| Commit message (Expand) | Author | Files | Lines |
2024-01-17 | Tue Jan 16 20:49:28 UTC 2024...patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
20240116204928_15.0 | Patrick J Volkerding | 31 | -164/+1796 |
2024-01-11 | Wed Jan 10 20:25:54 UTC 2024...patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20240110202554_15.0 | Patrick J Volkerding | 6 | -53/+258 |
2024-01-10 | Tue Jan 9 20:49:08 UTC 2024...patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/
20240109204908_15.0 | Patrick J Volkerding | 4 | -22/+42 |
2023-12-31 | Sat Dec 30 19:53:07 UTC 2023...patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20231230195307_15.0 | Patrick J Volkerding | 4 | -21/+37 |
2023-12-26 | Tue Dec 26 00:20:26 UTC 2023...patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
20231226002026_15.0 | Patrick J Volkerding | 58 | -2953/+65324 |
2023-12-23 | Sat Dec 23 02:48:56 UTC 2023...patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
20231223024856_15.0 | Patrick J Volkerding | 14 | -89/+624 |
2023-12-22 | Thu Dec 21 20:46:11 UTC 2023...extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
20231221204611_15.0 | Patrick J Volkerding | 6 | -44/+61 |
2023-12-21 | Wed Dec 20 21:10:47 UTC 2023...patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20231220211047_15.0 | Patrick J Volkerding | 16 | -112/+565 |
2023-12-20 | Tue Dec 19 21:24:05 UTC 2023...patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *)
patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6865
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.cve.org/CVERecord?id=CVE-2023-50762
https://www.cve.org/CVERecord?id=CVE-2023-50761
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
20231219212405_15.0 | Patrick J Volkerding | 11 | -57/+204 |
2023-12-17 | Sat Dec 16 20:33:34 UTC 2023...patches/packages/sudo-1.9.15p4-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20231216203334_15.0 | Patrick J Volkerding | 4 | -21/+37 |
2023-12-15 | Thu Dec 14 20:09:31 UTC 2023...patches/packages/bluez-5.71-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
It may have been possible for an attacker within Bluetooth range to inject
keystrokes (and possibly execute commands) while devices were discoverable.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-45866
(* Security fix *)
patches/packages/libxml2-2.11.6-x86_64-1_slack15.0.txz: Upgraded.
We're going to drop back to the 2.11 branch here on the stable releases
since it has all of the relevant security fixes and better compatibility.
20231214200931_15.0 | Patrick J Volkerding | 7 | -33/+87 |
2023-12-14 | Wed Dec 13 22:01:34 UTC 2023...patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz: Upgraded.
This update addresses regressions when building against libxml2 that were
due to header file refactoring.
patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
20231213220134_15.0 | Patrick J Volkerding | 17 | -66/+413 |
2023-12-13 | Tue Dec 12 19:54:42 UTC 2023...patches/packages/mozilla-thunderbird-115.5.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.5.2/releasenotes/
20231212195442_15.0 | Patrick J Volkerding | 4 | -22/+42 |
2023-12-10 | Sun Dec 10 01:12:17 UTC 2023...patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz: Upgraded.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
20231210011217_15.0 | Patrick J Volkerding | 12 | -105/+149 |
2023-12-07 | Wed Dec 6 20:29:23 UTC 2023...patches/packages/rdfind-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
Redundant data finder utility, needed to build the kernel-firmware package.
20231206202923_15.0 | Patrick J Volkerding | 7 | -51/+250 |
2023-12-01 | Thu Nov 30 21:21:55 UTC 2023...patches/packages/samba-4.18.9-x86_64-1_slack15.0.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.html
https://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
20231130212155_15.0 | Patrick J Volkerding | 5 | -25/+63 |
2023-11-29 | Tue Nov 28 22:13:48 UTC 2023...patches/packages/mozilla-thunderbird-115.5.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.5.1/releasenotes/
20231128221348_15.0 | Patrick J Volkerding | 6 | -27/+47 |
2023-11-25 | Fri Nov 24 20:52:02 UTC 2023...patches/packages/vim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded.
