slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	249e0a3900	Sat Jun 15 20:51:59 UTC 2024 patches/packages/ca-certificates-20240615-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2024-06-16 13:30:48 +02:00
Patrick J Volkerding	0cec0ecfa1	Wed Jun 12 21:12:05 UTC 2024 patches/packages/mozilla-thunderbird-115.11.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.11.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ https://www.cve.org/CVERecord?id=CVE-2024-4367 https://www.cve.org/CVERecord?id=CVE-2024-4767 https://www.cve.org/CVERecord?id=CVE-2024-4768 https://www.cve.org/CVERecord?id=CVE-2024-4769 https://www.cve.org/CVERecord?id=CVE-2024-4770 https://www.cve.org/CVERecord?id=CVE-2024-4777 (* Security fix *)	2024-06-13 13:30:30 +02:00
Patrick J Volkerding	cfdd416e37	Tue Jun 11 21:09:01 UTC 2024 patches/packages/cups-2.4.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-35235 (* Security fix ) patches/packages/mozilla-firefox-115.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-26/ https://www.cve.org/CVERecord?id=CVE-2024-5702 https://www.cve.org/CVERecord?id=CVE-2024-5688 https://www.cve.org/CVERecord?id=CVE-2024-5690 https://www.cve.org/CVERecord?id=CVE-2024-5691 https://www.cve.org/CVERecord?id=CVE-2024-5692 https://www.cve.org/CVERecord?id=CVE-2024-5693 https://www.cve.org/CVERecord?id=CVE-2024-5696 https://www.cve.org/CVERecord?id=CVE-2024-5700 ( Security fix *)	2024-06-12 13:30:32 +02:00
Patrick J Volkerding	61eadccb16	Sat Jun 8 19:42:03 UTC 2024 patches/packages/kernel-firmware-20240606_90df68d-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.160/*: Upgraded. These updates fix a regression with the first 5.15.160 packages: Subject: [PATCH] Revert "drm/amdgpu: init iommu after amdkfd device init" This reverts commit 56b522f4668167096a50c39446d6263c96219f5f. A user reported that this commit breaks the integrated gpu of his notebook, causing a black screen. He was able to bisect the problematic commit and verified that by reverting it the notebook works again. He also confirmed that kernel 6.8.1 also works on his device, so the upstream commit itself seems to be ok. An amdgpu developer (Alex Deucher) confirmed that this patch should have never been ported to 5.15 in the first place, so revert this commit from the 5.15 stable series. Thanks to fsLeg. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition.	2024-06-09 13:30:34 +02:00
Patrick J Volkerding	dfa4788e03	Thu Jun 6 19:44:49 UTC 2024 extra/php81/php81-8.1.29-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI. Filter bypass in filter_var FILTER_VALIDATE_URL. Bypass of CVE-2024-1874. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.29 https://www.cve.org/CVERecord?id=CVE-2024-4577 https://www.cve.org/CVERecord?id=CVE-2024-5458 https://www.cve.org/CVERecord?id=CVE-2024-5585 (* Security fix *)	2024-06-07 13:30:44 +02:00
Patrick J Volkerding	e53c2323e1	Wed Jun 5 19:06:36 UTC 2024 patches/packages/ca-certificates-20240604-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/kernel-firmware-20240604_22643bb-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.160/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.147: https://www.cve.org/CVERecord?id=CVE-2023-52340 https://www.cve.org/CVERecord?id=CVE-2023-6040 https://www.cve.org/CVERecord?id=CVE-2024-0646 Fixed in 5.15.148: https://www.cve.org/CVERecord?id=CVE-2023-46838 https://www.cve.org/CVERecord?id=CVE-2023-52436 https://www.cve.org/CVERecord?id=CVE-2023-52438 https://www.cve.org/CVERecord?id=CVE-2023-52439 https://www.cve.org/CVERecord?id=CVE-2023-52443 https://www.cve.org/CVERecord?id=CVE-2023-52444 https://www.cve.org/CVERecord?id=CVE-2023-52445 https://www.cve.org/CVERecord?id=CVE-2023-52448 https://www.cve.org/CVERecord?id=CVE-2023-52449 https://www.cve.org/CVERecord?id=CVE-2023-52451 https://www.cve.org/CVERecord?id=CVE-2023-52454 