summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-07-19 20:36:46 +0000
committer Eric Hameleers <alien@slackware.com>2023-07-19 23:51:30 +0200
commit6f8b2b4fabce9d8d0571802529cad2df31d9a0ca (patch)
treee9ebed30271d260e477fc09d30189ecd8405ad78 /ChangeLog.txt
parenta1b07eafc1e2522790168868d732f16d0c442ff8 (diff)
downloadcurrent-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.gz
current-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.xz
Wed Jul 19 20:36:46 UTC 202320230719203646
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded. a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded. a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded. d/cmake-3.27.0-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.39-x86-1.txz: Upgraded. k/kernel-source-6.1.39-noarch-1.txz: Upgraded. l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded. n/bind-9.18.17-x86_64-1.txz: Upgraded. n/curl-8.2.0-x86_64-1.txz: Upgraded. This update fixes a security issue: fopen race condition. For more information, see: https://curl.se/docs/CVE-2023-32001.html https://www.cve.org/CVERecord?id=CVE-2023-32001 (* Security fix *) n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded. n/openssh-9.3p2-x86_64-1.txz: Upgraded. This update fixes a security issue: ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code execution relating to PKCS#11 providers. The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Potentially-incompatible changes: * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour: "-Oallow-remote-pkcs11". For more information, see: https://www.openssh.com/txt/release-9.3p2 https://www.cve.org/CVERecord?id=CVE-2023-38408 (* Security fix *) n/samba-4.18.5-x86_64-1.txz: Upgraded. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 (* Security fix *) xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/ isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt76
1 files changed, 76 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 47ab1ac4d..c642a8aef 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,79 @@
+Wed Jul 19 20:36:46 UTC 2023
+a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
+a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
+a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
+a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
+a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
+d/cmake-3.27.0-x86_64-1.txz: Upgraded.
+d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
+k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
+l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
+n/bind-9.18.17-x86_64-1.txz: Upgraded.
+n/curl-8.2.0-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ fopen race condition.
+ For more information, see:
+ https://curl.se/docs/CVE-2023-32001.html
+ https://www.cve.org/CVERecord?id=CVE-2023-32001
+ (* Security fix *)
+n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
+n/openssh-9.3p2-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
+ execution relating to PKCS#11 providers.
+ The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
+ execution via a forwarded agent socket if the following conditions are met:
+ * Exploitation requires the presence of specific libraries on the victim
+ system.
+ * Remote exploitation requires that the agent was forwarded to an
+ attacker-controlled system.
+ Exploitation can also be prevented by starting ssh-agent(1) with an empty
+ PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
+ contains only specific provider libraries.
+ This vulnerability was discovered and demonstrated to be exploitable by the
+ Qualys Security Advisory team.
+ Potentially-incompatible changes:
+ * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
+ issued by remote clients by default. A flag has been added to restore the
+ previous behaviour: "-Oallow-remote-pkcs11".
+ For more information, see:
+ https://www.openssh.com/txt/release-9.3p2
+ https://www.cve.org/CVERecord?id=CVE-2023-38408
+ (* Security fix *)
+n/samba-4.18.5-x86_64-1.txz: Upgraded.
+ This update fixes security issues:
+ When winbind is used for NTLM authentication, a maliciously crafted request
+ can trigger an out-of-bounds read in winbind and possibly crash it.
+ SMB2 packet signing is not enforced if an admin configured
+ "server signing = required" or for SMB2 connections to Domain Controllers
+ where SMB2 packet signing is mandatory.
+ An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
+ triggered by an unauthenticated attacker by issuing a malformed RPC request.
+ Missing type validation in Samba's mdssvc RPC service for Spotlight can be
+ used by an unauthenticated attacker to trigger a process crash in a shared
+ RPC mdssvc worker process.
+ As part of the Spotlight protocol Samba discloses the server-side absolute
+ path of shares and files and directories in search results.
+ For more information, see:
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+ https://www.samba.org/samba/security/CVE-2023-3347.html
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+ https://www.cve.org/CVERecord?id=CVE-2022-2127
+ https://www.cve.org/CVERecord?id=CVE-2023-3347
+ https://www.cve.org/CVERecord?id=CVE-2023-34966
+ https://www.cve.org/CVERecord?id=CVE-2023-34967
+ https://www.cve.org/CVERecord?id=CVE-2023-34968
+ (* Security fix *)
+xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
+ This is a bugfix release.
+ For more information, see:
+ https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
++--------------------------+
Tue Jul 18 19:58:10 UTC 2023
a/tar-1.35-x86_64-1.txz: Upgraded.
x/mesa-23.2.0_rc1-x86_64-1.txz: Upgraded.