patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz: Upgraded.
Fixed use-after-free when logging warnings in case of failures
in cupsdAcceptClient().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-34241
(* Security fix *)
2023-06-23 13:30:32 +02:00
Renamed from patches/packages/kernel-firmware-20230214_a253a37-noarch-1.txt (Browse further)