https://www.cve.org/CVERecord?id=CVE-2023-52456 https://www.cve.org/CVERecord?id=CVE-2023-52458 https://www.cve.org/CVERecord?id=CVE-2023-52463 https://www.cve.org/CVERecord?id=CVE-2023-52464 https://www.cve.org/CVERecord?id=CVE-2023-52467 https://www.cve.org/CVERecord?id=CVE-2023-52469 https://www.cve.org/CVERecord?id=CVE-2023-52470 https://www.cve.org/CVERecord?id=CVE-2023-52609 https://www.cve.org/CVERecord?id=CVE-2023-52610 https://www.cve.org/CVERecord?id=CVE-2023-52612 https://www.cve.org/CVERecord?id=CVE-2023-6356 https://www.cve.org/CVERecord?id=CVE-2023-6536 https://www.cve.org/CVERecord?id=CVE-2023-6915 https://www.cve.org/CVERecord?id=CVE-2024-1085 https://www.cve.org/CVERecord?id=CVE-2024-24860 https://www.cve.org/CVERecord?id=CVE-2024-26586 https://www.cve.org/CVERecord?id=CVE-2024-26589 https://www.cve.org/CVERecord?id=CVE-2024-26591 https://www.cve.org/CVERecord?id=CVE-2024-26597 https://www.cve.org/CVERecord?id=CVE-2024-26598 https://www.cve.org/CVERecord?id=CVE-2024-26631 https://www.cve.org/CVERecord?id=CVE-2024-26633 Fixed in 5.15.149: https://www.cve.org/CVERecord?id=CVE-2023-52429 https://www.cve.org/CVERecord?id=CVE-2023-52435 https://www.cve.org/CVERecord?id=CVE-2023-52486 https://www.cve.org/CVERecord?id=CVE-2023-52489 https://www.cve.org/CVERecord?id=CVE-2023-52491 https://www.cve.org/CVERecord?id=CVE-2023-52492 https://www.cve.org/CVERecord?id=CVE-2023-52493 https://www.cve.org/CVERecord?id=CVE-2023-52494 https://www.cve.org/CVERecord?id=CVE-2023-52498 https://www.cve.org/CVERecord?id=CVE-2023-52583 https://www.cve.org/CVERecord?id=CVE-2023-52587 https://www.cve.org/CVERecord?id=CVE-2023-52588 https://www.cve.org/CVERecord?id=CVE-2023-52594 https://www.cve.org/CVERecord?id=CVE-2023-52595 https://www.cve.org/CVERecord?id=CVE-2023-52597 https://www.cve.org/CVERecord?id=CVE-2023-52598 https://www.cve.org/CVERecord?id=CVE-2023-52599 https://www.cve.org/CVERecord?id=CVE-2023-52600 https://www.cve.org/CVERecord?id=CVE-2023-52601 https://www.cve.org/CVERecord?id=CVE-2023-52602 https://www.cve.org/CVERecord?id=CVE-2023-52603 https://www.cve.org/CVERecord?id=CVE-2023-52604 https://www.cve.org/CVERecord?id=CVE-2023-52606 https://www.cve.org/CVERecord?id=CVE-2023-52607 https://www.cve.org/CVERecord?id=CVE-2023-52608 https://www.cve.org/CVERecord?id=CVE-2023-52614 https://www.cve.org/CVERecord?id=CVE-2023-52615 https://www.cve.org/CVERecord?id=CVE-2023-52616 https://www.cve.org/CVERecord?id=CVE-2023-52617 https://www.cve.org/CVERecord?id=CVE-2023-52618 https://www.cve.org/CVERecord?id=CVE-2023-52619 https://www.cve.org/CVERecord?id=CVE-2023-52622 https://www.cve.org/CVERecord?id=CVE-2023-52623 https://www.cve.org/CVERecord?id=CVE-2023-52627 https://www.cve.org/CVERecord?id=CVE-2023-52630 https://www.cve.org/CVERecord?id=CVE-2023-52631 https://www.cve.org/CVERecord?id=CVE-2023-52633 https://www.cve.org/CVERecord?id=CVE-2023-52635 https://www.cve.org/CVERecord?id=CVE-2023-52637 https://www.cve.org/CVERecord?id=CVE-2023-52638 https://www.cve.org/CVERecord?id=CVE-2024-0340 https://www.cve.org/CVERecord?id=CVE-2024-1086 https://www.cve.org/CVERecord?id=CVE-2024-1151 https://www.cve.org/CVERecord?id=CVE-2024-23849 https://www.cve.org/CVERecord?id=CVE-2024-23850 https://www.cve.org/CVERecord?id=CVE-2024-23851 https://www.cve.org/CVERecord?id=CVE-2024-26592 https://www.cve.org/CVERecord?id=CVE-2024-26593 https://www.cve.org/CVERecord?id=CVE-2024-26594 https://www.cve.org/CVERecord?id=CVE-2024-26600 https://www.cve.org/CVERecord?id=CVE-2024-26602 https://www.cve.org/CVERecord?id=CVE-2024-26606 https://www.cve.org/CVERecord?id=CVE-2024-26608 https://www.cve.org/CVERecord?id=CVE-2024-26610 https://www.cve.org/CVERecord?id=CVE-2024-26614 https://www.cve.org/CVERecord?id=CVE-2024-26615 https://www.cve.org/CVERecord?id=CVE-2024-26625 https://www.cve.org/CVERecord?id=CVE-2024-26627 https://www.cve.org/CVERecord?id=CVE-2024-26635 