SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Wed Jun 7 21:12:41 UTC 2023
patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz: Upgraded.
This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
tries to find the default destination and the default destination is not set
on the machine.
patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix and robustness enhancement release.
Thanks to McDutchie for the great work!
Thanks to pghvlaans for improvements to the build script.
3 updates (x86_64). Including a (* Security fix *)! : 3 upgraded
Code:
Fri Jun 9 01:06:21 UTC 2023
extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.20
(* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
(* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24329
(* Security fix *)
Wed Jun 14 21:43:32 UTC 2023
patches/packages/cups-2.4.5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/ksh93-1.0.6-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Thu Jun 15 18:59:33 UTC 2023
patches/packages/libX11-1.8.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes buffer overflows in InitExt.c that could at least cause
the client to crash due to memory corruption.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3138
(* Security fix *)
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Thu Jun 22 01:54:11 UTC 2023
patches/packages/bind-9.16.42-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Exceeding the recursive-clients quota may cause named to terminate
unexpectedly when stale-answer-client-timeout is set to 0.
For more information, see:
https://kb.isc.org/docs/cve-2023-2911
https://www.cve.org/CVERecord?id=CVE-2023-2911
(* Security fix *)
patches/packages/kernel-firmware-20230620_045b213-noarch-1.txz: Upgraded.
patches/packages/linux-5.15.118/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.93:
https://www.cve.org/CVERecord?id=CVE-2023-2162
https://www.cve.org/CVERecord?id=CVE-2023-32269
Fixed in 5.15.94:
https://www.cve.org/CVERecord?id=CVE-2023-1078
https://www.cve.org/CVERecord?id=CVE-2022-27672
Fixed in 5.15.95:
https://www.cve.org/CVERecord?id=CVE-2023-1513
https://www.cve.org/CVERecord?id=CVE-2023-1281
https://www.cve.org/CVERecord?id=CVE-2023-26545
Fixed in 5.15.96:
https://www.cve.org/CVERecord?id=CVE-2023-0459
https://www.cve.org/CVERecord?id=CVE-2022-3707
https://www.cve.org/CVERecord?id=CVE-2022-2196
Fixed in 5.15.99:
https://www.cve.org/CVERecord?id=CVE-2023-2985
https://www.cve.org/CVERecord?id=CVE-2023-1079
https://www.cve.org/CVERecord?id=CVE-2023-25012
https://www.cve.org/CVERecord?id=CVE-2023-1076
https://www.cve.org/CVERecord?id=CVE-2023-1077
https://www.cve.org/CVERecord?id=CVE-2023-1118
Fixed in 5.15.100:
https://www.cve.org/CVERecord?id=CVE-2023-23004
https://www.cve.org/CVERecord?id=CVE-2023-1829
Fixed in 5.15.104:
https://www.cve.org/CVERecord?id=CVE-2023-30456
https://www.cve.org/CVERecord?id=CVE-2023-2235
https://www.cve.org/CVERecord?id=CVE-2023-1855
https://www.cve.org/CVERecord?id=CVE-2023-1990
Fixed in 5.15.105:
https://www.cve.org/CVERecord?id=CVE-2023-2483
https://www.cve.org/CVERecord?id=CVE-2023-30772
https://www.cve.org/CVERecord?id=CVE-2023-33203
https://www.cve.org/CVERecord?id=CVE-2023-33288
https://www.cve.org/CVERecord?id=CVE-2022-4379
https://www.cve.org/CVERecord?id=CVE-2023-1670
https://www.cve.org/CVERecord?id=CVE-2022-4269
https://www.cve.org/CVERecord?id=CVE-2023-1989
https://www.cve.org/CVERecord?id=CVE-2023-28466
https://www.cve.org/CVERecord?id=CVE-2023-2194
Fixed in 5.15.106:
https://www.cve.org/CVERecord?id=CVE-2023-1611
Fixed in 5.15.108:
https://www.cve.org/CVERecord?id=CVE-2023-1859
Fixed in 5.15.109:
https://www.cve.org/CVERecord?id=CVE-2023-2156
https://www.cve.org/CVERecord?id=CVE-2023-31436
https://www.cve.org/CVERecord?id=CVE-2023-2248
Fixed in 5.15.110:
https://www.cve.org/CVERecord?id=CVE-2023-1380
https://www.cve.org/CVERecord?id=CVE-2023-2002
Fixed in 5.15.111:
https://www.cve.org/CVERecord?id=CVE-2023-32233
https://www.cve.org/CVERecord?id=CVE-2023-2269
Fixed in 5.15.112:
https://www.cve.org/CVERecord?id=CVE-2023-34256
Fixed in 5.15.113:
https://www.cve.org/CVERecord?id=CVE-2022-48425
(* Security fix *)
testing/packages/bind-9.18.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Exceeding the recursive-clients quota may cause named to terminate
unexpectedly when stale-answer-client-timeout is set to 0.
For more information, see:
https://kb.isc.org/docs/cve-2023-2911
https://www.cve.org/CVERecord?id=CVE-2023-2911
(* Security fix *)
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Thu Jun 22 19:07:50 UTC 2023
patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz: Upgraded.
Fixed use-after-free when logging warnings in case of failures
in cupsdAcceptClient().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-34241
(* Security fix *)
Sat Jun 24 00:16:22 UTC 2023
patches/packages/linux-5.15.117/*: Upgraded.
We're going to back up one version to avoid an amdgpu regression in 5.15.118.
If you're already using 5.15.118 without issues, feel free to stick with it.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
Sat Jun 24 00:16:22 UTC 2023
patches/packages/linux-5.15.117/*: Upgraded.
We're going to back up one version to avoid an amdgpu regression in 5.15.118.
If you're already using 5.15.118 without issues, feel free to stick with it.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
3 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 1 rebuilt
Code:
Mon Jun 26 19:44:44 UTC 2023
patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz: Rebuilt.
This update fixes a bug and adds a new feature:
Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
Expand the help text for DHCP_IPADDR in rc.inet1.conf.
Add support for a DHCP_OPTS parameter.
Thanks to ljb643 and Darren 'Tadgy' Austin.
patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded.
This fixes a rare divide-by-zero bug that could cause vim to crash. In an
interactive program such as vim, I can't really see this qualifying as a
security issue, but since it was brought up as such on LQ we'll just go
along with it this time. :)
Thanks to marav for the heads-up.
(* Security fix *)
patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded.
2 updates (x86_64). Including a (* Security fix *)! : 1 upgraded, 1 rebuilt
Code:
Wed Jul 12 20:41:16 UTC 2023
patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz: Rebuilt.
Fix potential uninitialized pointer free in kadm5 XDR parsing.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-36054
(* Security fix *)
patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Wed Jul 19 20:36:46 UTC 2023
patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
Fri Jul 21 19:35:45 UTC 2023
patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
