Commit graph

1418 commits

Author SHA1 Message Date
Patrick J Volkerding
0ac01cde03 Mon Jul 24 22:07:56 UTC 2023
patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz:  Upgraded.
  AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
  From Tavis Ormandy's annoucement of the issue:
    "The practical result here is that you can spy on the registers of other
    processes. No system calls or privileges are required.
    It works across virtual machines and affects all operating systems.
    I have written a poc for this issue that's fast enough to reconstruct
    keys and passwords as users log in."
  For more information, see:
    https://seclists.org/oss-sec/2023/q3/59
    https://www.cve.org/CVERecord?id=CVE-2023-20593
  (* Security fix *)
2023-07-25 13:30:36 +02:00
Patrick J Volkerding
7dde293aa0 Mon Jul 24 00:17:18 UTC 2023
patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .ga TLD server.
  Added new recovered IPv4 allocations.
  Removed the delegation of 43.0.0.0/8 to JPNIC.
  Removed 12 new gTLDs which are no longer active.
  Improved the man page source, courtesy of Bjarni Ingi Gislason.
  Added the .edu.za SLD server.
  Updated the .alt.za SLD server.
  Added the -ru and -su NIC handles servers.
2023-07-24 13:30:35 +02:00
Patrick J Volkerding
679a5342b0 Fri Jul 21 19:35:45 UTC 2023
patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-07-22 13:30:33 +02:00
Patrick J Volkerding
b9cb99a88e Wed Jul 19 20:36:46 UTC 2023
patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  fopen race condition.
  For more information, see:
    https://curl.se/docs/CVE-2023-32001.html
    https://www.cve.org/CVERecord?id=CVE-2023-32001
  (* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
  execution relating to PKCS#11 providers.
  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
  execution via a forwarded agent socket if the following conditions are met:
  * Exploitation requires the presence of specific libraries on the victim
    system.
  * Remote exploitation requires that the agent was forwarded to an
    attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an empty
  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
  contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable by the
  Qualys Security Advisory team.
  Potentially-incompatible changes:
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
  issued by remote clients by default. A flag has been added to restore the
  previous behaviour: "-Oallow-remote-pkcs11".
  For more information, see:
    https://www.openssh.com/txt/release-9.3p2
    https://www.cve.org/CVERecord?id=CVE-2023-38408
  (* Security fix *)
2023-07-21 13:30:33 +02:00
Patrick J Volkerding
1b65c2bfe3 Mon Jul 17 19:17:19 UTC 2023
patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-18 13:30:35 +02:00
Patrick J Volkerding
08b21a9944 Wed Jul 12 20:41:16 UTC 2023
patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz:  Rebuilt.
  Fix potential uninitialized pointer free in kadm5 XDR parsing.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-36054
  (* Security fix *)
patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-13 13:30:36 +02:00
Patrick J Volkerding
3b203b36ef Fri Jul 7 23:06:07 UTC 2023
patches/packages/mozilla-thunderbird-102.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-08 13:30:33 +02:00
Patrick J Volkerding
60f93d86ab Tue Jul 4 20:26:12 UTC 2023
patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.13.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-23/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-05 13:30:32 +02:00
Patrick J Volkerding
57f9e5505b Mon Jun 26 19:44:44 UTC 2023
patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz:  Rebuilt.
  This update fixes a bug and adds a new feature:
  Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
  Expand the help text for DHCP_IPADDR in rc.inet1.conf.
  Add support for a DHCP_OPTS parameter.
  Thanks to ljb643 and Darren 'Tadgy' Austin.
patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
  This fixes a rare divide-by-zero bug that could cause vim to crash. In an
  interactive program such as vim, I can't really see this qualifying as a
  security issue, but since it was brought up as such on LQ we'll just go
  along with it this time. :)
  Thanks to marav for the heads-up.
  (* Security fix *)
patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
2023-06-27 13:30:30 +02:00
Patrick J Volkerding
f6bfd21627 Sat Jun 24 00:16:22 UTC 2023
patches/packages/linux-5.15.117/*:  Upgraded.
  We're going to back up one version to avoid an amdgpu regression in 5.15.118.
  If you're already using 5.15.118 without issues, feel free to stick with it.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
2023-06-24 13:30:39 +02:00
Patrick J Volkerding
34bab33421 Thu Jun 22 19:07:50 UTC 2023
patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free when logging warnings in case of failures
  in cupsdAcceptClient().
