slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

History

Patrick J Volkerding 75a92ded1e Tue Jul 23 18:54:25 UTC 2024 patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz: Upgraded. Please note that we have moved to the 9.18 branch, as 9.16 is EOL. This update fixes security issues: Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-1975 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://www.cve.org/CVERecord?id=CVE-2024-0760 (* Security fix ) patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-7_slack15.0.txz: Rebuilt. This update fixes security issues: nscd: Stack-based buffer overflow in netgroup cache. nscd: Null pointer crash after notfound response. nscd: netgroup cache may terminate daemon on memory allocation failure. nscd: netgroup cache assumes NSS callback uses in-buffer strings. These vulnerabilities were only present in the nscd binary. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-33599 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://www.cve.org/CVERecord?id=CVE-2024-33602 ( Security fix ) patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/ https://www.cve.org/CVERecord?id=CVE-2024-6600 https://www.cve.org/CVERecord?id=CVE-2024-6601 https://www.cve.org/CVERecord?id=CVE-2024-6602 https://www.cve.org/CVERecord?id=CVE-2024-6603 https://www.cve.org/CVERecord?id=CVE-2024-6604 ( Security fix *)	2024-07-24 13:31:01 +02:00
..
packages	Tue Jul 23 18:54:25 UTC 2024	2024-07-24 13:31:01 +02:00
source	Tue Jul 23 18:54:25 UTC 2024	2024-07-24 13:31:01 +02:00

Patrick J Volkerding 75a92ded1e Tue Jul 23 18:54:25 UTC 2024

patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz:  Upgraded.
  Please note that we have moved to the 9.18 branch, as 9.16 is EOL.
  This update fixes security issues:
  Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
  qctx-zversion was not being cleared when it should have been leading to
  an assertion failure if it needed to be reused.
  An excessively large number of rrtypes per owner can slow down database query
  processing, so a limit has been placed on the number of rrtypes that can be
  stored per owner (node) in a cache or zone database. This is configured with
  the new "max-rrtypes-per-name" option, and defaults to 100.
  Excessively large rdatasets can slow down database query processing, so a
  limit has been placed on the number of records that can be stored per
  rdataset in a cache or zone database. This is configured with the new
  "max-records-per-type" option, and defaults to 100.
  Malicious DNS client that sends many queries over TCP but never reads
  responses can cause server to respond slowly or not respond at all for other
  clients.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-1975
    https://www.cve.org/CVERecord?id=CVE-2024-4076
    https://www.cve.org/CVERecord?id=CVE-2024-1737
    https://www.cve.org/CVERecord?id=CVE-2024-0760
  (* Security fix *)
patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz:  Rebuilt.
patches/packages/glibc-2.33-x86_64-7_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  nscd: Stack-based buffer overflow in netgroup cache.
  nscd: Null pointer crash after notfound response.
  nscd: netgroup cache may terminate daemon on memory allocation failure.
  nscd: netgroup cache assumes NSS callback uses in-buffer strings.
  These vulnerabilities were only present in the nscd binary.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-33599
    https://www.cve.org/CVERecord?id=CVE-2024-33600
    https://www.cve.org/CVERecord?id=CVE-2024-33601
    https://www.cve.org/CVERecord?id=CVE-2024-33602
  (* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz:  Rebuilt.
patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz:  Rebuilt.
patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
    https://www.cve.org/CVERecord?id=CVE-2024-6600
    https://www.cve.org/CVERecord?id=CVE-2024-6601
    https://www.cve.org/CVERecord?id=CVE-2024-6602
    https://www.cve.org/CVERecord?id=CVE-2024-6603
    https://www.cve.org/CVERecord?id=CVE-2024-6604
  (* Security fix *)

2024-07-24 13:31:01 +02:00

packages

Tue Jul 23 18:54:25 UTC 2024

2024-07-24 13:31:01 +02:00

source

Tue Jul 23 18:54:25 UTC 2024

2024-07-24 13:31:01 +02:00