SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1 updates (x86_64). Including a (* Security fix *)! : 1 Upgraded
Code:
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
4 updates (x86_64). Including a (* Security fix *)! : 4 Upgraded
Code:
Wed Jan 31 21:19:19 UTC 2024
extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded.
patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
Sat Feb 3 20:54:00 UTC 2024
patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
1 updates (x86_64). Including a (* Security fix *)! : 1 Upgraded
Code:
Sun Feb 4 19:37:40 UTC 2024
patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 Upgraded
Code:
Wed Feb 7 20:07:29 UTC 2024
patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
Thu Feb 8 22:17:18 UTC 2024
patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded.
This is a bugfix release that addresses (among other things) an
"unbound variable" error if the signing server is not available.
Thanks to metaed for the heads-up.
1 updates (x86_64). Including a (* Security fix *)! : 1 Upgraded
Code:
Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
Fix a deadlock when an object stream's length field is contained in another
object stream. Thanks to Jiahao Liu for the bug report.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2018-7453
https://www.cve.org/CVERecord?id=CVE-2018-16369
https://www.cve.org/CVERecord?id=CVE-2022-36561
https://www.cve.org/CVERecord?id=CVE-2022-41844
https://www.cve.org/CVERecord?id=CVE-2023-2663
https://www.cve.org/CVERecord?id=CVE-2023-2664
https://www.cve.org/CVERecord?id=CVE-2023-3044
https://www.cve.org/CVERecord?id=CVE-2023-3436
(* Security fix *)
Do you still have trouble accessing my changelog file?
I've isolated it to port 80 (works fine) vs port 443 (forbidden).
Windows Chrome works fine.
Linux Chrome rewrites the URL from http to https, but manually I can edit the link and resubmit to get the changelog.
Android Chrome rewrites the URL also. But when I manually edit the link and resubmit I still get https and forbidden.
If I come up with definite solutions I'll follow up.
I've isolated it to port 80 (works fine) vs port 443 (forbidden).
Windows Chrome works fine.
Linux Chrome rewrites the URL from http to https, but manually I can edit the link and resubmit to get the changelog.
Android Chrome rewrites the URL also. But when I manually edit the link and resubmit I still get https and forbidden.
If I come up with definite solutions I'll follow up.
I only run a Nginx server on port 80 on this box
So, if any browser rewrite http to https, you need to add an exception
It's clearly not a Google compliant site, but is that surprising? :-)
I only run a Nginx server on port 80 on this box
So, if any browser rewrite http to https, you need to add an exception
It's clearly not a Google compliant site, but is that surprising? :-)
Well this has nothing to do with Google, rather with enabling secure connections. But you are not alone, same issue with slackware.com
Last edited by Didier Spaier; 02-10-2024 at 08:23 AM.
Reason: s/to allow/enabling/
Sun Feb 11 22:11:59 UTC 2024
patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/
Upgrading dehydrated from 0.7.0 to 0.7.1 recreates the directory /var/www/dehydrated. This means the directory user:group revert to root:root. Anyone who has configured DEHYDRATED_USER and DEHYDRATED_GROUP to non-root for safety reasons will also have changed the user:group on /var/www/dehydrated. (See the excellent 2019 tutorial by AlienBOB, “Using Let’s Encrypt to Secure your Slackware webserver with HTTPS”.) This means as a post-upgrade step you must restore the directory user:group, as they no longer align with the user:group in the configuration file. Because it is a normal, optional, step to set DEHYDRATED_USER and DEHYDRATED_GROUP, it might make sense for the doinst.sh script to preserve the user:group of /var/www/dehydrated in the case of an upgrade.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
