| Commit message (Collapse) | Author | Files | Lines |
|---|
|
extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.20
(* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
(* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24329
(* Security fix *)
|
|
patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz: Upgraded.
This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
tries to find the default destination and the default destination is not set
on the machine.
patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix and robustness enhancement release.
Thanks to McDutchie for the great work!
Thanks to pghvlaans for improvements to the build script.
|
|
extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz: Rebuilt.
Recompiled without -DUSE_EAI or ICU libraries as this experimental option
is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz: Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.cve.org/CVERecord?id=CVE-2023-34414
https://www.cve.org/CVERecord?id=CVE-2023-34416
(* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz: Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
|
|
patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Possible DoS translating ASN.1 object identifiers.
For more information, see:
https://www.openssl.org/news/secadv/20230530.txt
https://www.cve.org/CVERecord?id=CVE-2023-2650
(* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
|
|
patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/
|
|
patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed vulnerabilities that may allow an attacker using a maliciously
crafted NTFS-formatted image file or external storage to potentially
execute arbitrary privileged code or cause a denial of service.
Thanks to opty.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
(* Security fix *)
|
|
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
|
|
patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
0-byte UDP payload causes Denial of Service.
Insufficient randomness in generation of DNS query IDs.
Buffer Underwrite in ares_inet_net_pton().
AutoTools does not set CARES_RANDOM_FILE during cross compilation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32067
https://www.cve.org/CVERecord?id=CVE-2023-31147
https://www.cve.org/CVERecord?id=CVE-2023-31130
https://www.cve.org/CVERecord?id=CVE-2023-31124
(* Security fix *)
|
|
patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
|
|
patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
more POST-after-PUT confusion.
IDN wildcard match.
siglongjmp race condition.
UAF in SSH sha256 fingerprint check.
For more information, see:
https://curl.se/docs/CVE-2023-28322.html
https://curl.se/docs/CVE-2023-28321.html
https://curl.se/docs/CVE-2023-28320.html
https://curl.se/docs/CVE-2023-28319.html
https://www.cve.org/CVERecord?id=CVE-2023-28322
https://www.cve.org/CVERecord?id=CVE-2023-28321
https://www.cve.org/CVERecord?id=CVE-2023-28320
https://www.cve.org/CVERecord?id=CVE-2023-28319
(* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
extra/php80/php80-8.0.28-x86_64-2_slack15.0.txz: Rebuilt.
This update removes extension=xmlrpc from the php.ini files.
extra/php81/php81-8.1.19-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.19
|
|
patches/packages/mozilla-thunderbird-102.11.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
https://www.cve.org/CVERecord?id=CVE-2023-32206
https://www.cve.org/CVERecord?id=CVE-2023-32207
https://www.cve.org/CVERecord?id=CVE-2023-32211
https://www.cve.org/CVERecord?id=CVE-2023-32212
https://www.cve.org/CVERecord?id=CVE-2023-32213
https://www.cve.org/CVERecord?id=CVE-2023-32214
https://www.cve.org/CVERecord?id=CVE-2023-32215
(* Security fix *)
|
|
patches/packages/mozilla-firefox-102.11.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.11.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-17/
https://www.cve.org/CVERecord?id=CVE-2023-32205
https://www.cve.org/CVERecord?id=CVE-2023-32206
https://www.cve.org/CVERecord?id=CVE-2023-32207
https://www.cve.org/CVERecord?id=CVE-2023-32211
https://www.cve.org/CVERecord?id=CVE-2023-32212
https://www.cve.org/CVERecord?id=CVE-2023-32213
https://www.cve.org/CVERecord?id=CVE-2023-32214
https://www.cve.org/CVERecord?id=CVE-2023-32215
(* Security fix *)
|
|
patches/packages/ca-certificates-20230506-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
|
|
patches/packages/libssh-0.10.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A NULL dereference during rekeying with algorithm guessing.
A possible authorization bypass in pki_verify_data_signature under
low-memory conditions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1667
https://www.cve.org/CVERecord?id=CVE-2023-2283
(* Security fix *)
|
|
patches/packages/whois-5.5.17-x86_64-1_slack15.0.txz: Upgraded.
