| Commit message (Expand) | Author | Age | Files | Lines |
* | Tue Mar 15 00:13:59 UTC 2022...patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_sed: Read/write beyond bounds
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody
HTTP request smuggling vulnerability
mod_lua: Use of uninitialized value in r:parsebody
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.53
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
(* Security fix *)
patches/packages/mozilla-firefox-91.7.1esr-x86_64-1_slack15.0.txz: Upgraded.
This release makes the following change:
Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.7.1/releasenotes/
(* Security fix *)
20220315001359_15.0 | Patrick J Volkerding | 2022-03-15 | 9 | -0/+438 |
* | Sat Mar 12 20:57:35 UTC 2022...patches/packages/polkit-0.120-x86_64-3_slack15.0.txz: Rebuilt.
Patched to fix a security issue where an unprivileged user could cause a
denial of service due to process file descriptor exhaustion.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
(* Security fix *)
20220312205735_15.0 | Patrick J Volkerding | 2022-03-13 | 8 | -0/+452 |
* | Thu Mar 10 02:30:54 UTC 2022...patches/packages/ca-certificates-20220309-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
20220310023054_15.0 | Patrick J Volkerding | 2022-03-10 | 10 | -0/+23628 |
* | Wed Mar 9 04:14:08 UTC 2022...patches/packages/linux-5.15.27/*: Upgraded.
These updates fix various bugs and security issues, including the recently
announced "Dirty Pipe" vulnerability which allows overwriting data in
arbitrary read-only files (CVE-2022-0847).
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.20:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492
Fixed in 5.15.23:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0487
Fixed in 5.15.24:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25258
Fixed in 5.15.25:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
Fixed in 5.15.26:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636
(* Security fix *)
20220309041408_15.0 | Patrick J Volkerding | 2022-03-09 | 5 | -0/+55 |
* | Tue Mar 8 04:39:53 UTC 2022...patches/packages/boost-1.78.0-x86_64-2_slack15.0.txz: Rebuilt.
This update has been patched to fix a regression:
Boost.Build silently skips installation of library headers and binaries in
some cases.
Thanks to Willy Sudiarto Raharjo.
20220308043953_15.0 | Patrick J Volkerding | 2022-03-09 | 4 | -0/+309 |
* | Tue Mar 8 00:52:43 UTC 2022...patches/packages/mozilla-firefox-91.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.7.0/releasenotes/
(* Security fix *)
20220308005243_15.0 | Patrick J Volkerding | 2022-03-08 | 1 | -0/+0 |
* | Sat Mar 5 19:56:26 UTC 2022...patches/packages/expat-2.4.7-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release:
Relax fix to CVE-2022-25236 (introduced with release 2.4.5) with regard to
all valid URI characters (RFC 3986).
patches/packages/mozilla-firefox-91.6.1esr-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.6.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-09/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486
(* Security fix *)
patches/packages/mozilla-thunderbird-91.6.2-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.2/releasenotes/
(* Security fix *)
20220305195626_15.0 | Patrick J Volkerding | 2022-03-06 | 3 | -0/+0 |
* | Wed Mar 2 21:39:57 UTC 2022...patches/packages/seamonkey-2.53.11-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.11
(* Security fix *)
20220302213957_15.0 | Patrick J Volkerding | 2022-03-03 | 11 | -0/+922 |
* | Tue Mar 1 05:05:48 UTC 2022...patches/packages/libxml2-2.9.13-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *)
patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
20220301050548_15.0 | Patrick J Volkerding | 2022-03-02 | 11 | -0/+445 |
* | Fri Feb 25 00:03:28 UTC 2022...patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
(* Security fix *)
20220225000328_15.0 | Patrick J Volkerding | 2022-02-25 | 6 | -0/+227 |
* | Mon Feb 21 20:21:38 UTC 2022...patches/packages/expat-2.4.6-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression introduced by the fix for CVE-2022-25313 that affects
applications that (1) call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations:
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
patches/packages/flac-1.3.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes overflow issues with encoding and decoding.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
(* Security fix *)
patches/packages/mariadb-10.5.15-x86_64-2_slack15.0.txz: Rebuilt.
Removed dangling symlink.
20220221202138_15.0 | Patrick J Volkerding | 2022-02-22 | 8 | -2/+183 |
* | Sun Feb 20 05:13:20 UTC 2022...patches/packages/expat-2.4.5-x86_64-1_slack15.0.txz: Upgraded.
Fixed security issues that could lead to denial of service or potentially
arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
(* Security fix *)
20220220051320_15.0 | Patrick J Volkerding | 2022-02-21 | 3 | -0/+137 |
* | Fri Feb 18 05:29:00 UTC 2022...patches/packages/mozilla-thunderbird-91.6.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
(* Security fix *)
patches/packages/php-7.4.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
20220218052900_15.0 | Patrick J Volkerding | 2022-02-19 | 11 | -0/+664 |
* | Tue Feb 15 20:00:48 UTC 2022...patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt.
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded.
This release fixes a security issue in chsh(1) and chfn(8):
By default, these utilities had been linked with libreadline, which allows
the INPUTRC environment variable to be abused to produce an error message
containing data from an arbitrary file. So, don't link these utilities with
libreadline as it does not use secure_getenv() (or a similar concept), or
sanitize the config file path to avoid vulnerabilities that could occur in
set-user-ID or set-group-ID programs.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
(* Security fix *)
20220215200048_15.0 | Patrick J Volkerding | 2022-02-16 | 29 | -0/+7956 |
* | Mon Feb 14 00:10:38 UTC 2022...patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
(* Security fix *)
20220214001038_15.0 | Patrick J Volkerding | 2022-02-14 | 6 | -0/+383 |
* | Thu Feb 10 01:46:55 UTC 2022...patches/packages/at-3.2.3-x86_64-1_slack15.0.txz: Upgraded.
Switched to at-3.2.3 since version 3.2.4 has a regression that causes
queued jobs to not always run on time when atd is run as a standalone
daemon. Thanks to Cesare.
patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-05/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
(* Security fix *)
patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6
(* Security fix *)
20220210014655_15.0 | Patrick J Volkerding | 2022-02-10 | 40 | -0/+3636 |