Fixed security issues.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48231
https://www.cve.org/CVERecord?id=CVE-2023-48232
https://www.cve.org/CVERecord?id=CVE-2023-48233
https://www.cve.org/CVERecord?id=CVE-2023-48234
https://www.cve.org/CVERecord?id=CVE-2023-48235
https://www.cve.org/CVERecord?id=CVE-2023-48236
https://www.cve.org/CVERecord?id=CVE-2023-48237
(* Security fix *)
patches/packages/vim-gvim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded.
20231124205202_15.0 | Patrick J Volkerding | 5 | -24/+62 |
2023-11-23 | Wed Nov 22 19:26:09 UTC 2023...patches/packages/mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
https://www.cve.org/CVERecord?id=CVE-2023-6204
https://www.cve.org/CVERecord?id=CVE-2023-6205
https://www.cve.org/CVERecord?id=CVE-2023-6206
https://www.cve.org/CVERecord?id=CVE-2023-6207
https://www.cve.org/CVERecord?id=CVE-2023-6208
https://www.cve.org/CVERecord?id=CVE-2023-6209
https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
20231122192609_15.0 | Patrick J Volkerding | 31 | -76/+114 |
2023-11-22 | Tue Nov 21 21:15:30 UTC 2023...patches/packages/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.139/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.116:
https://www.cve.org/CVERecord?id=CVE-2023-35788
https://www.cve.org/CVERecord?id=CVE-2022-45887
https://www.cve.org/CVERecord?id=CVE-2022-45886
https://www.cve.org/CVERecord?id=CVE-2023-3212
https://www.cve.org/CVERecord?id=CVE-2022-45919
Fixed in 5.15.117:
https://www.cve.org/CVERecord?id=CVE-2023-2124
https://www.cve.org/CVERecord?id=CVE-2023-34255
Fixed in 5.15.118:
https://www.cve.org/CVERecord?id=CVE-2023-3609
https://www.cve.org/CVERecord?id=CVE-2023-3117
https://www.cve.org/CVERecord?id=CVE-2023-3390
https://www.cve.org/CVERecord?id=CVE-2023-3338
Fixed in 5.15.119:
https://www.cve.org/CVERecord?id=CVE-2023-3610
Fixed in 5.15.121:
https://www.cve.org/CVERecord?id=CVE-2023-31248
https://www.cve.org/CVERecord?id=CVE-2023-38432
https://www.cve.org/CVERecord?id=CVE-2023-3866
https://www.cve.org/CVERecord?id=CVE-2023-2898
https://www.cve.org/CVERecord?id=CVE-2023-44466
https://www.cve.org/CVERecord?id=CVE-2023-4132
https://www.cve.org/CVERecord?id=CVE-2023-3611
https://www.cve.org/CVERecord?id=CVE-2022-48502
https://www.cve.org/CVERecord?id=CVE-2023-3865
https://www.cve.org/CVERecord?id=CVE-2023-35001
https://www.cve.org/CVERecord?id=CVE-2023-3776
https://www.cve.org/CVERecord?id=CVE-2023-3863
Fixed in 5.15.122:
https://www.cve.org/CVERecord?id=CVE-2023-20593
Fixed in 5.15.123:
https://www.cve.org/CVERecord?id=CVE-2023-3777
https://www.cve.org/CVERecord?id=CVE-2023-4004
Fixed in 5.15.124:
https://www.cve.org/CVERecord?id=CVE-2023-4015
https://www.cve.org/CVERecord?id=CVE-2023-4147
https://www.cve.org/CVERecord?id=CVE-2023-1206
Fixed in 5.15.125:
https://www.cve.org/CVERecord?id=CVE-2022-40982
https://www.cve.org/CVERecord?id=CVE-2023-20569
Fixed in 5.15.126:
https://www.cve.org/CVERecord?id=CVE-2023-20588
https://www.cve.org/CVERecord?id=CVE-2023-4128
https://www.cve.org/CVERecord?id=CVE-2023-4208
https://www.cve.org/CVERecord?id=CVE-2023-4206
https://www.cve.org/CVERecord?id=CVE-2023-4207
https://www.cve.org/CVERecord?id=CVE-2023-40283
Fixed in 5.15.128:
https://www.cve.org/CVERecord?id=CVE-2023-4569
https://www.cve.org/CVERecord?id=CVE-2023-39194
https://www.cve.org/CVERecord?id=CVE-2023-4273
https://www.cve.org/CVERecord?id=CVE-2023-3772
Fixed in 5.15.132:
https://www.cve.org/CVERecord?id=CVE-2023-4921
https://www.cve.org/CVERecord?id=CVE-2023-4623
https://www.cve.org/CVERecord?id=CVE-2023-42753
https://www.cve.org/CVERecord?id=CVE-2023-42752