Added the .cd TLD server.
Updated the -kg NIC handles server name.
Removed 2 new gTLDs which are no longer active.
|
|
patches/packages/netatalk-3.1.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues, including a critical vulnerability that
allows remote attackers to execute arbitrary code on affected installations
of Netatalk. Authentication is not required to exploit this vulnerability.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-43634
https://www.cve.org/CVERecord?id=CVE-2022-45188
(* Security fix *)
|
|
patches/packages/git-2.35.8-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
By feeding specially crafted input to `git apply --reject`, a
path outside the working tree can be overwritten with partially
controlled contents (corresponding to the rejected hunk(s) from
the given patch).
When Git is compiled with runtime prefix support and runs without
translated messages, it still used the gettext machinery to
display messages, which subsequently potentially looked for
translated messages in unexpected places. This allowed for
malicious placement of crafted messages.
When renaming or deleting a section from a configuration file,
certain malicious configuration values may be misinterpreted as
the beginning of a new configuration section, leading to arbitrary
configuration injection.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-25652
https://www.cve.org/CVERecord?id=CVE-2023-25815
https://www.cve.org/CVERecord?id=CVE-2023-29007
(* Security fix *)
patches/packages/mozilla-thunderbird-102.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.10.1/releasenotes/
|
|
patches/packages/bind-9.16.40-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.14-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
extra/php81/php81-8.1.17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.17
|
|
patches/packages/mozilla-thunderbird-102.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#MFSA-TMP-2023-0001
https://www.cve.org/CVERecord?id=CVE-2023-29531
https://www.cve.org/CVERecord?id=CVE-2023-29532
https://www.cve.org/CVERecord?id=CVE-2023-29533
https://www.cve.org/CVERecord?id=CVE-2023-29535
https://www.cve.org/CVERecord?id=CVE-2023-29536
https://www.cve.org/CVERecord?id=CVE-2023-0547
https://www.cve.org/CVERecord?id=CVE-2023-29479
https://www.cve.org/CVERecord?id=CVE-2023-29539
https://www.cve.org/CVERecord?id=CVE-2023-29541
https://www.cve.org/CVERecord?id=CVE-2023-29542
https://www.cve.org/CVERecord?id=CVE-2023-29545
https://www.cve.org/CVERecord?id=CVE-2023-1945
https://www.cve.org/CVERecord?id=CVE-2023-29548
https://www.cve.org/CVERecord?id=CVE-2023-29550
(* Security fix *)
|
|
patches/packages/mozilla-firefox-102.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#MFSA-TMP-2023-0001
https://www.cve.org/CVERecord?id=CVE-2023-29531
https://www.cve.org/CVERecord?id=CVE-2023-29532
https://www.cve.org/CVERecord?id=CVE-2023-29533
https://www.cve.org/CVERecord?id=CVE-2023-29535
https://www.cve.org/CVERecord?id=CVE-2023-29536
https://www.cve.org/CVERecord?id=CVE-2023-29539
https://www.cve.org/CVERecord?id=CVE-2023-29541
https://www.cve.org/CVERecord?id=CVE-2023-29545
https://www.cve.org/CVERecord?id=CVE-2023-1945
https://www.cve.org/CVERecord?id=CVE-2023-29548
https://www.cve.org/CVERecord?id=CVE-2023-29550
(* Security fix *)
|
|
patches/packages/httpd-2.4.57-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.57
|
|
patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. The primary focus is to correct a rare corruption
bug in high compression mode. While the probability might be very small,
corruption issues are nonetheless very serious, so an update to this version
is highly recommended, especially if you employ high compression modes
(levels 16+).
|
|
patches/packages/irssi-1.4.4-x86_64-1_slack15.0.txz: Upgraded.
Do not crash Irssi when one line is printed as the result of another line
being printed.
Also solve a memory leak while printing unformatted lines.
(* Security fix *)
|
|
patches/packages/ruby-3.0.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
https://www.cve.org/CVERecord?id=CVE-2023-28755
https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
patches/packages/seamonkey-2.53.16-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
|
|
patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
https://www.cve.org/CVERecord?id=CVE-2023-28427
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
|
|
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
|
|
patches/packages/curl-8.0.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
SSH connection too eager reuse still.
