slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00

History

Patrick J Volkerding b9cb99a88e Wed Jul 19 20:36:46 UTC 2023 patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: fopen race condition. For more information, see: https://curl.se/docs/CVE-2023-32001.html https://www.cve.org/CVERecord?id=CVE-2023-32001 (* Security fix ) patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code execution relating to PKCS#11 providers. The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Potentially-incompatible changes: * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour: "-Oallow-remote-pkcs11". For more information, see: https://www.openssh.com/txt/release-9.3p2 https://www.cve.org/CVERecord?id=CVE-2023-38408 (* Security fix *)	2023-07-21 13:30:33 +02:00
..
packages	Wed Jul 19 20:36:46 UTC 2023	2023-07-21 13:30:33 +02:00
source	Wed Jul 12 20:41:16 UTC 2023	2023-07-13 13:30:36 +02:00

Patrick J Volkerding b9cb99a88e Wed Jul 19 20:36:46 UTC 2023

patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  fopen race condition.
  For more information, see:
    https://curl.se/docs/CVE-2023-32001.html
    https://www.cve.org/CVERecord?id=CVE-2023-32001
  (* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
  execution relating to PKCS#11 providers.
  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
  execution via a forwarded agent socket if the following conditions are met:
  * Exploitation requires the presence of specific libraries on the victim
    system.
  * Remote exploitation requires that the agent was forwarded to an
    attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an empty
  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
  contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable by the
  Qualys Security Advisory team.
  Potentially-incompatible changes:
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
  issued by remote clients by default. A flag has been added to restore the
  previous behaviour: "-Oallow-remote-pkcs11".
  For more information, see:
    https://www.openssh.com/txt/release-9.3p2
    https://www.cve.org/CVERecord?id=CVE-2023-38408
  (* Security fix *)

2023-07-21 13:30:33 +02:00

packages

Wed Jul 19 20:36:46 UTC 2023

2023-07-21 13:30:33 +02:00

source

Wed Jul 12 20:41:16 UTC 2023

2023-07-13 13:30:36 +02:00