https://www.cve.org/CVERecord?id=CVE-2024-26636 https://www.cve.org/CVERecord?id=CVE-2024-26640 https://www.cve.org/CVERecord?id=CVE-2024-26641 https://www.cve.org/CVERecord?id=CVE-2024-26644 https://www.cve.org/CVERecord?id=CVE-2024-26645 https://www.cve.org/CVERecord?id=CVE-2024-26660 https://www.cve.org/CVERecord?id=CVE-2024-26663 https://www.cve.org/CVERecord?id=CVE-2024-26664 https://www.cve.org/CVERecord?id=CVE-2024-26665 https://www.cve.org/CVERecord?id=CVE-2024-26668 https://www.cve.org/CVERecord?id=CVE-2024-26671 https://www.cve.org/CVERecord?id=CVE-2024-26673 https://www.cve.org/CVERecord?id=CVE-2024-26675 https://www.cve.org/CVERecord?id=CVE-2024-26676 https://www.cve.org/CVERecord?id=CVE-2024-26679 https://www.cve.org/CVERecord?id=CVE-2024-26684 https://www.cve.org/CVERecord?id=CVE-2024-26685 https://www.cve.org/CVERecord?id=CVE-2024-26689 https://www.cve.org/CVERecord?id=CVE-2024-26696 https://www.cve.org/CVERecord?id=CVE-2024-26697 https://www.cve.org/CVERecord?id=CVE-2024-26698 https://www.cve.org/CVERecord?id=CVE-2024-26702 https://www.cve.org/CVERecord?id=CVE-2024-26704 https://www.cve.org/CVERecord?id=CVE-2024-26707 https://www.cve.org/CVERecord?id=CVE-2024-26712 https://www.cve.org/CVERecord?id=CVE-2024-26715 https://www.cve.org/CVERecord?id=CVE-2024-26717 https://www.cve.org/CVERecord?id=CVE-2024-26720 https://www.cve.org/CVERecord?id=CVE-2024-26727 https://www.cve.org/CVERecord?id=CVE-2024-26808 Fixed in 5.15.150: https://www.cve.org/CVERecord?id=CVE-2023-52434 https://www.cve.org/CVERecord?id=CVE-2023-52497 https://www.cve.org/CVERecord?id=CVE-2023-52640 https://www.cve.org/CVERecord?id=CVE-2023-52641 https://www.cve.org/CVERecord?id=CVE-2024-0565 https://www.cve.org/CVERecord?id=CVE-2024-26601 https://www.cve.org/CVERecord?id=CVE-2024-26603 https://www.cve.org/CVERecord?id=CVE-2024-26733 https://www.cve.org/CVERecord?id=CVE-2024-26735 https://www.cve.org/CVERecord?id=CVE-2024-26736 https://www.cve.org/CVERecord?id=CVE-2024-26737 https://www.cve.org/CVERecord?id=CVE-2024-26743 https://www.cve.org/CVERecord?id=CVE-2024-26744 https://www.cve.org/CVERecord?id=CVE-2024-26747 https://www.cve.org/CVERecord?id=CVE-2024-26748 https://www.cve.org/CVERecord?id=CVE-2024-26749 https://www.cve.org/CVERecord?id=CVE-2024-26751 https://www.cve.org/CVERecord?id=CVE-2024-26752 https://www.cve.org/CVERecord?id=CVE-2024-26754 https://www.cve.org/CVERecord?id=CVE-2024-26763 https://www.cve.org/CVERecord?id=CVE-2024-26764 https://www.cve.org/CVERecord?id=CVE-2024-26766 https://www.cve.org/CVERecord?id=CVE-2024-26769 https://www.cve.org/CVERecord?id=CVE-2024-26771 https://www.cve.org/CVERecord?id=CVE-2024-26772 https://www.cve.org/CVERecord?id=CVE-2024-26773 https://www.cve.org/CVERecord?id=CVE-2024-26774 https://www.cve.org/CVERecord?id=CVE-2024-26776 https://www.cve.org/CVERecord?id=CVE-2024-26777 https://www.cve.org/CVERecord?id=CVE-2024-26778 https://www.cve.org/CVERecord?id=CVE-2024-26779 Fixed in 5.15.151: https://www.cve.org/CVERecord?id=CVE-2023-52620 https://www.cve.org/CVERecord?id=CVE-2024-0841 https://www.cve.org/CVERecord?id=CVE-2024-26622 https://www.cve.org/CVERecord?id=CVE-2024-26688 https://www.cve.org/CVERecord?id=CVE-2024-26782 https://www.cve.org/CVERecord?id=CVE-2024-26788 https://www.cve.org/CVERecord?id=CVE-2024-26790 https://www.cve.org/CVERecord?id=CVE-2024-26791 https://www.cve.org/CVERecord?id=CVE-2024-26793 https://www.cve.org/CVERecord?id=CVE-2024-26795 https://www.cve.org/CVERecord?id=CVE-2024-26798 https://www.cve.org/CVERecord?id=CVE-2024-26801 https://www.cve.org/CVERecord?id=CVE-2024-26802 https://www.cve.org/CVERecord?id=CVE-2024-26803 https://www.cve.org/CVERecord?id=CVE-2024-26804 https://www.cve.org/CVERecord?id=CVE-2024-26805 Fixed in 5.15.152: https://www.cve.org/CVERecord?id=CVE-2024-26659 https://www.cve.org/CVERecord?id=CVE-2024-26787 Fixed in 5.15.153: https://www.cve.org/CVERecord?id=CVE-2023-52447 https://www.cve.org/CVERecord?id=CVE-2023-6270 https://www.cve.org/CVERecord?id=CVE-2023-7042 https://www.cve.org/CVERecord?id=CVE-2024-22099 https://www.cve.org/CVERecord?id=CVE-2024-26651 https://www.cve.org/CVERecord?id=CVE-2024-26809 ( Security fix *)	2024-06-06 13:30:38 +02:00