https://www.cve.org/CVERecord?id=CVE-2023-39189
https://www.cve.org/CVERecord?id=CVE-2023-4881
https://www.cve.org/CVERecord?id=CVE-2023-45871
https://www.cve.org/CVERecord?id=CVE-2023-39193
https://www.cve.org/CVERecord?id=CVE-2023-39192
Fixed in 5.15.133:
https://www.cve.org/CVERecord?id=CVE-2023-42755
Fixed in 5.15.134:
https://www.cve.org/CVERecord?id=CVE-2023-42754
https://www.cve.org/CVERecord?id=CVE-2023-4563
https://www.cve.org/CVERecord?id=CVE-2023-4244
https://www.cve.org/CVERecord?id=CVE-2023-5197
Fixed in 5.15.135:
https://www.cve.org/CVERecord?id=CVE-2023-34324
https://www.cve.org/CVERecord?id=CVE-2023-31085
https://www.cve.org/CVERecord?id=CVE-2023-5158
Fixed in 5.15.136:
https://www.cve.org/CVERecord?id=CVE-2023-35827
Fixed in 5.15.137:
https://www.cve.org/CVERecord?id=CVE-2023-46813
https://www.cve.org/CVERecord?id=CVE-2023-5717
https://www.cve.org/CVERecord?id=CVE-2023-5178
(* Security fix *)
patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-50/
https://www.cve.org/CVERecord?id=CVE-2023-6204
https://www.cve.org/CVERecord?id=CVE-2023-6205
https://www.cve.org/CVERecord?id=CVE-2023-6206
https://www.cve.org/CVERecord?id=CVE-2023-6207
https://www.cve.org/CVERecord?id=CVE-2023-6208
https://www.cve.org/CVERecord?id=CVE-2023-6209
https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
20231121211530_15.0 | Patrick J Volkerding | 33 | -296/+62854 |
2023-11-19 | Sat Nov 18 19:26:33 UTC 2023...patches/packages/ca-certificates-20231117-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
20231118192633_15.0 | Patrick J Volkerding | 5 | -1810/+880 |
2023-11-17 | Thu Nov 16 20:51:47 UTC 2023...patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release, needed by the GIMP upgrade.
patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz: Upgraded.
This release fixes security issues:
If a user loads a malicious DDS, PSD, or PSP file, this could result in a
program crash or possibly the execution of arbitrary code.
Please note that this package also requires the updated gegl package.
Thanks to henca for the heads-up.
For more information, see:
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/
https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444
(* Security fix *)
20231116205147_15.0 | Patrick J Volkerding | 12 | -90/+520 |
2023-11-16 | Wed Nov 15 22:01:26 UTC 2023...patches/packages/mozilla-thunderbird-115.4.3-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.3/releasenotes/
20231115220126_15.0 | Patrick J Volkerding | 4 | -22/+42 |
2023-11-15 | Tue Nov 14 21:22:47 UTC 2023...patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Vulnerability allows high privileged attacker with network access via
multiple protocols to compromise the server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
(* Security fix *)
20231114212247_15.0 | Patrick J Volkerding | 4 | -21/+51 |
2023-11-14 | Mon Nov 13 19:20:40 UTC 2023...extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including patches for several
security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-3550
https://www.cve.org/CVERecord?id=CVE-2022-3551
https://www.cve.org/CVERecord?id=CVE-2022-3553
https://www.cve.org/CVERecord?id=CVE-2022-4283
https://www.cve.org/CVERecord?id=CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2023-0494
https://www.cve.org/CVERecord?id=CVE-2023-1393
https://www.cve.org/CVERecord?id=CVE-2023-5367
https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
20231113192040_15.0 | Patrick J Volkerding | 23 | -157/+1500 |
2023-11-11 | Fri Nov 10 18:46:44 UTC 2023...patches/packages/whois-5.5.20-x86_64-1_slack15.0.txz: Upgraded.