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-34241
  (* Security fix *)
2023-06-23 13:30:32 +02:00
Patrick J Volkerding
5f7ce6cd72 Thu Jun 15 18:59:33 UTC 2023
patches/packages/libX11-1.8.6-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes buffer overflows in InitExt.c that could at least cause
  the client to crash due to memory corruption.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3138
  (* Security fix *)
2023-06-16 13:30:31 +02:00
Patrick J Volkerding
f867575c66 Wed Jun 14 21:43:32 UTC 2023
patches/packages/cups-2.4.5-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/ksh93-1.0.6-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-15 13:30:29 +02:00
Patrick J Volkerding
e23d784811 Fri Jun 9 01:06:21 UTC 2023
extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.20
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
  (* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  urllib.parse.urlsplit() now strips leading C0 control and space characters
  following the specification for URLs defined by WHATWG.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24329
  (* Security fix *)
2023-06-09 13:30:37 +02:00
Patrick J Volkerding
da0323f6eb Wed Jun 7 21:12:41 UTC 2023
patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
  tries to find the default destination and the default destination is not set
  on the machine.
patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix and robustness enhancement release.
  Thanks to McDutchie for the great work!
  Thanks to pghvlaans for improvements to the build script.
2023-06-08 13:30:33 +02:00
Patrick J Volkerding
372badc1d4 Tue Jun 6 20:26:59 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz:  Rebuilt.
  Recompiled without -DUSE_EAI or ICU libraries as this experimental option
  is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz:  Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-19/
    https://www.cve.org/CVERecord?id=CVE-2023-34414
    https://www.cve.org/CVERecord?id=CVE-2023-34416
  (* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-07 13:30:31 +02:00
Patrick J Volkerding
d839987e86 Sun Jun 4 19:16:13 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz:  Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-05 13:39:22 +02:00
Patrick J Volkerding
3f544e903a Fri Jun 2 20:56:35 UTC 2023
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
  cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
  attacker to launch a denial of service (DoS) attack, or possibly execute
  arbirary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32324
  (* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-26551
    https://www.cve.org/CVERecord?id=CVE-2023-26552
    https://www.cve.org/CVERecord?id=CVE-2023-26553
    https://www.cve.org/CVERecord?id=CVE-2023-26554
    https://www.cve.org/CVERecord?id=CVE-2023-26555
  (* Security fix *)
2023-06-03 13:30:32 +02:00
Patrick J Volkerding
f33a393b0f Wed May 31 01:29:12 UTC 2023
patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Possible DoS translating ASN.1 object identifiers.
  For more information, see:
    https://www.openssl.org/news/secadv/20230530.txt
    https://www.cve.org/CVERecord?id=CVE-2023-2650
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.
2023-05-31 13:30:29 +02:00
Patrick J Volkerding
c1766a73e4 Sat May 27 20:42:29 UTC 2023
patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/
2023-05-28 13:30:27 +02:00
Patrick J Volkerding
51a1adf992 Thu May 25 19:04:56 UTC 2023
patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed vulnerabilities that may allow an attacker using a maliciously
  crafted NTFS-formatted image file or external storage to potentially
  execute arbitrary privileged code or cause a denial of service.
  Thanks to opty.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
  (* Security fix *)
2023-05-26 13:30:27 +02:00
Patrick J Volkerding
73b668742a Thu May 25 00:24:33 UTC 2023
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)
2023-05-25 13:30:31 +02:00
Patrick J Volkerding
8e0b115ff3 Mon May 22 19:05:02 UTC 2023
patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  0-byte UDP payload causes Denial of Service.
  Insufficient randomness in generation of DNS query IDs.
  Buffer Underwrite in ares_inet_net_pton().
  AutoTools does not set CARES_RANDOM_FILE during cross compilation.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32067
    https://www.cve.org/CVERecord?id=CVE-2023-31147
    https://www.cve.org/CVERecord?id=CVE-2023-31130
    https://www.cve.org/CVERecord?id=CVE-2023-31124
  (* Security fix *)
2023-05-23 13:30:29 +02:00
Patrick J Volkerding
837ec54cfe Fri May 19 18:59:24 UTC 2023
patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz:  Upgraded.
  [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
  With execv() command line arguments are passed as separate strings and
  not the full command line in a single string. This prevents arbitrary
  command execution by escaping the quoting of the arguments in a job
  with forged job title.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24805
  (* Security fix *)
2023-05-20 13:39:15 +02:00
Patrick J Volkerding
907d5f4ae7 Wed May 17 20:59:51 UTC 2023
patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  more POST-after-PUT confusion.
