CVE-2018-5786
https://nvd.nist.gov/vuln/detail/CVE-2018-5786 Code:
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang Patch: https://github.com/ckolivas/lrzip/co...41ed95fb.patch |
gnutls 3.7.5
https://gitlab.com/gnutls/gnutls/-/issues/1367 Code:
Fix out-of-bounds memcpy in gnutls_realloc_zero() https://gitlab.com/gnutls/gnutls/-/m...sts/1592.patch |
seamonkey-2.53.12
https://wiki.linuxfromscratch.org/blfs/ticket/16567 to fix CVE-2022-1802 and CVE-2022-1529: Code:
Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org> |
I started a new github project to take into account what marav mainly discovered:
Follow link: https://github.com/nobodino/slackware-secutity-patches |
CVE-2022-32278
Code:
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop Patch: https://gitlab.xfce.org/xfce/exo/-/c...460d4ef796de9f |
Should there be a sense of urgency about these problems?
Quote:
Quote:
|
Quote:
https://git.kernel.org/pub/scm/linux...h=linux-5.18.y |
Quote:
Thanks cwizardone and marav, And similar updates were also back-ported to 5.15.y: https://git.kernel.org/pub/scm/linux...h=linux-5.15.y Maybe time for a new Kernel in Slackware 15.0 too ... -- kjh |
All --
As expected, 5.15.48 includes a new mitigation for the mmio_stale_data CPU Bug. Below are the diffs in Spectre / Meltdown Vulnerabilities and Mitigations between Kernel Versions 5.15.47 and 5.15.48 -- kjh p.s. if anyone wants it, I can post my do-get-spectre-meltdown.sh script Code:
# diff -Naur vuln-5.15.47.kjh.txt vuln-5.15.48.kjh.txt |
Is Slackware affected by this, https://www.linuxquestions.org/quest...os-4175714064/
BTW, this thread should a "sticky," IMHO. :) |
Quote:
Code:
+--------------------------+ |
Quote:
See sooner in this thread : https://www.linuxquestions.org/quest...8/#post6337175 I might add that when the CVE is adressed, there's less use... |
GnuPG : CVE-2022-34903
Code:
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key The full story: https://seclists.org/oss-sec/2022/q2/216 Patch, see: https://bugs.archlinux.org/task/75229 |
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
CVSS: 6.8, impacted versions: from 2.2 to 2.3.19.1 |
Quote:
And a patched version has already been released. The tarball, https://www.x.org/archive/individual...-21.1.4.tar.xz |
All times are GMT -5. The time now is 09:12 PM. |