Patrick J Volkerding
|
0e307de269
|
Wed Jul 17 19:29:24 UTC 2024
patches/packages/openssl-1.1.1za-x86_64-1_slack15.0.txz: Upgraded.
Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
were only available to subscribers to OpenSSL's premium extended support.
These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
The reported version number has been updated so that vulnerability scanners
calm down. All of these issues were considered to be of low severity.
Thanks to Ken Zalewski for the patches!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5678
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2024-2511
https://www.cve.org/CVERecord?id=CVE-2024-4741
https://www.cve.org/CVERecord?id=CVE-2024-5535
(* Security fix *)
patches/packages/openssl-solibs-1.1.1za-x86_64-1_slack15.0.txz: Upgraded.
|
2024-07-18 13:31:00 +02:00 |
|
Patrick J Volkerding
|
3f544e903a
|
Fri Jun 2 20:56:35 UTC 2023
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
|
2023-06-03 13:30:32 +02:00 |
|