slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	88c375df6b	Tue Apr 23 22:24:03 UTC 2024 patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex search. RCE vulnerability with .rdoc_options in RDoc. Buffer overread vulnerability in StringIO. For more information, see: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ https://www.cve.org/CVERecord?id=CVE-2024-27282 https://www.cve.org/CVERecord?id=CVE-2024-27281 https://www.cve.org/CVERecord?id=CVE-2024-27280 (* Security fix *)	2024-04-24 13:30:50 +02:00
Patrick J Volkerding	9e65079da6	Mon Apr 22 19:36:38 UTC 2024 patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz: Upgraded. This release eliminates a bunch of issues detected during oss-fuzz runs. (* Security fix *)	2024-04-23 13:30:50 +02:00
Patrick J Volkerding	54a8f66b49	Fri Apr 19 19:36:17 UTC 2024 patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz: Upgraded. This release is a security release and addresses multiple issues: [Low] OutOfBound Read in zgfx_decompress_segment. [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data. [Low] integer underflow in nsc_rle_decode. [Low] OutOfBound Read in planar_skip_plane_rle. [Low] OutOfBound Read in ncrush_decompress. [Low] OutOfBound Read in interleaved_decompress. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32041 https://www.cve.org/CVERecord?id=CVE-2024-32039 https://www.cve.org/CVERecord?id=CVE-2024-32040 https://www.cve.org/CVERecord?id=CVE-2024-32458 https://www.cve.org/CVERecord?id=CVE-2024-32459 https://www.cve.org/CVERecord?id=CVE-2024-32460 (* Security fix *)	2024-04-20 13:30:46 +02:00
Patrick J Volkerding	d3c452d720	Thu Apr 18 19:17:30 UTC 2024 patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt. This update fixes a security issue: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-2961 (* Security fix *) patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt. testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-04-19 13:30:41 +02:00
Patrick J Volkerding	2a933a7e4f	Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10 (* Security fix *)	2024-04-18 13:30:45 +02:00
Patrick J Volkerding	7165f6f4db	Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-19/ https://www.cve.org/CVERecord?id=CVE-2024-3852 https://www.cve.org/CVERecord?id=CVE-2024-3854 https://www.cve.org/CVERecord?id=CVE-2024-3857 https://www.cve.org/CVERecord?id=CVE-2024-2609 https://www.cve.org/CVERecord?id=CVE-2024-3859 https://www.cve.org/CVERecord?id=CVE-2024-3861 https://www.cve.org/CVERecord?id=CVE-2024-3863 https://www.cve.org/CVERecord?id=CVE-2024-3302 https://www.cve.org/CVERecord?id=CVE-2024-3864 (* Security fix *)	2024-04-17 13:30:44 +02:00
Patrick J Volkerding	1d9ca96a22	Sun Apr 14 18:35:32 UTC 2024 patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32487 (* Security fix *)	2024-04-15 13:30:43 +02:00
Patrick J Volkerding	47084e3f2f	Fri Apr 12 19:08:59 UTC 2024 extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of proc_open. __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. Password_verify can erroneously return true, opening ATO risk. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.28 https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-2756 https://www.cve.org/CVERecord?id=CVE-2024-3096 (* Security fix *)	2024-04-13 13:30:41 +02:00
Patrick J Volkerding	971e161e46	Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix possible vulnerability in tar error reporting introduced in f27c173 by JiaT75. For more information, see: `f27c173d17` https://github.com/libarchive/libarchive/pull/2101 (* Security fix *)	2024-04-09 13:30:46 +02:00
Patrick J Volkerding	d5ca6849f8	Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix *)	2024-04-06 13:30:47 +02:00
Patrick J Volkerding	1e2fa38645	Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.59 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix ) patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it can accept after a HEADERS frame. For more information, see: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://www.kb.cert.org/vuls/id/421644 https://www.cve.org/CVERecord?id=CVE-2024-28182 ( Security fix *)	2024-04-05 13:30:57 +02:00
Patrick J Volkerding	d6e7dd0417	Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31083 ( Security fix *)	2024-04-04 13:30:42 +02:00
Patrick J Volkerding	3874039d9c	Fri Mar 29 02:25:21 UTC 2024 patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] split --line-bytes with a mixture of very long and short lines no longer overwrites the heap. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0684 (* Security fix *)	2024-03-29 13:30:42 +01:00
Patrick J Volkerding	9146b9762b	Wed Mar 27 19:16:09 UTC 2024 patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with mbedTLS. HTTP/2 push headers memory-leak. QUIC certificate check bypass with wolfSSL. Usage of disabled protocol. For more information, see: https://curl.se/docs/CVE-2024-2466.html https://curl.se/docs/CVE-2024-2398.html https://curl.se/docs/CVE-2024-2379.html https://curl.se/docs/CVE-2024-2004.html https://www.cve.org/CVERecord?id=CVE-2024-2466 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://www.cve.org/CVERecord?id=CVE-2024-2379 https://www.cve.org/CVERecord?id=CVE-2024-2004 (* Security fix *)	2024-03-28 13:30:39 +01:00