Added the .gn TLD server.
Removed 6 new gTLDs which are no longer active.
20231110184644_15.0 | Patrick J Volkerding | 4 | -21/+39 |
2023-11-09 | Wed Nov 8 22:04:25 UTC 2023...patches/packages/mozilla-thunderbird-115.4.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
patches/packages/sudo-1.9.15p1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release:
Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
from being able to read the ldap.conf file.
20231108220425_15.0 | Patrick J Volkerding | 5 | -27/+55 |
2023-11-08 | Tue Nov 7 19:57:12 UTC 2023...patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded.
The sudoers plugin has been modified to make it more resilient to ROWHAMMER
attacks on authentication and policy matching.
The sudoers plugin now constructs the user time stamp file path name using
the user-ID instead of the user name. This avoids a potential problem with
user names that contain a path separator ('/') being interpreted as part of
the path name.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42465
https://www.cve.org/CVERecord?id=CVE-2023-42456
(* Security fix *)
20231107195712_15.0 | Patrick J Volkerding | 4 | -21/+55 |
2023-11-01 | Tue Oct 31 18:49:18 UTC 2023...extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.25
20231031184918_15.0 | Patrick J Volkerding | 4 | -24/+44 |
2023-10-27 | Thu Oct 26 19:55:16 UTC 2023...patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
https://www.cve.org/CVERecord?id=CVE-2023-5721
https://www.cve.org/CVERecord?id=CVE-2023-5732
https://www.cve.org/CVERecord?id=CVE-2023-5724
https://www.cve.org/CVERecord?id=CVE-2023-5725
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5727
https://www.cve.org/CVERecord?id=CVE-2023-5728
https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
20231026195516_15.0 | Patrick J Volkerding | 16 | -63/+416 |
2023-10-25 | Tue Oct 24 22:26:20 UTC 2023...patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-46/
https://www.cve.org/CVERecord?id=CVE-2023-5721
https://www.cve.org/CVERecord?id=CVE-2023-5732
https://www.cve.org/CVERecord?id=CVE-2023-5724
https://www.cve.org/CVERecord?id=CVE-2023-5725
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5727
https://www.cve.org/CVERecord?id=CVE-2023-5728
https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.0/releasenotes/
patches/packages/vim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded.
Fixed use-after-free security issue.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5535
(* Security fix *)
patches/packages/vim-gvim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded.
20231024222620_15.0 | Patrick J Volkerding | 7 | -40/+102 |
2023-10-23 | Sun Oct 22 19:30:42 UTC 2023...patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes security issues:
A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or application
crash.
A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
application crash by maliciously crafted input file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-32142
https://www.cve.org/CVERecord?id=CVE-2023-1729
(* Security fix *)
20231022193042_15.0 | Patrick J Volkerding | 9 | -67/+339 |
2023-10-20 | Thu Oct 19 19:14:05 UTC 2023...patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
right away on RST.
low: mod_macro buffer over-read.
low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.58
https://www.cve.org/CVERecord?id=CVE-2023-45802
https://www.cve.org/CVERecord?id=CVE-2023-31122
https://www.cve.org/CVERecord?id=CVE-2023-43622
(* Security fix *)
patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
20231019191405_15.0 | Patrick J Volkerding | 7 | -45/+92 |
2023-10-18 | Tue Oct 17 19:34:56 UTC 2023...patches/packages/util-linux-2.37.4-x86_64-2_slack15.0.txz: Rebuilt.
Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
'-h' option, used (for example) by telnetd. If -h is used without
/etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
will be ignored, possibly allowing root to login from a tty that is not
considered secure. Of course, the usual disclaimers about the security of
telnet/telnetd apply.
Thanks to HytronBG and Petri Kaukasoina.
(* Security fix *)
20231017193456_15.0 | Patrick J Volkerding | 6 | -25/+61 |
2023-10-12 | Wed Oct 11 22:22:40 UTC 2023...patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz: Upgraded.
Fixed a crash bug (a crafted file defining width of zero leads to divide by
zero and a crash). Seems to be merely a bug rather than a security issue, but
I'd been meaning to get beta20 building so this was a good excuse.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-0856
(* Security fix *)
20231011222240_15.0 | Patrick J Volkerding | 19 | -139/+990 |
2023-10-11 | Tue Oct 10 19:27:56 UTC 2023...patches/packages/libcue-2.2.1-x86_64-4_slack15.0.txz: Rebuilt.
Fixed a bug which could allow memory corruption resulting in arbitrary
code execution.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-43641
(* Security fix *)
patches/packages/libnotify-0.8.3-x86_64-1_slack15.0.txz: Upgraded.
This release contains a critical stability/minor security update which
affects Electron applications that utilize Portal notifications (eg,
through Flatpak). It is highly recommended that all users of libnotify
0.8.x update to this release.
(* Security fix *)
20231010192756_15.0 | Patrick J Volkerding | 11 | -89/+478 |
2023-10-10 | Mon Oct 9 18:10:01 UTC 2023...patches/packages/wayland-1.22.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/whois-5.5.19-x86_64-1_slack15.0.txz: Upgraded.
Fixed english support for Japanese queries to not add again the /e argument
if it had already been provided by the user. (Closes: #1050171)
Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
.a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
TLD servers.
Upgraded the TLD URLs to HTTPS whenever possible.
Updated the charset for whois.jprs.jp.
Removed 3 new gTLDs which are no longer active.
Removed support for the obsolete as32 dot notation.
20231009181001_15.0 | Patrick J Volkerding | 8 | -53/+263 |
2023-10-07 | Fri Oct 6 21:28:34 UTC 2023...patches/packages/netatalk-3.1.18-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Harden create_appledesktop_folder().
For more information, see:
https://netatalk.sourceforge.io/CVE-2022-22995.php
https://www.cve.org/CVERecord?id=CVE-2022-22995
(* Security fix *)
20231006212834_15.0 | Patrick J Volkerding | 4 | -21/+47 |
2023-10-04 | Tue Oct 3 22:19:10 UTC 2023...patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
libX11: out-of-bounds memory access in _XkbReadKeySyms().
libX11: stack exhaustion from infinite recursion in PutSubImage().
libX11: integer overflow in XCreateImage() leading to a heap overflow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://www.cve.org/CVERecord?id=CVE-2023-43785
https://www.cve.org/CVERecord?id=CVE-2023-43786
https://www.cve.org/CVERecord?id=CVE-2023-43787
(* Security fix *)
patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
libXpm: out of bounds read on XPM with corrupted colormap.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://www.cve.org/CVERecord?id=CVE-2023-43788
https://www.cve.org/CVERecord?id=CVE-2023-43789
(* Security fix *)
20231003221910_15.0 | Patrick J Volkerding | 5 | -26/+78 |
2023-10-01 | Sat Sep 30 21:33:49 UTC 2023...patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains two security related fixes -- one each for VP8 and VP9.
