mirror of
git://slackware.nl/current.git
synced 2024-12-27 09:59:16 +01:00
4657194ae3
Several ELF objects were found to have rpaths pointing into /tmp, a world writable directory. This could have allowed a local attacker to launch denial of service attacks or execute arbitrary code when the affected binaries are run by placing crafted ELF objects in the /tmp rpath location. All rpaths with an embedded /tmp path have been scrubbed from the binaries, and makepkg has gained a lint feature to detect these so that they won't creep back in. extra/llvm-17.0.6-x86_64-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/cryfs-0.10.3-x86_64-5_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/cups-filters-1.28.17-x86_64-2_slack15.0.txz: Rebuilt. Mitigate security issue that could lead to a denial of service or the execution of arbitrary code. Rebuilt with --with-browseremoteprotocols=none to disable incoming connections, since this daemon has been shown to be insecure. If you actually use cups-browsed, be sure to install the new /etc/cups/cups-browsed.conf.new containing this line: BrowseRemoteProtocols none For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 (* Security fix *) patches/packages/espeak-ng-1.50-x86_64-4_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/libvncserver-0.9.13-x86_64-4_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/marisa-0.2.6-x86_64-5_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/mlt-7.4.0-x86_64-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.16.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-48 https://www.cve.org/CVERecord?id=CVE-2024-9392 https://www.cve.org/CVERecord?id=CVE-2024-9393 https://www.cve.org/CVERecord?id=CVE-2024-9394 https://www.cve.org/CVERecord?id=CVE-2024-9401 (* Security fix *) patches/packages/openobex-1.7.2-x86_64-6_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) patches/packages/pkgtools-15.0-noarch-44_slack15.0.txz: Rebuilt. makepkg: when looking for ELF objects with --remove-rpaths or --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part of the directory or filename. Also warn about /tmp rpaths after the package is built. patches/packages/spirv-llvm-translator-13.0.0-x86_64-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) testing/packages/llvm-18.1.8-x86_64-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) |
||
---|---|---|
.. | ||
aaa_base | ||
aaa_libraries | ||
acl | ||
acpid | ||
attr | ||
bash | ||
bin | ||
btrfs-progs | ||
bzip2 | ||
coreutils | ||
cpio | ||
cpufrequtils | ||
cracklib | ||
cryptsetup | ||
dbus | ||
dcron | ||
devs | ||
dialog | ||
dosfstools | ||
e2fsprogs | ||
ed | ||
efibootmgr | ||
efivar | ||
elilo | ||
elogind | ||
elvis | ||
etc | ||
eudev | ||
exfatprogs | ||
f2fs-tools | ||
file | ||
findutils | ||
floppy | ||
gawk | ||
genpower | ||
gettext | ||
glibc-zoneinfo | ||
gpm | ||
gptfdisk | ||
grep | ||
grub | ||
gzip | ||
haveged | ||
hdparm | ||
hostname | ||
hwdata | ||
infozip | ||
inih | ||
inotify-tools | ||
isapnptools | ||
jfsutils | ||
kbd | ||
kernel-firmware | ||
kmod | ||
lbzip2 | ||
less | ||
lhasa | ||
libblockdev | ||
libbytesize | ||
libcgroup | ||
libgudev | ||
libpwquality | ||
lilo | ||
logrotate | ||
lrzip | ||
lvm2 | ||
lzip | ||
lzlib | ||
mcelog | ||
mdadm | ||
minicom | ||
mkinitrd | ||
mlocate | ||
mt-st | ||
mtx | ||
ncompress | ||
ndctl | ||
ntfs-3g | ||
nvi | ||
os-prober | ||
pam | ||
patch | ||
pciutils | ||
pcmciautils | ||
pkgtools | ||
plzip | ||
procps-ng | ||
quota | ||
reiserfsprogs | ||
rpm2tgz | ||
sdparm | ||
sed | ||
shadow | ||
sharutils | ||
smartmontools | ||
splitvt | ||
sysfsutils | ||
sysklogd | ||
syslinux | ||
sysvinit | ||
sysvinit-functions | ||
sysvinit-scripts | ||
tar | ||
tcsh | ||
time | ||
tree | ||
udisks | ||
udisks2 | ||
unarj | ||
upower | ||
usb_modeswitch | ||
usbutils | ||
utempter | ||
util-linux | ||
volume_key | ||
which | ||
xfsprogs | ||
xz | ||
zerofree | ||
zoo | ||
aaa_terminfo | ||
FTBFSlog |