Patrick J Volkerding	9543d326f2	Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix *)	2024-03-25 13:30:45 +01:00
Patrick J Volkerding	fca48db86c	Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update fixes a critical security issue: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-16/ https://www.cve.org/CVERecord?id=CVE-2024-29944 (* Security fix *)	2024-03-24 13:30:44 +01:00
Patrick J Volkerding	7fee55d3d8	Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: bundled libexpat was updated to 2.6.0. zipfile is now protected from the "quoted-overlap" zipbomb. tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors. For more information, see: https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://www.cve.org/CVERecord?id=CVE-2023-6597 (* Security fix *) testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-21 13:30:40 +01:00
Patrick J Volkerding	56c5869402	Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-28834 https://www.cve.org/CVERecord?id=CVE-2024-28835 (* Security fix ) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-13/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 ( Security fix ) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 ( Security fix *)	2024-03-20 13:30:42 +01:00
Patrick J Volkerding	735bb1f74b	Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. For more information, see: `1d50b80cf3` https://www.cve.org/CVERecord?id=CVE-2024-28757 (* Security fix *)	2024-03-14 13:30:42 +01:00
Patrick J Volkerding	c131b21d96	Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-09 13:30:47 +01:00
Patrick J Volkerding	9f285815b9	Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. Thanks to J_W for the heads-up. Mishandling of permission validation for pipe devices could allow arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664 (* Security fix *)	2024-03-08 13:30:42 +01:00
Patrick J Volkerding	f4d1d3ac7d	Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ https://www.cve.org/CVERecord?id=CVE-2024-1936 (* Security fix *) patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.postfix.org/announcements/postfix-3.8.6.html	2024-03-06 13:30:42 +01:00
Patrick J Volkerding	ce64f0a935	Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-02 13:31:26 +01:00
Patrick J Volkerding	cec16b4f7e	Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded. Fixed a regression in openjpeg-2.5.1: API breakage / openjpeg version no longer detected (openjpeg.h no longer includes opj_config.h).	2024-03-01 13:30:44 +01:00
Patrick J Volkerding	970e55afb6	Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt. Patched the implementation of PEAP in wpa_supplicant to prevent an authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52160 (* Security fix *)	2024-02-29 13:30:42 +01:00
Patrick J Volkerding	6008910371	Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded. Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-3575 (* Security fix *)	2024-02-27 13:30:41 +01:00
Patrick J Volkerding	76371c76c5	Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded. Updated the .cv and .sd TLD servers. Removed 4 new gTLDs which are no longer active.	2024-02-26 13:30:47 +01:00
Patrick J Volkerding	c33fb28229	Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt. This is a bugfix release. run-parts.8: document skiping *.orig files. Thanks to metaed.	2024-02-24 13:30:44 +01:00
Patrick J Volkerding	14f2469b12	Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt. This is a bugfix release. run-parts: skip .orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/ https://www.cve.org/CVERecord?id=CVE-2024-1546 https://www.cve.org/CVERecord?id=CVE-2024-1547 https://www.cve.org/CVERecord?id=CVE-2024-1548 https://www.cve.org/CVERecord?id=CVE-2024-1549 https://www.cve.org/CVERecord?id=CVE-2024-1550 https://www.cve.org/CVERecord?id=CVE-2024-1551 https://www.cve.org/CVERecord?id=CVE-2024-1552 https://www.cve.org/CVERecord?id=CVE-2024-1553 ( Security fix *)	2024-02-22 13:39:58 +01:00
Patrick J Volkerding	bdfa16c82f	Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-24806 (* Security fix *)	2024-02-21 13:30:43 +01:00
Patrick J Volkerding	b9cc8f3425	Sun Feb 18 21:03:57 UTC 2024 extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added. In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added. In case anyone needs to run binaries linked to the old compiler.	2024-02-19 13:30:46 +01:00
Patrick J Volkerding	bdd6ac9360	Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2024-02-17 13:30:46 +01:00
Patrick J Volkerding	9847738ba0	Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded. Add limits on the resources used to do DNSSEC validation. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50868 (* Security fix *)	2024-02-15 13:30:47 +01:00
Patrick J Volkerding	cd44edc237	Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Query patterns that continuously triggered cache database maintenance could exhaust all available memory on the host running named. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-6516 https://www.cve.org/CVERecord?id=CVE-2023-6516 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 (* Security fix ) testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 ( Security fix *)	2024-02-14 13:30:43 +01:00
