Patrick J Volkerding
8f546e8375
Wed Sep 21 19:19:07 UTC 2022
...
patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz: Rebuilt.
Fixed crash when using the CUPS web setup interface:
[PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
it (Issue #409 ).
Thanks to MisterL, bryjen, and kjhambrick.
Fixed an OpenSSL certificate loading issue:
[PATCH] The OpenSSL code path wasn't loading the full certificate
chain (Issue #465 ).
Thanks to tmmukunn.
2022-09-22 13:30:28 +02:00
Patrick J Volkerding
b9facc142f
Tue Sep 20 22:50:28 UTC 2022
...
patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Heap use-after-free vulnerability in function doContent. Expected impact is
denial of service or potentially arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
(* Security fix *)
patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-41/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
(* Security fix *)
patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/
2022-09-21 13:30:31 +02:00
Patrick J Volkerding
ed751ebff5
Sun Sep 18 19:02:14 UTC 2022
...
patches/packages/vim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded.
Fixed heap-based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
(* Security fix *)
patches/packages/vim-gvim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded.
2022-09-19 13:30:28 +02:00
Patrick J Volkerding
b6bae52b64
Sat Sep 10 01:51:43 UTC 2022
...
patches/packages/vim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded.
Fixed null pointer dereference.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153
(* Security fix *)
patches/packages/vim-gvim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded.
2022-09-11 13:30:27 +02:00
Patrick J Volkerding
dfdaa16c05
Thu Sep 8 01:33:19 UTC 2022
...
patches/packages/mozilla-thunderbird-102.2.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
2022-09-08 13:30:28 +02:00
Patrick J Volkerding
23a0b53a62
Tue Sep 6 20:21:24 UTC 2022
...
extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded.
Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1.
patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-34/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
(* Security fix *)
patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
Some accounts may need to be reconfigured after moving from
Thunderbird 91.13.0 to Thunderbird 102.2.1.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
(* Security fix *)
patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.
Fixed use after free.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
(* Security fix *)
patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.
2022-09-07 13:30:33 +02:00
Patrick J Volkerding
ca8c1d3c22
Thu Sep 1 20:01:13 UTC 2022
...
patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt.
[PATCH] JBIG2Stream: Fix crash on broken file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860
(* Security fix *)
2022-09-02 13:30:06 +02:00
Patrick J Volkerding
1393bd0f4f
Tue Aug 30 19:39:30 UTC 2022
...
extra/sendmail/sendmail-8.17.1-x86_64-4_slack15.0.txz: Rebuilt.
Patched sendmail.h to fix SASL auth. Thanks to af7567.
Build without -DUSE_EAI (which is evidently considered experimental) since
the option breaks the vacation binary. Thanks to bitfuzzy and HQuest.
It is possible that this could work but requires additional options. I found
this in the ChangeLog for the SUSE rpm:
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available
when using the compile time option USE_EAI (see also
devtools/Site/site.config.m4.sample for other required settings) and the cf
option SMTPUTF8. If a mail submission via the command line requires the
use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the
addresses on the command line are all ASCII, then the new option -U must be
used, and the cf option SMTPUTF8 must be set in submit.cf.
Any assistance with getting -DUSE_EAI working properly would be appreciated.
extra/sendmail/sendmail-cf-8.17.1-noarch-4_slack15.0.txz: Rebuilt.
patches/packages/vim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded.
Fixed use after free.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
(* Security fix *)
patches/packages/vim-gvim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded.
2022-08-31 13:30:01 +02:00
Patrick J Volkerding
71a81b7408
Fri Aug 26 04:02:20 UTC 2022
...
patches/packages/linux-5.15.63/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.39:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
Fixed in 5.15.40:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943
Fixed in 5.15.41:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
Fixed in 5.15.42:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
Fixed in 5.15.44:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
Fixed in 5.15.45:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
Fixed in 5.15.46:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973
Fixed in 5.15.47:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981
Fixed in 5.15.48:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
Fixed in 5.15.53:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744
Fixed in 5.15.54:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
Fixed in 5.15.56:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123
Fixed in 5.15.57:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
Fixed in 5.15.58:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
Fixed in 5.15.59:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
Fixed in 5.15.60:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
Fixed in 5.15.61:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
(* Security fix *)
patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
We're just going to move to vim-9 instead of continuing to backport patches
to the vim-8 branch. Most users will be better served by this.