HSTS double-free.
GSS delegation too eager connection re-use.
FTP too eager connection reuse.
SFTP path ~ resolving discrepancy.
TELNET option IAC injection.
For more information, see:
https://curl.se/docs/CVE-2023-27538.html
https://curl.se/docs/CVE-2023-27537.html
https://curl.se/docs/CVE-2023-27536.html
https://curl.se/docs/CVE-2023-27535.html
https://curl.se/docs/CVE-2023-27534.html
https://curl.se/docs/CVE-2023-27533.html
https://www.cve.org/CVERecord?id=CVE-2023-27538
https://www.cve.org/CVERecord?id=CVE-2023-27537
https://www.cve.org/CVERecord?id=CVE-2023-27536
https://www.cve.org/CVERecord?id=CVE-2023-27535
https://www.cve.org/CVERecord?id=CVE-2023-27534
https://www.cve.org/CVERecord?id=CVE-2023-27533
(* Security fix *)
patches/packages/vim-9.0.1418-x86_64-1_slack15.0.txz: Upgraded.
Fixed security issues:
NULL pointer dereference issue in utfc_ptr2len.
Incorrect Calculation of Buffer Size.
Heap-based Buffer Overflow.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1264
https://www.cve.org/CVERecord?id=CVE-2023-1175
https://www.cve.org/CVERecord?id=CVE-2023-1170
(* Security fix *)
patches/packages/vim-gvim-9.0.1418-x86_64-1_slack15.0.txz: Upgraded.
|
|
patches/packages/bind-9.16.39-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
https://www.cve.org/CVERecord?id=CVE-2023-25751
https://www.cve.org/CVERecord?id=CVE-2023-28164
https://www.cve.org/CVERecord?id=CVE-2023-28162
https://www.cve.org/CVERecord?id=CVE-2023-25752
https://www.cve.org/CVERecord?id=CVE-2023-28163
https://www.cve.org/CVERecord?id=CVE-2023-28176
(* Security fix *)
patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz: Upgraded.
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
For more information, see:
https://www.openssh.com/txt/release-9.3
(* Security fix *)
testing/packages/bind-9.18.13-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
patches/packages/mozilla-firefox-102.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-10
https://www.cve.org/CVERecord?id=CVE-2023-25751
https://www.cve.org/CVERecord?id=CVE-2023-28164
https://www.cve.org/CVERecord?id=CVE-2023-28162
https://www.cve.org/CVERecord?id=CVE-2023-25752
https://www.cve.org/CVERecord?id=CVE-2023-28163
https://www.cve.org/CVERecord?id=CVE-2023-28176
(* Security fix *)
|
|
patches/packages/httpd-2.4.56-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
|
|
patches/packages/sudo-1.9.13p3-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz: Upgraded.
Here's an upgrade to the latest xscreensaver.
|
|
patches/packages/whois-5.5.16-x86_64-1_slack15.0.txz: Upgraded.
Add bash completion support, courtesy of Ville Skytta.
Updated the .tr TLD server.
Removed support for -metu NIC handles.
|
|
patches/packages/curl-7.88.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
|
|
patches/packages/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded.
