Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1415 commits 8 branches 2371 tags 482 MiB
Commit graph

10 commits

Author SHA1 Message Date
Patrick J Volkerding
39cc109e67 Thu Jul 18 20:01:18 UTC 2024 
patches/packages/httpd-2.4.62-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  The first CVE is for Windows, but the second one is an additional fix for
  the source code disclosure regression when using AddType.
  Users are recommended to upgrade to version 2.4.62 which fixes this issue.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.62
    https://www.cve.org/CVERecord?id=CVE-2024-40898
    https://www.cve.org/CVERecord?id=CVE-2024-40725
  (* Security fix *)
 2024-07-19 13:31:06 +02:00
Patrick J Volkerding
7b9fb4996b Wed Jul 3 22:27:28 UTC 2024 
patches/packages/openssh-9.8p1-x86_64-2_slack15.0.txz:  Rebuilt.
  rc.sshd: also shut down sshd-session processes with "stop" function.
  This shuts down connections cleanly instead of them having to time out.
  Thanks to Petri Kaukasoina.
 2024-07-04 13:30:57 +02:00
Patrick J Volkerding
b9a3a17045 Tue Jul 2 19:31:00 UTC 2024 
patches/packages/httpd-2.4.60-x86_64-2_slack15.0.txz:  Rebuilt.
  This update is to fix a regression and to note security issues that were not
  listed in the CHANGES file included with the source code.
  Fixed a regression where a config file using AddType rather than AddHandler
  could cause raw PHP files to be downloaded rather than processed.
  Thanks to Nobby6.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.60
    https://www.cve.org/CVERecord?id=CVE-2024-39573
    https://www.cve.org/CVERecord?id=CVE-2024-38477
    https://www.cve.org/CVERecord?id=CVE-2024-38476
    https://www.cve.org/CVERecord?id=CVE-2024-38475
    https://www.cve.org/CVERecord?id=CVE-2024-38474
    https://www.cve.org/CVERecord?id=CVE-2024-38473
    https://www.cve.org/CVERecord?id=CVE-2024-38472
    https://www.cve.org/CVERecord?id=CVE-2024-36387
  (* Security fix *)
patches/packages/ksh93-1.0.9-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-07-03 13:30:51 +02:00
Patrick J Volkerding
6c760751d7 Mon Jul 1 20:12:46 UTC 2024 
patches/packages/httpd-2.4.60-x86_64-1_slack15.0.txz:  Upgraded.
  This is the latest release from the Apache HTTP Server 2.4.x stable branch.
patches/packages/openssh-9.8p1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix race condition resulting in potential remote code execution.
  For more information, see:
    https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
    https://www.cve.org/CVERecord?id=CVE-2024-6387
  (* Security fix *)
 2024-07-02 13:30:50 +02:00
Patrick J Volkerding
1e2fa38645 Thu Apr 4 20:49:23 UTC 2024 
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
 2024-04-05 13:30:57 +02:00
Patrick J Volkerding
6f8267e616 Thu Oct 19 19:14:05 UTC 2023 
patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
  right away on RST.
  low: mod_macro buffer over-read.
  low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.58
    https://www.cve.org/CVERecord?id=CVE-2023-45802
    https://www.cve.org/CVERecord?id=CVE-2023-31122
    https://www.cve.org/CVERecord?id=CVE-2023-43622
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
 2023-10-20 13:30:46 +02:00
Patrick J Volkerding
73e8ddb138 Fri Apr 7 18:53:33 UTC 2023 
patches/packages/httpd-2.4.57-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.57
 2023-04-08 13:30:39 +02:00
Patrick J Volkerding
5dc0394bc0 Wed Mar 8 20:26:54 UTC 2023 
patches/packages/httpd-2.4.56-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two security issues:
  HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
  HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.56
    https://www.cve.org/CVERecord?id=CVE-2023-27522
    https://www.cve.org/CVERecord?id=CVE-2023-25690
  (* Security fix *)
 2023-03-09 13:30:42 +01:00
Patrick J Volkerding
19e28b847b Thu Jan 19 00:40:12 UTC 2023 
patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
  a malicious user with sudoedit privileges to edit arbitrary files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-22809
  (* Security fix *)
 2023-01-19 13:30:28 +01:00
Patrick J Volkerding
44c9fcd877 Tue Mar 15 00:13:59 UTC 2022 
patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  mod_sed: Read/write beyond bounds
  core: Possible buffer overflow with very large or unlimited
  LimitXMLRequestBody
  HTTP request smuggling vulnerability
  mod_lua: Use of uninitialized value in r:parsebody
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.53
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
  (* Security fix *)
patches/packages/mozilla-firefox-91.7.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release makes the following change:
  Yandex and Mail.ru have been removed as optional search providers in the
  drop-down search menu in Firefox.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.7.1/releasenotes/
  (* Security fix *)
 2022-03-15 13:30:00 +01:00