Fixed use after free and null pointer dereference.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
(* Security fix *)
patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
2022-08-27 13:30:28 +02:00
Patrick J Volkerding
d96560a977
Tue Aug 23 19:27:56 UTC 2022
...
extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt.
In recent versions of glibc, USE_INET6 has been removed which caused sendmail
to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the
site.config.m4 allows the reverse lookups to work again fixing this issue.
Thanks to talo.
extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt.
patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed invalid read operation in SuggestMgr::leftcommonsubstring
in suggestmgr.cxx.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707
(* Security fix *)
patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-35/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
(* Security fix *)
patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
(* Security fix *)
2022-08-24 13:30:27 +02:00
Patrick J Volkerding
44e993e802
Sat Aug 20 20:04:15 UTC 2022
...
patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
Fix use after free.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
2022-08-21 13:30:26 +02:00
Patrick J Volkerding
77a67ac465
Thu Aug 18 23:19:52 UTC 2022
...
patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
2022-08-19 13:29:58 +02:00
Patrick J Volkerding
821b8a94bf
Wed Aug 17 20:41:53 UTC 2022
...
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
2022-08-18 13:30:02 +02:00
Patrick J Volkerding
834b3a5fc2
Tue Aug 16 18:51:34 UTC 2022
...
patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
(* Security fix *)
2022-08-17 13:30:28 +02:00
Patrick J Volkerding
cffeb680aa
Mon Aug 15 20:23:47 UTC 2022
...
patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded.
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
(* Security fix *)
2022-08-16 13:30:28 +02:00
Patrick J Volkerding
24a4907817
Sat Aug 13 19:12:40 UTC 2022
...
patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
2022-08-14 13:30:29 +02:00
Patrick J Volkerding
5dd1410e22
Tue Aug 9 19:25:22 UTC 2022
...
patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix update.
Applied an upstream patch to restore the handling of CRC inputs to be the
same as in previous releases of zlib. This fixes an issue with OpenJDK.
Thanks to alienBOB.
2022-08-10 13:30:27 +02:00
Patrick J Volkerding
e8686ed7fd
Fri Jul 29 19:59:03 UTC 2022
...
patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded.
libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
(* Security fix *)
2022-07-30 13:30:32 +02:00
Patrick J Volkerding
0648599e6d
Thu Jul 28 23:48:36 UTC 2022
...
patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12
(* Security fix *)
2022-07-29 13:31:04 +02:00
Patrick J Volkerding
ad19766c1e
Wed Jul 27 19:17:38 UTC 2022
...
patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded.
This update fixes the following security issues:
Samba AD users can bypass certain restrictions associated with changing
passwords.
Samba AD users can forge password change requests for any user.
Samba AD users can crash the server process with an LDAP add or modify
request.
Samba AD users can induce a use-after-free in the server process with an
LDAP add or modify request.
Server memory information leak via SMB1.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
(* Security fix *)
2022-07-28 13:30:29 +02:00
Patrick J Volkerding
bfbbd63f28
Mon Jul 25 20:53:49 UTC 2022
...
patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
(* Security fix *)
patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release.
Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92,
Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14.
Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
possibly other programs) might have trouble linking with it since it's not
in the LD_LIBRARY_PATH. Thanks to oneforall.
2022-07-26 13:30:29 +02:00
Patrick J Volkerding
7e93037632
Thu Jul 21 18:13:18 UTC 2022
...
patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
an out-of-bounds memory access.
A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
pointer dereference.
Improper Input Validation when SETing malformed OIDs in master agent and
subagent simultaneously.
A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
can cause an out-of-bounds memory access.
A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
NULL pointer dereference.
A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
dereference.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
(* Security fix *)
2022-07-22 13:30:29 +02:00
Patrick J Volkerding
83e918a979
Wed Jul 13 19:56:59 UTC 2022
...
patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
xkb: switch to array index loops to moving pointers.
xkb: add request length validation for XkbSetGeometry.
xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
2022-07-14 13:30:35 +02:00
Patrick J Volkerding
86cbc47746
Mon Jul 11 19:22:52 UTC 2022
...
patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.13
(* Security fix *)
2022-07-12 13:30:28 +02:00
Patrick J Volkerding
5cd37beaa8
Sun Jul 10 18:49:34 UTC 2022
...
patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded.
WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially
crafted DSD file causes an out-of-bounds read exception.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
(* Security fix *)
2022-07-11 13:30:28 +02:00
Patrick J Volkerding
9edcc6c242
Thu Jul 7 23:03:01 UTC 2022
...
patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded.
g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could
trick GPGME and other parsers to accept faked status lines.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
(* Security fix *)
extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627
(* Security fix *)
2022-07-08 13:30:29 +02:00
Patrick J Volkerding
4338767300
Tue Jul 5 20:17:00 UTC 2022
...
patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Heap memory corruption with RSA private key operation.
AES OCB fails to encrypt some bytes.
For more information, see:
https://www.openssl.org/news/secadv/20220705.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
(* Security fix *)
patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
2022-07-06 13:30:42 +02:00
Patrick J Volkerding
d01c4c7b84
Fri Jul 1 01:23:50 UTC 2022
...
patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
(* Security fix *)
2022-07-01 13:30:27 +02:00
Patrick J Volkerding
7a6788c35a
Tue Jun 28 19:16:08 UTC 2022
...
patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Set-Cookie denial of service.
HTTP compression denial of service.
Unpreserved file permissions.
FTP-KRB bad message verification.
For more information, see:
https://curl.se/docs/CVE-2022-32205.html
https://curl.se/docs/CVE-2022-32206.html
https://curl.se/docs/CVE-2022-32207.html
https://curl.se/docs/CVE-2022-32208.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
(* Security fix *)
patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-25/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
(* Security fix *)
2022-06-29 13:30:31 +02:00
Patrick J Volkerding
40bf9bf864
Thu Jun 23 05:30:51 UTC 2022
...
patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
For more information, see:
https://www.openssl.org/news/secadv/20220621.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
(* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
2022-06-24 01:30:06 +02:00
Patrick J Volkerding
7809bcc762
Mon Jun 13 21:02:58 UTC 2022
...
patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
2022-06-14 13:30:26 +02:00
Patrick J Volkerding
348dffe043
Wed Jun 8 19:15:34 UTC 2022
...
patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Information Disclosure in mod_lua with websockets.
mod_sed denial of service.
Denial of service in mod_lua r:parsebody.
Read beyond bounds in ap_strcmp_match().
Read beyond bounds via ap_rwrite().
Read beyond bounds in mod_isapi.
mod_proxy_ajp: Possible request smuggling.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.54
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
(* Security fix *)
2022-06-09 13:30:28 +02:00
Patrick J Volkerding
b9f4e8dc0e
Sat Jun 4 18:43:17 UTC 2022
...
patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://www.pidgin.im/posts/2022-06-2.14.10-released/
(* Security fix *)
2022-06-05 13:30:26 +02:00
Patrick J Volkerding
a9dc1aa8fa
Thu Jun 2 19:42:06 UTC 2022
...
patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
(* Security fix *)
2022-06-03 13:30:29 +02:00
Patrick J Volkerding
f6bd13c472
Wed Jun 1 00:49:45 UTC 2022
...
patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-21/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
(* Security fix *)
2022-06-01 13:30:20 +02:00
Patrick J Volkerding
81f2355530
Thu May 26 18:27:32 UTC 2022
...
patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed certificate strings comparison for Local authorization.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691
(* Security fix *)
2022-05-27 13:30:00 +02:00
Patrick J Volkerding
590bfd3df8
Sat May 21 19:30:02 UTC 2022
...
patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458
(* Security fix *)
2022-05-22 13:30:03 +02:00
Patrick J Volkerding
e9f027ce23
Sat May 21 01:35:40 UTC 2022
...
patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-19/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
(* Security fix *)
patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-19/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
(* Security fix *)
2022-05-21 13:30:05 +02:00
Patrick J Volkerding
341dffdb1a
Thu May 19 23:07:59 UTC 2022
...
patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream
socket object deletion.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183
(* Security fix *)
2022-05-20 13:30:01 +02:00
Patrick J Volkerding
96bf53e55d
Wed May 11 19:01:59 UTC 2022
...
patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HSTS bypass via trailing dot.