patches/packages/linux-5.15.80/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.81:
https://www.cve.org/CVERecord?id=CVE-2022-47519
https://www.cve.org/CVERecord?id=CVE-2022-47518
https://www.cve.org/CVERecord?id=CVE-2022-47520
https://www.cve.org/CVERecord?id=CVE-2022-47521
https://www.cve.org/CVERecord?id=CVE-2022-3344
Fixed in 5.15.82:
https://www.cve.org/CVERecord?id=CVE-2022-45869
https://www.cve.org/CVERecord?id=CVE-2022-4378
Fixed in 5.15.83:
https://www.cve.org/CVERecord?id=CVE-2022-3643
Fixed in 5.15.84:
https://www.cve.org/CVERecord?id=CVE-2022-3545
Fixed in 5.15.85:
https://www.cve.org/CVERecord?id=CVE-2022-45934
Fixed in 5.15.86:
https://www.cve.org/CVERecord?id=CVE-2022-3534
https://www.cve.org/CVERecord?id=CVE-2022-3424
Fixed in 5.15.87:
https://www.cve.org/CVERecord?id=CVE-2022-41218
https://www.cve.org/CVERecord?id=CVE-2023-23455
https://www.cve.org/CVERecord?id=CVE-2023-23454
https://www.cve.org/CVERecord?id=CVE-2023-0045
https://www.cve.org/CVERecord?id=CVE-2023-0210
https://www.cve.org/CVERecord?id=CVE-2022-36280
Fixed in 5.15.88:
https://www.cve.org/CVERecord?id=CVE-2023-0266
https://www.cve.org/CVERecord?id=CVE-2022-47929
Fixed in 5.15.89:
https://www.cve.org/CVERecord?id=CVE-2023-0179
https://www.cve.org/CVERecord?id=CVE-2023-0394
Fixed in 5.15.90:
https://www.cve.org/CVERecord?id=CVE-2022-4382
https://www.cve.org/CVERecord?id=CVE-2022-4842
Fixed in 5.15.91:
https://www.cve.org/CVERecord?id=CVE-2022-4129
https://www.cve.org/CVERecord?id=CVE-2023-23559
(* Security fix *)
|
|
patches/packages/mozilla-thunderbird-102.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/
https://www.cve.org/CVERecord?id=CVE-2023-0616
https://www.cve.org/CVERecord?id=CVE-2023-25728
https://www.cve.org/CVERecord?id=CVE-2023-25730
https://www.cve.org/CVERecord?id=CVE-2023-0767
https://www.cve.org/CVERecord?id=CVE-2023-25735
https://www.cve.org/CVERecord?id=CVE-2023-25737
https://www.cve.org/CVERecord?id=CVE-2023-25738
https://www.cve.org/CVERecord?id=CVE-2023-25739
https://www.cve.org/CVERecord?id=CVE-2023-25729
https://www.cve.org/CVERecord?id=CVE-2023-25732
https://www.cve.org/CVERecord?id=CVE-2023-25734
https://www.cve.org/CVERecord?id=CVE-2023-25742
https://www.cve.org/CVERecord?id=CVE-2023-25746
(* Security fix *)
|
|
patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP multi-header compression denial of service.
HSTS amnesia with --parallel.
HSTS ignored on multiple requests.
For more information, see:
https://curl.se/docs/CVE-2023-23916.html
https://curl.se/docs/CVE-2023-23915.html
https://curl.se/docs/CVE-2023-23914.html
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
(* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22490
https://www.cve.org/CVERecord?id=CVE-2023-23946
(* Security fix *)
|
|
extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
patches/packages/hwdata-0.367-noarch-1_slack15.0.txz: Upgraded.
Upgraded to get information for newer hardware.
Requested by kingbeowulf on LQ.
patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
https://www.cve.org/CVERecord?id=CVE-2023-25728
https://www.cve.org/CVERecord?id=CVE-2023-25730
https://www.cve.org/CVERecord?id=CVE-2023-25743
https://www.cve.org/CVERecord?id=CVE-2023-0767
https://www.cve.org/CVERecord?id=CVE-2023-25735
https://www.cve.org/CVERecord?id=CVE-2023-25737
https://www.cve.org/CVERecord?id=CVE-2023-25738
https://www.cve.org/CVERecord?id=CVE-2023-25739
https://www.cve.org/CVERecord?id=CVE-2023-25729
https://www.cve.org/CVERecord?id=CVE-2023-25732
https://www.cve.org/CVERecord?id=CVE-2023-25734
https://www.cve.org/CVERecord?id=CVE-2023-25742
https://www.cve.org/CVERecord?id=CVE-2023-25746
(* Security fix *)
patches/packages/php-7.4.33-x86_64-3_slack15.0.txz: Rebuilt.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
|
|
patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz: Upgraded.
libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0361
(* Security fix *)
|
|
patches/packages/mozilla-thunderbird-102.7.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.2/releasenotes/
|
|
patches/packages/openssl-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
X.400 address type confusion in X.509 GeneralName.
Timing Oracle in RSA Decryption.
Use-after-free following BIO_new_NDEF.
