slackware-current

Miroirs/slackware-current

Fork 0

mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00

Commit graph

Author	SHA1	Message	Date
Patrick J Volkerding	79e6c8efb8	Fri Aug 4 20:17:36 UTC 2023 extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3823 (* Security fix ) extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. We'll hang onto this just in case. patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ https://www.cve.org/CVERecord?id=CVE-2023-4045 https://www.cve.org/CVERecord?id=CVE-2023-4046 https://www.cve.org/CVERecord?id=CVE-2023-4047 https://www.cve.org/CVERecord?id=CVE-2023-4048 https://www.cve.org/CVERecord?id=CVE-2023-4049 https://www.cve.org/CVERecord?id=CVE-2023-4050 https://www.cve.org/CVERecord?id=CVE-2023-4052 https://www.cve.org/CVERecord?id=CVE-2023-4054 https://www.cve.org/CVERecord?id=CVE-2023-4055 https://www.cve.org/CVERecord?id=CVE-2023-4056 https://www.cve.org/CVERecord?id=CVE-2023-4057 ( Security fix ) patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because Windows has made changes that break Samba 4.15.x. The last 4.15.x will be retained in /pasture as a fallback. There may be some required configuration changes with this, but we've kept using MIT Kerberos to try to have the behavior change as little as possible. Upgrade carefully. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 ( Security fix *)	2023-08-05 13:30:38 +02:00
Patrick J Volkerding	d88c750381	Mon May 2 20:02:49 UTC 2022 patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html	2022-05-03 13:29:53 +02:00

Author

SHA1

Message

Date

Patrick J Volkerding

79e6c8efb8

Fri Aug 4 20:17:36 UTC 2023

extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)

2023-08-05 13:30:38 +02:00

Patrick J Volkerding

d88c750381

Mon May 2 20:02:49 UTC 2022

patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  Fix integer overflow in xmlBuf and xmlBuffer.
  Fix potential double-free in xmlXPtrStringRangeFunction.
  Fix memory leak in xmlFindCharEncodingHandler.
  Normalize XPath strings in-place.
  Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
  Fix leak of xmlElementContent.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
  (* Security fix *)
patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/
patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.samba.org/samba/history/samba-4.15.7.html

2022-05-03 13:29:53 +02:00

2 commits