TLS and SSH connection too eager reuse.
CERTINFO never-ending busy-loop.
percent-encoded path separator in URL host.
cookie for trailing dot TLD.
curl removes wrong file on error.
For more information, see:
https://curl.se/docs/CVE-2022-30115.html
https://curl.se/docs/CVE-2022-27782.html
https://curl.se/docs/CVE-2022-27781.html
https://curl.se/docs/CVE-2022-27780.html
https://curl.se/docs/CVE-2022-27779.html
https://curl.se/docs/CVE-2022-27778.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778
(* Security fix *)
2022-05-12 13:29:51 +02:00
Patrick J Volkerding
3c08cf6792
Mon May 9 21:33:25 UTC 2022
...
patches/packages/linux-5.15.38/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.27:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494
Fixed in 5.15.28:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042
Fixed in 5.15.29:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
Fixed in 5.15.32:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356
Fixed in 5.15.33:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516
Fixed in 5.15.34:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582
Fixed in 5.15.35:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
Fixed in 5.15.37:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
(* Security fix *)
2022-05-10 13:30:03 +02:00
Patrick J Volkerding
2971d84285
Wed May 4 21:24:57 UTC 2022
...
patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/
(* Security fix *)
patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded.
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
(* Security fix *)
patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.12
(* Security fix *)
2022-05-05 13:30:04 +02:00
Patrick J Volkerding
d88c750381
Mon May 2 20:02:49 UTC 2022
...
patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix integer overflow in xmlBuf and xmlBuffer.
Fix potential double-free in xmlXPtrStringRangeFunction.
Fix memory leak in xmlFindCharEncodingHandler.
Normalize XPath strings in-place.
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
Fix leak of xmlElementContent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
(* Security fix *)
patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/
patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.samba.org/samba/history/samba-4.15.7.html
2022-05-03 13:29:53 +02:00
Patrick J Volkerding
7d2523ede3
Sat Apr 30 21:18:47 UTC 2022
...
patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded.
Mitigate the potential for a man in the middle attack via DNS spoofing by
removing the code that supported the _xmppconnect DNS TXT record.
For more information, see:
https://www.pidgin.im/about/security/advisories/cve-2022-26491/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491
(* Security fix *)
2022-05-01 13:30:01 +02:00
Patrick J Volkerding
cf5d757506
Wed Apr 27 21:43:51 UTC 2022
...
patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
OAUTH2 bearer bypass in connection re-use.
Credential leak on redirect.
Bad local IPv6 connection reuse.
Auth/cookie leak on redirect.
For more information, see:
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
(* Security fix *)
2022-04-28 13:29:49 +02:00
Patrick J Volkerding
dfafa37940
Mon Apr 25 20:55:17 UTC 2022
...
patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded.
This update is a security and maintenance release.
For more information, see:
https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog
(* Security fix *)
2022-04-26 13:30:04 +02:00
Patrick J Volkerding
a08f3ec912
Thu Apr 21 19:11:10 UTC 2022
...
patches/packages/mozilla-thunderbird-91.8.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/
2022-04-22 13:29:59 +02:00
Patrick J Volkerding
9e2efe650c
Thu Apr 14 21:14:21 UTC 2022
...
patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue where a Git worktree created by another
user might be able to execute arbitrary code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
(* Security fix *)
patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
zgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes a security issue:
xzgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
2022-04-15 13:29:52 +02:00
Patrick J Volkerding
799fadd352
Wed Apr 13 20:51:01 UTC 2022
...
patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Double free in Regexp compilation.
Buffer overrun in String-to-Float conversion.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
(* Security fix *)
2022-04-14 13:30:03 +02:00
Patrick J Volkerding
c0c70f97c2
Tue Apr 12 21:56:14 UTC 2022
...
patches/packages/whois-5.5.13-x86_64-1_slack15.0.txz: Upgraded.
This update adds the .sd TLD server, updates the list of new gTLDs, and adds
a Turkish translation.
2022-04-13 13:29:47 +02:00