Patrick J Volkerding	4f3857a3d1	Sun Feb 11 22:11:59 UTC 2024 patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/	2024-02-12 13:30:40 +01:00
Patrick J Volkerding	639c931a2b	Fri Feb 9 21:48:09 UTC 2024 patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Added checks for PDF object loops in AcroForm::scanField(), Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). The zero-width character problem can also happen if the page size is very large -- that needs to be limited too, the same way as character position coordinates. Thanks to jlinliu for the bug report. Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for the bug report. Fix a deadlock when an object stream's length field is contained in another object stream. Thanks to Jiahao Liu for the bug report. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2018-7453 https://www.cve.org/CVERecord?id=CVE-2018-16369 https://www.cve.org/CVERecord?id=CVE-2022-36561 https://www.cve.org/CVERecord?id=CVE-2022-41844 https://www.cve.org/CVERecord?id=CVE-2023-2663 https://www.cve.org/CVERecord?id=CVE-2023-2664 https://www.cve.org/CVERecord?id=CVE-2023-3044 https://www.cve.org/CVERecord?id=CVE-2023-3436 (* Security fix *)	2024-02-10 13:30:40 +01:00
Patrick J Volkerding	2fac477c48	Thu Feb 8 22:17:18 UTC 2024 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded. This is a bugfix release that addresses (among other things) an "unbound variable" error if the signing server is not available. Thanks to metaed for the heads-up.	2024-02-09 13:30:41 +01:00
Patrick J Volkerding	edf4df250a	Wed Feb 7 20:07:29 UTC 2024 patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Fix quadratic runtime issues with big tokens that can cause denial of service. Fix billion laughs attacks for users compiling without XML_DTD defined (which is not common). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2023-52426 (* Security fix *)	2024-02-08 13:30:44 +01:00
Patrick J Volkerding	bc19f3bbd2	Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded. Fix the following security issue: xmlreader: Don't expand XIncludes when backtracking. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-25062 (* Security fix *)	2024-02-05 13:30:39 +01:00
Patrick J Volkerding	285b51e992	Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.	2024-02-04 13:30:41 +01:00
Patrick J Volkerding	4af705d201	Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-51765 (* Security fix *) extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-02-01 13:30:49 +01:00
Patrick J Volkerding	71cfddeb9f	Fri Jan 26 20:59:27 UTC 2024 patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded. pam_namespace.so: fixed a possible local denial-of-service vulnerability. For more information, see: https://seclists.org/oss-sec/2024/q1/31 https://www.cve.org/CVERecord?id=CVE-2024-22365 (* Security fix *)	2024-01-27 13:30:38 +01:00
Patrick J Volkerding	36d337af73	Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *)	2024-01-25 13:30:41 +01:00
Patrick J Volkerding	57dd8bdc60	Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-02/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *)	2024-01-24 13:30:39 +01:00
Patrick J Volkerding	2bde1d73b5	Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded. Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline = normalize" (default "no" for Postfix < 3.9), the Postfix SMTP server requires the standard End-of-DATA sequence <CR><LF>.<CR><LF>, and otherwise allows command or message content lines ending in the non-standard <LF>, processing them as if the client sent the standard <CR><LF>. The alternative setting, "smtpd_forbid_bare_newline = reject" will reject any command or message that contains a bare <LF>, and is more likely to cause problems with legitimate clients. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix *)	2024-01-23 13:30:31 +01:00
Patrick J Volkerding	4e88327303	Sun Jan 21 20:50:08 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-21886 (* Security fix *)	2024-01-22 13:30:35 +01:00
Patrick J Volkerding	0a8de80c8a	Wed Jan 17 21:13:27 UTC 2024 patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.18.1	2024-01-18 13:39:30 +01:00
Patrick J Volkerding	95fd8ef935	Tue Jan 16 20:49:28 UTC 2024 patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: Fix more timing side-channel inside RSA-PSK key exchange. Fix assertion failure when verifying a certificate chain with a cycle of cross signatures. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0553 https://www.cve.org/CVERecord?id=CVE-2024-0567 (* Security fix ) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux context corruption. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 ( Security fix *)	2024-01-17 13:30:37 +01:00
Patrick J Volkerding	caf0fadb3f	Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-01-11 13:30:33 +01:00
Patrick J Volkerding	54a86f88d1	Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/	2024-01-10 13:30:33 +01:00

1 2 3 4 5 ...

1425 commits