patches/packages/libpcap-1.10.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Clean up sock_initaddress() and its callers to avoid double frees
in some cases.
Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a
path to a directory that cannot be opened.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-7256https://www.cve.org/CVERecord?id=CVE-2024-8006
(* Security fix *)
patches/packages/ca-certificates-20240830-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/libX11-1.8.10-x86_64-1_slack15.0.txz: Upgraded.
This is a bug fix release, correcting an empty XKeysymDB file.
Thanks to Jonathan Woithe for the bug report.
patches/packages/dovecot-2.3.21.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
These are needed to build Chromium. Thanks to alienBOB.
We'll probably move them to /extra once the Mozilla stuff needs it.
Please note that if upgrading to the new llvm, you'll need the llvm13-compat
package from /extra.
testing/packages/llvm-18.1.8-x86_64-1_slack15.0.txz: Added.
testing/packages/rust-1.80.1-x86_64-1_slack15.0.txz: Added.
testing/packages/rust-bindgen-0.69.4-x86_64-1_slack15.0.txz: Added.
patches/packages/curl-8.9.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/htdig-3.2.0b6-x86_64-10_slack15.0.txz: Rebuilt.
Patch XSS vulnerability. Thanks to jayjwa.
Get this out of cgi-bin. Thanks to LuckyCyborg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2007-6110
(* Security fix *)
patches/packages/libxml2-2.11.9-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix XXE protection in downstream code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-40896
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix update to fix X server crashes:
[PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
Thanks to typbigoh and Petri Kaukasoina.
patches/packages/xorg-server-xephyr-1.20.14-x86_64-13_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-13_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-13_slack15.0.txz: Rebuilt.
patches/packages/netatalk-3.2.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/openssh-9.8p1-x86_64-3_slack15.0.txz: Rebuilt.
As upstream refactors this into smaller binaries, we could easily run into
another update that causes an sshd lockout if the listener process isn't
restarted. So, let's try to prevent that. After the package is upgraded,
we'll use "sshd -t" to make sure that we have a sane configuration, and if
so then we'll restart the listener process automatically.
If you don't like this idea, you may turn it off in /etc/default/sshd.
patches/packages/openssh-9.8p1-x86_64-2_slack15.0.txz: Rebuilt.
rc.sshd: also shut down sshd-session processes with "stop" function.
This shuts down connections cleanly instead of them having to time out.
Thanks to Petri Kaukasoina.
patches/packages/httpd-2.4.60-x86_64-1_slack15.0.txz: Upgraded.
This is the latest release from the Apache HTTP Server 2.4.x stable branch.
patches/packages/openssh-9.8p1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix race condition resulting in potential remote code execution.
For more information, see:
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txthttps://www.cve.org/CVERecord?id=CVE-2024-6387
(* Security fix *)
patches/packages/bluez-5.71-x86_64-3_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] audio: transport: Fix crash on A2DP suspend.
Thanks to coltfire.
patches/packages/xcb-util-cursor-0.1.5-x86_64-1.txz: Upgraded.
This is a bugfix release.
Thanks to Lockywolf.
patches/packages/emacs-29.4-x86_64-1_slack15.0.txz: Upgraded.
Emacs 29.4 is an emergency bugfix release intended to fix a
security vulnerability:
Arbitrary shell commands are no longer run when turning on Org mode.
This is for security reasons, to avoid running malicious commands.
(* Security fix *)
patches/packages/linux-5.15.161/*: Upgraded.
These updates fix regressions with the 5.15.160 packages.
Hopefully we do not get any new ones. :-)
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
patches/packages/ca-certificates-20240615-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/kernel-firmware-20240606_90df68d-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.160/*: Upgraded.
These updates fix a regression with the first 5.15.160 packages:
Subject: [PATCH] Revert "drm/amdgpu: init iommu after amdkfd device init"
This reverts commit 56b522f4668167096a50c39446d6263c96219f5f.
A user reported that this commit breaks the integrated gpu of his
notebook, causing a black screen. He was able to bisect the problematic
commit and verified that by reverting it the notebook works again.
He also confirmed that kernel 6.8.1 also works on his device, so the
upstream commit itself seems to be ok.
An amdgpu developer (Alex Deucher) confirmed that this patch should
have never been ported to 5.15 in the first place, so revert this
commit from the 5.15 stable series.
Thanks to fsLeg.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
patches/packages/ntp-4.2.8p18-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release to fix a possible regression. In some cases ntpd
gets an error on mixed ipv4/ipv6 networks, so we'll make it possible to
easily configure ntpd to use ipv4 only or ipv6 only (as well as to change
any other ntpd options).
rc.ntp: properly create the PID file on start.
Add /etc/default/ntp to configure ntpd startup options since some people are
needing to add -4 to avoid an error.
Thanks to rkelsen and teoberi.
patches/packages/mariadb-10.5.25-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Difficult to exploit vulnerability allows unauthenticated attacker with
logon to the infrastructure where MariaDB Server executes to compromise the
server. This could result in unauthorized update, insert or delete access
to some of the data as well as unauthorized read access to a subset of the
data and unauthorized ability to cause a partial denial of service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-21096
(* Security fix *)
patches/packages/gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
patches/packages/git-2.39.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
patches/packages/popa3d-1.0.3-x86_64-7_slack15.0.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/sg3_utils-1.47-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release to fix a regression in rescan-scsi-bus.sh that
causes all SCSI devices to be removed from the system when the '-r'
option is used. Thanks to jwoithe for the link to the upstream patch.
patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
This release eliminates a bunch of issues detected during oss-fuzz runs.
(* Security fix *)
patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt.
testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