  IDN wildcard match.
  siglongjmp race condition.
  UAF in SSH sha256 fingerprint check.
  For more information, see:
    https://curl.se/docs/CVE-2023-28322.html
    https://curl.se/docs/CVE-2023-28321.html
    https://curl.se/docs/CVE-2023-28320.html
    https://curl.se/docs/CVE-2023-28319.html
    https://www.cve.org/CVERecord?id=CVE-2023-28322
    https://www.cve.org/CVERecord?id=CVE-2023-28321
    https://www.cve.org/CVERecord?id=CVE-2023-28320
    https://www.cve.org/CVERecord?id=CVE-2023-28319
  (* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-05-18 13:30:28 +02:00
Patrick J Volkerding
9a6aad82a0 Sun May 14 17:03:16 UTC 2023
extra/php80/php80-8.0.28-x86_64-2_slack15.0.txz:  Rebuilt.
  This update removes extension=xmlrpc from the php.ini files.
extra/php81/php81-8.1.19-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.19
2023-05-15 13:40:02 +02:00
Patrick J Volkerding
b011fbb2cd Wed May 10 23:42:53 UTC 2023
patches/packages/mozilla-thunderbird-102.11.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
    https://www.cve.org/CVERecord?id=CVE-2023-32206
    https://www.cve.org/CVERecord?id=CVE-2023-32207
    https://www.cve.org/CVERecord?id=CVE-2023-32211
    https://www.cve.org/CVERecord?id=CVE-2023-32212
    https://www.cve.org/CVERecord?id=CVE-2023-32213
    https://www.cve.org/CVERecord?id=CVE-2023-32214
    https://www.cve.org/CVERecord?id=CVE-2023-32215
  (* Security fix *)
2023-05-11 13:30:34 +02:00
Patrick J Volkerding
816b4dfd10 Tue May 9 20:11:22 UTC 2023
patches/packages/mozilla-firefox-102.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-17/
    https://www.cve.org/CVERecord?id=CVE-2023-32205
    https://www.cve.org/CVERecord?id=CVE-2023-32206
    https://www.cve.org/CVERecord?id=CVE-2023-32207
    https://www.cve.org/CVERecord?id=CVE-2023-32211
    https://www.cve.org/CVERecord?id=CVE-2023-32212
    https://www.cve.org/CVERecord?id=CVE-2023-32213
    https://www.cve.org/CVERecord?id=CVE-2023-32214
    https://www.cve.org/CVERecord?id=CVE-2023-32215
  (* Security fix *)
2023-05-10 13:30:32 +02:00
Patrick J Volkerding
30471e5bcd Sat May 6 19:01:04 UTC 2023
patches/packages/ca-certificates-20230506-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-05-07 13:30:32 +02:00
Patrick J Volkerding
023fbe6eef Thu May 4 19:02:58 UTC 2023
patches/packages/libssh-0.10.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A NULL dereference during rekeying with algorithm guessing.
  A possible authorization bypass in pki_verify_data_signature under
  low-memory conditions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-1667
    https://www.cve.org/CVERecord?id=CVE-2023-2283
  (* Security fix *)
2023-05-05 13:39:54 +02:00
Patrick J Volkerding
9fce1d7977 Wed May 3 19:33:18 UTC 2023
patches/packages/whois-5.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  Added the .cd TLD server.
  Updated the -kg NIC handles server name.
  Removed 2 new gTLDs which are no longer active.
2023-05-04 13:30:36 +02:00
Patrick J Volkerding
9e1144117c Mon May 1 20:22:43 UTC 2023
patches/packages/netatalk-3.1.15-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues, including a critical vulnerability that
  allows remote attackers to execute arbitrary code on affected installations
  of Netatalk. Authentication is not required to exploit this vulnerability.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-43634
    https://www.cve.org/CVERecord?id=CVE-2022-45188
  (* Security fix *)
2023-05-02 13:30:34 +02:00
Patrick J Volkerding
2093f0f263 Tue Apr 25 21:20:19 UTC 2023
patches/packages/git-2.35.8-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  By feeding specially crafted input to `git apply --reject`, a
  path outside the working tree can be overwritten with partially
  controlled contents (corresponding to the rejected hunk(s) from
  the given patch).