Patrick J Volkerding	e5301d4448	Sat Jun 1 19:52:37 UTC 2024 patches/packages/ntp-4.2.8p18-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release to fix a possible regression. In some cases ntpd gets an error on mixed ipv4/ipv6 networks, so we'll make it possible to easily configure ntpd to use ipv4 only or ipv6 only (as well as to change any other ntpd options). rc.ntp: properly create the PID file on start. Add /etc/default/ntp to configure ntpd startup options since some people are needing to add -4 to avoid an error. Thanks to rkelsen and teoberi.	2024-06-02 13:30:47 +02:00
Patrick J Volkerding	dd5b1ba2c4	Sun May 26 00:07:39 UTC 2024 patches/packages/ntp-4.2.8p18-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-05-26 13:30:49 +02:00
Patrick J Volkerding	97a6982d2b	Wed May 22 18:57:13 UTC 2024 patches/packages/curl-8.8.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-05-23 13:30:44 +02:00
Patrick J Volkerding	e10e8c9854	Mon May 20 18:42:49 UTC 2024 patches/packages/mariadb-10.5.25-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise the server. This could result in unauthorized update, insert or delete access to some of the data as well as unauthorized read access to a subset of the data and unauthorized ability to cause a partial denial of service. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-21096 (* Security fix *)	2024-05-21 13:30:45 +02:00
Patrick J Volkerding	fb146f18cf	Thu May 16 02:31:40 UTC 2024 patches/packages/gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txz: Upgraded. ani: Reject files with multiple INA or IART chunks. ani: Reject files with multiple anih chunks. ani: validate chunk size. Thanks to 0xvhp, pedrib, and Benjamin Gilbert. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-48622 (* Security fix ) patches/packages/git-2.39.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion that can be exploited to execute just-cloned code during the clone operation. Repositories can be configured to execute arbitrary code during local clones. To address this, the ownership checks introduced in v2.30.3 are now extended to cover cloning local repositories. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory. It is supposed to be safe to clone untrusted repositories, even those unpacked from zip archives or tarballs originating from untrusted sources, but Git can be tricked to run arbitrary code as part of the clone. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32002 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://www.cve.org/CVERecord?id=CVE-2024-32465 ( Security fix *) patches/packages/popa3d-1.0.3-x86_64-7_slack15.0.txz: Rebuilt. This is a bugfix release: Build with AUTH_PAM, not AUTH_SHADOW. Thanks to jayjwa. testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-05-17 13:40:17 +02:00
Patrick J Volkerding	a86246c0dd	Tue May 14 19:07:51 UTC 2024 patches/packages/mozilla-firefox-115.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-22/ https://www.cve.org/CVERecord?id=CVE-2024-4367 https://www.cve.org/CVERecord?id=CVE-2024-4767 https://www.cve.org/CVERecord?id=CVE-2024-4768 https://www.cve.org/CVERecord?id=CVE-2024-4769 https://www.cve.org/CVERecord?id=CVE-2024-4770 https://www.cve.org/CVERecord?id=CVE-2024-4777 (* Security fix *)	2024-05-15 13:30:44 +02:00
Patrick J Volkerding	e00e146d20	Mon May 13 18:22:20 UTC 2024 patches/packages/libxml2-2.11.8-x86_64-1_slack15.0.txz: Upgraded. Fix buffer overread with "xmllint --htmlout". xmllint: Fix --pedantic option. save: Handle invalid parent pointers in xhtmlNodeDumpOutput. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-34459 (* Security fix *)	2024-05-14 13:40:19 +02:00
