summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt32
1 files changed, 32 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 9e7c249a4..10de8592f 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,35 @@
+Wed Jul 19 20:36:46 UTC 2023
+patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes a security issue:
+ fopen race condition.
+ For more information, see:
+ https://curl.se/docs/CVE-2023-32001.html
+ https://www.cve.org/CVERecord?id=CVE-2023-32001
+ (* Security fix *)
+patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes a security issue:
+ ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
+ execution relating to PKCS#11 providers.
+ The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
+ execution via a forwarded agent socket if the following conditions are met:
+ * Exploitation requires the presence of specific libraries on the victim
+ system.
+ * Remote exploitation requires that the agent was forwarded to an
+ attacker-controlled system.
+ Exploitation can also be prevented by starting ssh-agent(1) with an empty
+ PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
+ contains only specific provider libraries.
+ This vulnerability was discovered and demonstrated to be exploitable by the
+ Qualys Security Advisory team.
+ Potentially-incompatible changes:
+ * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
+ issued by remote clients by default. A flag has been added to restore the
+ previous behaviour: "-Oallow-remote-pkcs11".
+ For more information, see:
+ https://www.openssh.com/txt/release-9.3p2
+ https://www.cve.org/CVERecord?id=CVE-2023-38408
+ (* Security fix *)
++--------------------------+
Mon Jul 17 19:17:19 UTC 2023
patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.