  When Git is compiled with runtime prefix support and runs without
  translated messages, it still used the gettext machinery to
  display messages, which subsequently potentially looked for
  translated messages in unexpected places. This allowed for
  malicious placement of crafted messages.
  When renaming or deleting a section from a configuration file,
  certain malicious configuration values may be misinterpreted as
  the beginning of a new configuration section, leading to arbitrary
  configuration injection.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-25652
    https://www.cve.org/CVERecord?id=CVE-2023-25815
    https://www.cve.org/CVERecord?id=CVE-2023-29007
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.10.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.10.1/releasenotes/
2023-04-26 13:30:34 +02:00
Patrick J Volkerding
3a86ead054 Wed Apr 19 19:17:14 UTC 2023
patches/packages/bind-9.16.40-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.14-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-04-20 13:40:07 +02:00
Patrick J Volkerding
9900e4e337 Thu Apr 13 22:25:18 UTC 2023
extra/php81/php81-8.1.17-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.17
2023-04-14 13:30:39 +02:00
Patrick J Volkerding
314bf21acc Thu Apr 13 01:10:27 UTC 2023
patches/packages/mozilla-thunderbird-102.10.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-0547
    https://www.cve.org/CVERecord?id=CVE-2023-29479
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29542
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
2023-04-13 13:30:36 +02:00
Patrick J Volkerding
364385c492 Tue Apr 11 18:49:02 UTC 2023
patches/packages/mozilla-firefox-102.10.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
2023-04-12 13:30:39 +02:00
Patrick J Volkerding
73e8ddb138 Fri Apr 7 18:53:33 UTC 2023
patches/packages/httpd-2.4.57-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.57
2023-04-08 13:30:39 +02:00
Patrick J Volkerding
3ec3cf58c9 Wed Apr 5 18:31:03 UTC 2023
patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release. The primary focus is to correct a rare corruption
  bug in high compression mode. While the probability might be very small,
  corruption issues are nonetheless very serious, so an update to this version
  is highly recommended, especially if you employ high compression modes
  (levels 16+).
2023-04-06 13:39:05 +02:00
Patrick J Volkerding
b4079a7f22 Sun Apr 2 18:33:01 UTC 2023
patches/packages/irssi-1.4.4-x86_64-1_slack15.0.txz:  Upgraded.
  Do not crash Irssi when one line is printed as the result of another line
  being printed.
  Also solve a memory leak while printing unformatted lines.
  (* Security fix *)
2023-04-03 13:30:33 +02:00
Patrick J Volkerding
39f697baee Fri Mar 31 18:01:09 UTC 2023
patches/packages/ruby-3.0.6-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  ReDoS vulnerability in URI.
  ReDoS vulnerability in Time.
  For more information, see:
    https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
    https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
    https://www.cve.org/CVERecord?id=CVE-2023-28755
    https://www.cve.org/CVERecord?id=CVE-2023-28756
  (* Security fix *)
patches/packages/seamonkey-2.53.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.16
  (* Security fix *)
2023-04-01 13:30:36 +02:00
Patrick J Volkerding
5b606a9169 Wed Mar 29 20:56:21 UTC 2023
patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
    https://www.cve.org/CVERecord?id=CVE-2023-28427
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz:  Rebuilt.
  [PATCH] composite: Fix use-after-free of the COW.
  Fix use-after-free that can lead to local privileges elevation on systems
  where the X server is running privileged and remote code execution for ssh
  X forwarding sessions.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-March/003374.html
    https://www.cve.org/CVERecord?id=CVE-2023-1393
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz:  Rebuilt.
  [PATCH] composite: Fix use-after-free of the COW.
  Fix use-after-free that can lead to local privileges elevation on systems
  where the X server is running privileged and remote code execution for ssh
  X forwarding sessions.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-March/003374.html
    https://www.cve.org/CVERecord?id=CVE-2023-1393
  (* Security fix *)
2023-03-30 13:30:41 +02:00
Patrick J Volkerding
694953a024 Fri Mar 24 19:42:46 UTC 2023
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz:  Rebuilt.
  GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
  of uninitialized memory for a conditional jump. Exploitation to change the
  flow of control has not been demonstrated. The issue occurs in from_header
  in list.c via a V7 archive in which mtime has approximately 11 whitespace
  characters.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48303
  (* Security fix *)
2023-03-25 13:30:35 +01:00
Patrick J Volkerding
8ea2d78564 Mon Mar 20 18:26:23 UTC 2023
patches/packages/curl-8.0.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  SSH connection too eager reuse still.