Patrick J Volkerding	39da3ef43f	Sun May 12 19:10:12 UTC 2024 patches/packages/whois-5.5.23-x86_64-1_slack15.0.txz: Upgraded. Updated the .sc, .******* (.xn--yfro4i67o, Singapore) and .******************************* (.xn--clchc0ea0b2g2a9gcd, Singapore) TLD servers.	2024-05-13 13:30:45 +02:00
Patrick J Volkerding	bc6a73dcbb	Thu May 9 19:26:51 UTC 2024 patches/packages/sg3_utils-1.47-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release to fix a regression in rescan-scsi-bus.sh that causes all SCSI devices to be removed from the system when the '-r' option is used. Thanks to jwoithe for the link to the upstream patch.	2024-05-10 13:30:43 +02:00
Patrick J Volkerding	1163276b19	Thu Apr 25 17:58:17 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the execution of arbitrary code. Thanks to gmgf for the heads-up. For more information, see: https://github.com/advisories/GHSA-2jc9-36w4-pmqw https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix *)	2024-04-26 13:30:48 +02:00
Patrick J Volkerding	88c375df6b	Tue Apr 23 22:24:03 UTC 2024 patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex search. RCE vulnerability with .rdoc_options in RDoc. Buffer overread vulnerability in StringIO. For more information, see: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ https://www.cve.org/CVERecord?id=CVE-2024-27282 https://www.cve.org/CVERecord?id=CVE-2024-27281 https://www.cve.org/CVERecord?id=CVE-2024-27280 (* Security fix *)	2024-04-24 13:30:50 +02:00
Patrick J Volkerding	9e65079da6	Mon Apr 22 19:36:38 UTC 2024 patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz: Upgraded. This release eliminates a bunch of issues detected during oss-fuzz runs. (* Security fix *)	2024-04-23 13:30:50 +02:00
Patrick J Volkerding	54a8f66b49	Fri Apr 19 19:36:17 UTC 2024 patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz: Upgraded. This release is a security release and addresses multiple issues: [Low] OutOfBound Read in zgfx_decompress_segment. [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data. [Low] integer underflow in nsc_rle_decode. [Low] OutOfBound Read in planar_skip_plane_rle. [Low] OutOfBound Read in ncrush_decompress. [Low] OutOfBound Read in interleaved_decompress. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32041 https://www.cve.org/CVERecord?id=CVE-2024-32039 https://www.cve.org/CVERecord?id=CVE-2024-32040 https://www.cve.org/CVERecord?id=CVE-2024-32458 https://www.cve.org/CVERecord?id=CVE-2024-32459 https://www.cve.org/CVERecord?id=CVE-2024-32460 (* Security fix *)	2024-04-20 13:30:46 +02:00
Patrick J Volkerding	d3c452d720	Thu Apr 18 19:17:30 UTC 2024 patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt. This update fixes a security issue: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-2961 (* Security fix *) patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt. testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-04-19 13:30:41 +02:00
Patrick J Volkerding	2a933a7e4f	Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10 (* Security fix *)	2024-04-18 13:30:45 +02:00
Patrick J Volkerding	7165f6f4db	Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-19/ https://www.cve.org/CVERecord?id=CVE-2024-3852 https://www.cve.org/CVERecord?id=CVE-2024-3854 https://www.cve.org/CVERecord?id=CVE-2024-3857 https://www.cve.org/CVERecord?id=CVE-2024-2609 https://www.cve.org/CVERecord?id=CVE-2024-3859 https://www.cve.org/CVERecord?id=CVE-2024-3861 https://www.cve.org/CVERecord?id=CVE-2024-3863 https://www.cve.org/CVERecord?id=CVE-2024-3302 https://www.cve.org/CVERecord?id=CVE-2024-3864 (* Security fix *)	2024-04-17 13:30:44 +02:00
Patrick J Volkerding	1d9ca96a22	Sun Apr 14 18:35:32 UTC 2024 patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32487 (* Security fix *)	2024-04-15 13:30:43 +02:00