For more information, see:
https://crbug.com/1486441
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains a security fix for a critical heap buffer overflow in
the libvpx VP8 encoder.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
20230930213349_15.0 | Patrick J Volkerding | 11 | -66/+460 |
2023-09-29 | Thu Sep 28 21:37:06 UTC 2023...extra/php81/php81-8.1.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.24
patches/packages/mozilla-firefox-115.3.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains a security fix.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
20230928213706_15.0 | Patrick J Volkerding | 5 | -39/+73 |
2023-09-28 | Wed Sep 27 23:51:07 UTC 2023...patches/packages/mozilla-thunderbird-115.3.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/
20230927235107_15.0 | Patrick J Volkerding | 4 | -22/+42 |
2023-09-27 | Tue Sep 26 19:30:21 UTC 2023...patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/mozilla-firefox-115.3.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/
https://www.cve.org/CVERecord?id=CVE-2023-5168
https://www.cve.org/CVERecord?id=CVE-2023-5169
https://www.cve.org/CVERecord?id=CVE-2023-5171
https://www.cve.org/CVERecord?id=CVE-2023-5174
https://www.cve.org/CVERecord?id=CVE-2023-5176
(* Security fix *)
20230926193021_15.0 | Patrick J Volkerding | 8 | -54/+220 |
2023-09-22 | Thu Sep 21 19:32:42 UTC 2023...patches/packages/bind-9.16.44-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Limit the amount of recursion that can be performed by isccc_cc_fromwire.
For more information, see:
https://kb.isc.org/docs/cve-2023-3341
https://www.cve.org/CVERecord?id=CVE-2023-3341
(* Security fix *)
patches/packages/cups-2.4.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed Heap-based buffer overflow when reading Postscript in PPD files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4504
(* Security fix *)
patches/packages/mozilla-thunderbird-115.2.3-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.17.1
https://www.cve.org/CVERecord?id=CVE-2023-4863
(* Security fix *)
testing/packages/bind-9.18.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Limit the amount of recursion that can be performed by isccc_cc_fromwire.
Fix use-after-free error in TLS DNS code when sending data.
For more information, see:
https://kb.isc.org/docs/cve-2023-3341
https://www.cve.org/CVERecord?id=CVE-2023-3341
https://kb.isc.org/docs/cve-2023-4236
https://www.cve.org/CVERecord?id=CVE-2023-4236
(* Security fix *)
20230921193242_15.0 | Patrick J Volkerding | 10 | -75/+136 |
2023-09-19 | Mon Sep 18 18:40:04 UTC 2023...patches/packages/netatalk-3.1.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
20230918184004_15.0 | Patrick J Volkerding | 4 | -21/+49 |
2023-09-16 | Fri Sep 15 19:48:39 UTC 2023...patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
of the TLS handshake and included protections (like certificate verification)
and treating sent unencrypted data as if it were post-handshake TLS encrypted
data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-40217
(* Security fix *)
20230915194839_15.0 | Patrick J Volkerding | 4 | -23/+53 |
2023-09-15 | Thu Sep 14 21:10:50 UTC 2023...patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz: Upgraded.
Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4863
(* Security fix *)
20230914211050_15.0 | Patrick J Volkerding | 12 | -73/+373 |
2023-09-13 | Wed Sep 13 01:32:01 UTC 2023...patches/packages/mozilla-firefox-115.2.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/
(* Security fix *)
patches/packages/mozilla-thunderbird-115.2.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.1/releasenotes/
20230913013201_15.0 | Patrick J Volkerding | 5 | -32/+62 |
2023-09-12 | Mon Sep 11 20:19:30 UTC 2023...patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue that does not affect Linux:
Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4807
patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded.
Fixed three use-after-free security issues.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4733
https://www.cve.org/CVERecord?id=CVE-2023-4752
https://www.cve.org/CVERecord?id=CVE-2023-4750
(* Security fix *)
patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded.
Fixed three use-after-free security issues.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4733
https://www.cve.org/CVERecord?id=CVE-2023-4752
https://www.cve.org/CVERecord?id=CVE-2023-4750
(* Security fix *)
20230911201930_15.0 | Patrick J Volkerding | 8 | -35/+96 |
2023-09-04 | Sun Sep 3 19:37:21 UTC 2023...patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz: Rebuilt.
Fix crash on startup. Thanks to Lockywolf and ponce.
20230903193721_15.0 | Patrick J Volkerding | 17 | -120/+1132 |