  HSTS double-free.
  GSS delegation too eager connection re-use.
  FTP too eager connection reuse.
  SFTP path ~ resolving discrepancy.
  TELNET option IAC injection.
  For more information, see:
    https://curl.se/docs/CVE-2023-27538.html
    https://curl.se/docs/CVE-2023-27537.html
    https://curl.se/docs/CVE-2023-27536.html
    https://curl.se/docs/CVE-2023-27535.html
    https://curl.se/docs/CVE-2023-27534.html
    https://curl.se/docs/CVE-2023-27533.html
    https://www.cve.org/CVERecord?id=CVE-2023-27538
    https://www.cve.org/CVERecord?id=CVE-2023-27537
    https://www.cve.org/CVERecord?id=CVE-2023-27536
    https://www.cve.org/CVERecord?id=CVE-2023-27535
    https://www.cve.org/CVERecord?id=CVE-2023-27534
    https://www.cve.org/CVERecord?id=CVE-2023-27533
  (* Security fix *)
patches/packages/vim-9.0.1418-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed security issues:
  NULL pointer dereference issue in utfc_ptr2len.
  Incorrect Calculation of Buffer Size.
  Heap-based Buffer Overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-1264
    https://www.cve.org/CVERecord?id=CVE-2023-1175
    https://www.cve.org/CVERecord?id=CVE-2023-1170
  (* Security fix *)
patches/packages/vim-gvim-9.0.1418-x86_64-1_slack15.0.txz:  Upgraded.
2023-03-21 13:30:37 +01:00
Patrick J Volkerding
db72bca364 Thu Mar 16 23:34:56 UTC 2023
patches/packages/bind-9.16.39-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
    https://www.cve.org/CVERecord?id=CVE-2023-25751
    https://www.cve.org/CVERecord?id=CVE-2023-28164
    https://www.cve.org/CVERecord?id=CVE-2023-28162
    https://www.cve.org/CVERecord?id=CVE-2023-25752
    https://www.cve.org/CVERecord?id=CVE-2023-28163
    https://www.cve.org/CVERecord?id=CVE-2023-28176
  (* Security fix *)
patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains fixes for a security problem and a memory
  safety problem. The memory safety problem is not believed to be
  exploitable, but we report most network-reachable memory faults as
  security bugs.
  For more information, see:
    https://www.openssh.com/txt/release-9.3
  (* Security fix *)
testing/packages/bind-9.18.13-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-03-17 13:30:41 +01:00
Patrick J Volkerding
0c961905d2 Tue Mar 14 20:42:47 UTC 2023
patches/packages/mozilla-firefox-102.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-10
    https://www.cve.org/CVERecord?id=CVE-2023-25751
    https://www.cve.org/CVERecord?id=CVE-2023-28164
    https://www.cve.org/CVERecord?id=CVE-2023-28162
    https://www.cve.org/CVERecord?id=CVE-2023-25752
    https://www.cve.org/CVERecord?id=CVE-2023-28163
    https://www.cve.org/CVERecord?id=CVE-2023-28176
  (* Security fix *)
2023-03-15 13:30:41 +01:00
Patrick J Volkerding
5dc0394bc0 Wed Mar 8 20:26:54 UTC 2023
patches/packages/httpd-2.4.56-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two security issues:
  HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
  HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.56
    https://www.cve.org/CVERecord?id=CVE-2023-27522
    https://www.cve.org/CVERecord?id=CVE-2023-25690
  (* Security fix *)
2023-03-09 13:30:42 +01:00
Patrick J Volkerding
354174cc64 Mon Mar 6 20:18:10 UTC 2023
patches/packages/sudo-1.9.13p3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-03-07 13:30:45 +01:00
Patrick J Volkerding
78c0119973 Mon Mar 6 02:21:57 UTC 2023
patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz:  Upgraded.
  Here's an upgrade to the latest xscreensaver.
2023-03-06 13:30:35 +01:00
Patrick J Volkerding
61e0126fa3 Tue Feb 28 21:33:32 UTC 2023
patches/packages/whois-5.5.16-x86_64-1_slack15.0.txz:  Upgraded.
  Add bash completion support, courtesy of Ville Skytta.
  Updated the .tr TLD server.
  Removed support for -metu NIC handles.
2023-03-01 13:30:39 +01:00