Patrick J Volkerding	47084e3f2f	Fri Apr 12 19:08:59 UTC 2024 extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of proc_open. __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. Password_verify can erroneously return true, opening ATO risk. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.28 https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-2756 https://www.cve.org/CVERecord?id=CVE-2024-3096 (* Security fix *)	2024-04-13 13:30:41 +02:00
Patrick J Volkerding	971e161e46	Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix possible vulnerability in tar error reporting introduced in f27c173 by JiaT75. For more information, see: `f27c173d17` https://github.com/libarchive/libarchive/pull/2101 (* Security fix *)	2024-04-09 13:30:46 +02:00
Patrick J Volkerding	d5ca6849f8	Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix *)	2024-04-06 13:30:47 +02:00
Patrick J Volkerding	1e2fa38645	Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.59 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix ) patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it can accept after a HEADERS frame. For more information, see: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://www.kb.cert.org/vuls/id/421644 https://www.cve.org/CVERecord?id=CVE-2024-28182 ( Security fix *)	2024-04-05 13:30:57 +02:00
Patrick J Volkerding	d6e7dd0417	Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31083 ( Security fix *)	2024-04-04 13:30:42 +02:00
Patrick J Volkerding	3874039d9c	Fri Mar 29 02:25:21 UTC 2024 patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] split --line-bytes with a mixture of very long and short lines no longer overwrites the heap. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0684 (* Security fix *)	2024-03-29 13:30:42 +01:00
Patrick J Volkerding	9146b9762b	Wed Mar 27 19:16:09 UTC 2024 patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with mbedTLS. HTTP/2 push headers memory-leak. QUIC certificate check bypass with wolfSSL. Usage of disabled protocol. For more information, see: https://curl.se/docs/CVE-2024-2466.html https://curl.se/docs/CVE-2024-2398.html https://curl.se/docs/CVE-2024-2379.html https://curl.se/docs/CVE-2024-2004.html https://www.cve.org/CVERecord?id=CVE-2024-2466 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://www.cve.org/CVERecord?id=CVE-2024-2379 https://www.cve.org/CVERecord?id=CVE-2024-2004 (* Security fix *)	2024-03-28 13:30:39 +01:00
Patrick J Volkerding	9543d326f2	Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix *)	2024-03-25 13:30:45 +01:00
Patrick J Volkerding	fca48db86c	Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update fixes a critical security issue: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-16/ https://www.cve.org/CVERecord?id=CVE-2024-29944 (* Security fix *)	2024-03-24 13:30:44 +01:00
Patrick J Volkerding	7fee55d3d8	Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: bundled libexpat was updated to 2.6.0. zipfile is now protected from the "quoted-overlap" zipbomb. tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors. For more information, see: https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://www.cve.org/CVERecord?id=CVE-2023-6597 (* Security fix *) testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-21 13:30:40 +01:00
Patrick J Volkerding	56c5869402	Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-28834 https://www.cve.org/CVERecord?id=CVE-2024-28835 (* Security fix ) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-13/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 ( Security fix ) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 ( Security fix *)	2024-03-20 13:30:42 +01:00
Patrick J Volkerding	735bb1f74b	Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. For more information, see: `1d50b80cf3` https://www.cve.org/CVERecord?id=CVE-2024-28757 (* Security fix *)	2024-03-14 13:30:42 +01:00
