SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sun May 14 17:03:16 UTC 2023
a/pkgtools-15.1-noarch-5.txz: Rebuilt.
installpkg, removepkg, upgradepkg: make all of these scripts accept either
--dry-run or --warn for consistency. Thanks to Brent Spillner.
So what does this mean? It is like a simulation install and doesn't actually install the package?
Sun May 14 17:03:16 UTC 2023
a/pkgtools-15.1-noarch-5.txz: Rebuilt.
installpkg, removepkg, upgradepkg: make all of these scripts accept either
--dry-run or --warn for consistency. Thanks to Brent Spillner.
So what does this mean? It is like a simulation install and doesn't actually install the package?
Sun May 14 17:03:16 UTC 2023
a/pkgtools-15.1-noarch-5.txz: Rebuilt.
installpkg, removepkg, upgradepkg: make all of these scripts accept either
--dry-run or --warn for consistency. Thanks to Brent Spillner.
So what does this mean? It is like a simulation install and doesn't actually install the package?
Try looking in the man pages... on Slackware 15.0 --dry-run is only present in upgradepkg. One can (safely) presume it will have the same meaning in installpkg and removepkg.
Code:
man upgradepkg
OPTIONS
--dry-run
Output a report about which packages would be installed or upgraded but
don't actually perform the upgrades.
3 updates (x86_64). Including a (* Security fix *)! : 3 upgraded
Code:
Wed May 17 20:59:51 UTC 2023
patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
more POST-after-PUT confusion.
IDN wildcard match.
siglongjmp race condition.
UAF in SSH sha256 fingerprint check.
For more information, see:
https://curl.se/docs/CVE-2023-28322.html
https://curl.se/docs/CVE-2023-28321.html
https://curl.se/docs/CVE-2023-28320.html
https://curl.se/docs/CVE-2023-28319.html
https://www.cve.org/CVERecord?id=CVE-2023-28322
https://www.cve.org/CVERecord?id=CVE-2023-28321
https://www.cve.org/CVERecord?id=CVE-2023-28320
https://www.cve.org/CVERecord?id=CVE-2023-28319
(* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Fri May 19 18:59:24 UTC 2023
patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Mon May 22 19:05:02 UTC 2023
patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
0-byte UDP payload causes Denial of Service.
Insufficient randomness in generation of DNS query IDs.
Buffer Underwrite in ares_inet_net_pton().
AutoTools does not set CARES_RANDOM_FILE during cross compilation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32067
https://www.cve.org/CVERecord?id=CVE-2023-31147
https://www.cve.org/CVERecord?id=CVE-2023-31130
https://www.cve.org/CVERecord?id=CVE-2023-31124
(* Security fix *)
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Thu May 25 00:24:33 UTC 2023
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Thu May 25 19:04:56 UTC 2023
patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed vulnerabilities that may allow an attacker using a maliciously
crafted NTFS-formatted image file or external storage to potentially
execute arbitrary privileged code or cause a denial of service.
Thanks to opty.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
(* Security fix *)
Sat May 27 20:42:29 UTC 2023
patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/
3 updates (x86_64). Including a (* Security fix *)! : 3 upgraded
Code:
Wed May 31 01:29:12 UTC 2023
patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Possible DoS translating ASN.1 object identifiers.
For more information, see:
https://www.openssl.org/news/secadv/20230530.txt
https://www.cve.org/CVERecord?id=CVE-2023-2650
(* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Fri Jun 2 20:56:35 UTC 2023
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
Sun Jun 4 19:16:13 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz: Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
4 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 2 rebuilt
Code:
Tue Jun 6 20:26:59 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz: Rebuilt.
Recompiled without -DUSE_EAI or ICU libraries as this experimental option
is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz: Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.cve.org/CVERecord?id=CVE-2023-34414
https://www.cve.org/CVERecord?id=CVE-2023-34416
(* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
