mirror of
git://slackware.nl/current.git
synced 2024-11-16 07:48:02 +01:00
1e755d579a
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-47
https://www.cve.org/CVERecord?id=CVE-2024-9392
https://www.cve.org/CVERecord?id=CVE-2024-9393
https://www.cve.org/CVERecord?id=CVE-2024-9394
https://www.cve.org/CVERecord?id=CVE-2024-8900
https://www.cve.org/CVERecord?id=CVE-2024-9396
https://www.cve.org/CVERecord?id=CVE-2024-9397
https://www.cve.org/CVERecord?id=CVE-2024-9398
https://www.cve.org/CVERecord?id=CVE-2024-9399
https://www.cve.org/CVERecord?id=CVE-2024-9400
https://www.cve.org/CVERecord?id=CVE-2024-9401
https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
||
|---|---|---|
| .. | ||
| a2ps | ||
| acct | ||
| alsa-utils | ||
| amp | ||
| at | ||
| bc | ||
| bpe | ||
| cdparanoia | ||
| cdrdao | ||
| cdrtools | ||
| cups | ||
| cups-browsed | ||
| cups-filters | ||
| dash | ||
| dc3dd | ||
| ddrescue | ||
| diffstat | ||
| diffutils | ||
| dmapi | ||
| dmidecode | ||
| dvd+rw-tools | ||
| enscript | ||
| flac | ||
| ghostscript | ||
| ghostscript-fonts-std | ||
| gphoto2 | ||
| groff | ||
| gutenprint | ||
| hplip | ||
| htop | ||
| inxi | ||
| ispell | ||
| itstool | ||
| jed | ||
| joe | ||
| jove | ||
| ksh93 | ||
| libx86 | ||
| linuxdoc-tools | ||
| lm_sensors | ||
| lsof | ||
| lsscsi | ||
| lxc | ||
| madplay | ||
| man-db | ||
| man-pages | ||
| mariadb | ||
| mc | ||
| moc | ||
| most | ||
| mpg123 | ||
| nano | ||
| neofetch | ||
| normalize | ||
| nvme-cli | ||
| opus-tools | ||
| pamixer | ||
| powertop | ||
| qpdf | ||
| radeontool | ||
| rdfind | ||
| rpm | ||
| rzip | ||
| sc | ||
| sc-im | ||
| scdoc | ||
| screen | ||
| seejpeg | ||
| slackpkg | ||
| soma | ||
| sox | ||
| sqlite | ||
| squashfs-tools | ||
| stow | ||
| sudo | ||
| sysstat | ||
| terminus-font | ||
| texinfo | ||
| tmux | ||
| undervolt | ||
| usbmuxd | ||
| vbetool | ||
| vim | ||
| vorbis-tools | ||
| xfsdump | ||
| xmltoman | ||
| xorriso | ||
| zsh | ||
| FTBFSlog | ||