Patrick J Volkerding	c131b21d96	Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-09 13:30:47 +01:00
Patrick J Volkerding	9f285815b9	Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. Thanks to J_W for the heads-up. Mishandling of permission validation for pipe devices could allow arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664 (* Security fix *)	2024-03-08 13:30:42 +01:00
Patrick J Volkerding	f4d1d3ac7d	Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ https://www.cve.org/CVERecord?id=CVE-2024-1936 (* Security fix *) patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.postfix.org/announcements/postfix-3.8.6.html	2024-03-06 13:30:42 +01:00
Patrick J Volkerding	ce64f0a935	Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2024-03-02 13:31:26 +01:00
Patrick J Volkerding	cec16b4f7e	Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded. Fixed a regression in openjpeg-2.5.1: API breakage / openjpeg version no longer detected (openjpeg.h no longer includes opj_config.h).	2024-03-01 13:30:44 +01:00
Patrick J Volkerding	970e55afb6	Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt. Patched the implementation of PEAP in wpa_supplicant to prevent an authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52160 (* Security fix *)	2024-02-29 13:30:42 +01:00
Patrick J Volkerding	6008910371	Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded. Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-3575 (* Security fix *)	2024-02-27 13:30:41 +01:00
Patrick J Volkerding	76371c76c5	Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded. Updated the .cv and .sd TLD servers. Removed 4 new gTLDs which are no longer active.	2024-02-26 13:30:47 +01:00
Patrick J Volkerding	c33fb28229	Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt. This is a bugfix release. run-parts.8: document skiping *.orig files. Thanks to metaed.	2024-02-24 13:30:44 +01:00
Patrick J Volkerding	14f2469b12	Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt. This is a bugfix release. run-parts: skip .orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/ https://www.cve.org/CVERecord?id=CVE-2024-1546 https://www.cve.org/CVERecord?id=CVE-2024-1547 https://www.cve.org/CVERecord?id=CVE-2024-1548 https://www.cve.org/CVERecord?id=CVE-2024-1549 https://www.cve.org/CVERecord?id=CVE-2024-1550 https://www.cve.org/CVERecord?id=CVE-2024-1551 https://www.cve.org/CVERecord?id=CVE-2024-1552 https://www.cve.org/CVERecord?id=CVE-2024-1553 ( Security fix *)	2024-02-22 13:39:58 +01:00
Patrick J Volkerding	bdfa16c82f	Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-24806 (* Security fix *)	2024-02-21 13:30:43 +01:00
Patrick J Volkerding	b9cc8f3425	Sun Feb 18 21:03:57 UTC 2024 extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added. In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added. In case anyone needs to run binaries linked to the old compiler.	2024-02-19 13:30:46 +01:00
Patrick J Volkerding	bdd6ac9360	Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2024-02-17 13:30:46 +01:00
Patrick J Volkerding	9847738ba0	Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded. Add limits on the resources used to do DNSSEC validation. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50868 (* Security fix *)	2024-02-15 13:30:47 +01:00
Patrick J Volkerding	cd44edc237	Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Query patterns that continuously triggered cache database maintenance could exhaust all available memory on the host running named. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-6516 https://www.cve.org/CVERecord?id=CVE-2023-6516 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 (* Security fix ) testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 ( Security fix *)	2024-02-14 13:30:43 +01:00

1 2 3 4 5 ...

1441 commits