Double free after calling PEM_read_bio_ex.
For more information, see:
https://www.openssl.org/news/secadv/20230207.txt
https://www.cve.org/CVERecord?id=CVE-2023-0286
https://www.cve.org/CVERecord?id=CVE-2022-4304
https://www.cve.org/CVERecord?id=CVE-2023-0215
https://www.cve.org/CVERecord?id=CVE-2022-4450
(* Security fix *)
patches/packages/openssl-solibs-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
|
|
patches/packages/openssh-9.2p1-x86_64-1_slack15.0.txz: Upgraded.
This release contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable, but
upstream reports most network-reachable memory faults as security bugs.
This update contains some potentially incompatible changes regarding the
scp utility. For more information, see:
https://www.openssh.com/releasenotes.html#9.0
For more information, see:
https://www.openssh.com/releasenotes.html#9.2
(* Security fix *)
|
|
patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer. (CVE-2022-24963)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-24963
https://www.cve.org/CVERecord?id=CVE-2021-35940
https://www.cve.org/CVERecord?id=CVE-2017-12613
(* Security fix *)
patches/packages/apr-util-1.6.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer. (CVE-2022-25147)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-25147
(* Security fix *)
patches/packages/mozilla-thunderbird-102.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/
https://www.cve.org/CVERecord?id=CVE-2023-0430
(* Security fix *)
|
|
patches/packages/bind-9.16.37-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
An UPDATE message flood could cause :iscman:`named` to exhaust all
available memory. This flaw was addressed by adding a new
:any:`update-quota` option that controls the maximum number of
outstanding DNS UPDATE messages that :iscman:`named` can hold in a
queue at any given time (default: 100).
:iscman:`named` could crash with an assertion failure when an RRSIG
query was received and :any:`stale-answer-client-timeout` was set to a
non-zero value. This has been fixed.
:iscman:`named` running as a resolver with the
:any:`stale-answer-client-timeout` option set to any value greater
than ``0`` could crash with an assertion failure, when the
:any:`recursive-clients` soft quota was reached. This has been fixed.
For more information, see:
https://kb.isc.org/docs/cve-2022-3094
https://kb.isc.org/docs/cve-2022-3736
https://kb.isc.org/docs/cve-2022-3924
https://www.cve.org/CVERecord?id=CVE-2022-3094
https://www.cve.org/CVERecord?id=CVE-2022-3736
https://www.cve.org/CVERecord?id=CVE-2022-3924
(* Security fix *)
patches/packages/vim-9.0.1241-x86_64-1_slack15.0.txz: Upgraded.
Fixed a security issue:
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0433
(* Security fix *)
patches/packages/vim-gvim-9.0.1241-x86_64-1_slack15.0.txz: Upgraded.
testing/packages/bind-9.18.11-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
An UPDATE message flood could cause :iscman:`named` to exhaust all
available memory. This flaw was addressed by adding a new
:any:`update-quota` option that controls the maximum number of
outstanding DNS UPDATE messages that :iscman:`named` can hold in a
queue at any given time (default: 100).
:iscman:`named` could crash with an assertion failure when an RRSIG
query was received and :any:`stale-answer-client-timeout` was set to a
non-zero value. This has been fixed.
:iscman:`named` running as a resolver with the
:any:`stale-answer-client-timeout` option set to any value greater
than ``0`` could crash with an assertion failure, when the
:any:`recursive-clients` soft quota was reached. This has been fixed.
For more information, see:
https://kb.isc.org/docs/cve-2022-3094
https://kb.isc.org/docs/cve-2022-3736
https://kb.isc.org/docs/cve-2022-3924
https://www.cve.org/CVERecord?id=CVE-2022-3094
https://www.cve.org/CVERecord?id=CVE-2022-3736
https://www.cve.org/CVERecord?id=CVE-2022-3924
(* Security fix *)
|
|
patches/packages/mozilla-thunderbird-102.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.7
(* Security fix *)
patches/packages/seamonkey-2.53.15-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.15
(* Security fix *)
|
|
patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
a malicious user with sudoedit privileges to edit arbitrary files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22809
(* Security fix *)
|
Patrick J Volkerding