mirror of
git://slackware.nl/current.git
synced 2025-01-17 18:12:36 +01:00
53b8e9dd39
d/python3-3.9.8-x86_64-1.txz: Upgraded.
l/libtasn1-4.18.0-x86_64-1.txz: Upgraded.
n/curl-7.80.0-x86_64-1.txz: Upgraded.
n/ethtool-5.15-x86_64-1.txz: Upgraded.
n/samba-4.15.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
SMB1 client connections can be downgraded to plaintext authentication.
A user on the domain can become root on domain members.
Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC.
Samba AD DC did not always rely on the SID and PAC in Kerberos tickets.
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
Samba AD DC did not do suffienct access and conformance checking of data
stored.
Use after free in Samba AD DC RPC server.
Subsequent DCE/RPC fragment injection vulnerability.
For more information, see:
https://www.samba.org/samba/security/CVE-2016-2124.html
https://www.samba.org/samba/security/CVE-2020-25717.html
^^ (PLEASE READ! There are important behaviour changes described)
https://www.samba.org/samba/security/CVE-2020-25718.html
https://www.samba.org/samba/security/CVE-2020-25719.html
https://www.samba.org/samba/security/CVE-2020-25721.html
https://www.samba.org/samba/security/CVE-2020-25722.html
https://www.samba.org/samba/security/CVE-2021-3738.html
https://www.samba.org/samba/security/CVE-2021-23192.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
(* Security fix *)
x/xorg-server-xwayland-21.1.3-x86_64-1.txz: Upgraded.
|
||
|---|---|---|
| .. | ||
| a | ||
| ap | ||
| d | ||
| e | ||
| f | ||
| installer | ||
| k | ||
| kde | ||
| l | ||
| n | ||
| t | ||
| tcl | ||
| x | ||
| xap | ||
| xfce | ||
| y | ||
| buildlist-from-changelog.sh | ||
| make_world.sh | ||
| README.TXT | ||
This is the source used for Slackware. To look for a particular bit of source (let's say for 'cp'), first you would look for the full path: fuzzy:~# which cp /bin/cp Then, you grep for the package it came from. Note that the leading '/' is removed: fuzzy:~# grep bin/cp /var/log/packages/* /var/log/packages/cpio-2.4.2.91-i386-1:bin/cpio /var/log/packages/fileutils-4.1-i386-2:bin/cp /var/log/packages/gcc-2.95.3-i386-2:usr/bin/cpp /var/log/packages/gnome-applets-1.4.0.5-i386-1:usr/bin/cpumemusage_applet From this, you can see that 'cp' came from the fileutils-4.1-i386-2 package. The source will be found in a corresponding subdirectory. In this case, that would be ./a/bin. Don't be fooled into thinking that the _bin.tar.gz in this directory is the package with the source code -- anything starting with '_' is just a framework package full of empty files with the correct permissions and ownerships for the completed package to use. Many of these packages now have scripts that untar, patch, and compile the source automatically. These are the 'SlackBuild' scripts. Moving back to the example above, you can figure out which package the bin/cp source came from by examining the SlackBuild script. Have fun! --- Patrick J. Volkerding volkerdi@slackware.com