CVE-2021-3156
Heap buffer overflow affecting sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.

Patch is here.

Additional note: Conditional check of libpam symbolic link in sudo.Slackbuild fails on Slackware64 because LIBDIRSUFFIX is not defined in the arch detection stanza like it usually is.

drgibbon 01-26-2021 06:56 PM

Fixed in -current (and 14.0, 14.1, 14.2).

upnort 01-26-2021 07:53 PM

Recently several dnsmasq vulnerabilities were reported. Version 2.78 in 14.2 is affected.

mats_b_tegner 02-06-2021 09:41 AM

CVE-2021-21148 affects Google Chrome/Chromium-based browsers
Upgrade to Chromium 88.0.4324.150 or later.
https://chromereleases.googleblog.co...desktop_4.html

mats_b_tegner 02-11-2021 08:01 AM

GNU Screen up to and including version 4.8.0 is vulnerable to CVE-2021-26937
https://www.linuxquestions.org/quest...ty-4175690257/
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-26937
A patch is available here:
https://salsa.debian.org/debian/scre...21-26937.patch

The patch seems to apply cleanly on 4.8.0 running Slackware-current as far as I can tell.

mats_b_tegner 02-16-2021 01:25 PM

OpenSSL 1.1.1j
Upgraded in -current according to the latest ChangeLogs:
Quote:

n/openssl-1.1.1j-i586-1.txz: Upgraded.
n/openssl-1.1.1j-x86_64-1.txz: Upgraded.
This fixes bugs and denial of service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-23841
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-23840
(* Security fix *)

ttk 02-18-2021 07:03 PM

python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3177

Not aware of any patch yet.

ponce 02-19-2021 02:01 AM

Quote:

Originally Posted by ttk (Post 6221917)
python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3177

Not aware of any patch yet.

this should be the backported patch from the development branch

https://github.com/python/cpython/co...1353ecc3.patch

nobodino 02-23-2021 01:20 AM

Bind-9.10.12 affected by a serious bug according to this: http://wiki.linuxfromscratch.org/blfs/ticket/14683

it's advised to downgrade to bind-9.10.11 + a sed patch.

Jan K. 02-23-2021 11:05 AM

Kinda "nice" thread, but perhaps unstick it and create [Slackware security] vulnerabilities outstanding 20210301 ?

Or whatever month/day we go beyond Slackware 15 beta...

mats_b_tegner 02-24-2021 04:20 AM

Thunderbird 78.8.0 fixes the following security vulnerabilities:
https://www.mozilla.org/en-US/securi...s/mfsa2021-09/

mats_b_tegner 02-24-2021 04:21 AM

duplicate post.


All times are GMT -5. The time now is 03:37 AM.