SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Not so sure. Average users depend on Pat's reactivity and for more advanced or concerned users, there're mailing lists and so on...
This is not necessarily only for users, advanced or not
The main goal, here, is to post what people found elsewhere (nist.gov, gentoo, arch, ...) and give visibility for everyone, Mr. Volkerding icluded
This may or may not be useful, but it has the merit to exist.
If you look at the changelog, there are many patches that have been applied thanks to user reports.
Yes indeed. I just believe our BDFL does not rely on sticky posts and subscribe to the most relevent threads.
I like the less for the number of sticky posts and subscribe to (too) much more threads.
Yes indeed. I just believe our BDFL does not rely on sticky posts and subscribe to the most relevent threads.
I like the less for the number of sticky posts and subscribe to (too) much more threads.
5 sticky threads is not that much (if we remove, in my POV, the useless one ...)
Well it certainly seems that someone is finding this thread useful:
Code:
patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes memory corruption when deflating (i.e., when compressing)
if the input has many distant matches. Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
(* Security fix *)
As previously stated by the OP, the thread is not expressly for the benefit of end-users; but rather, a place slackers can report vulnerabilities spotted in the wild.
I think it's a valuable thread and agree that it ought to be pinned. Thanks to you marav.
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the
TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched
remotely but requires user interaction.
The exploit has been disclosed to the public and may be used.
xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
Code:
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.
xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
This patch works for all of them.
This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
