SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thu Apr 25 17:58:17 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz: Rebuilt.
Patched an out-of-bound error in the rar e8 filter that could allow for
the execution of arbitrary code.
Thanks to gmgf for the heads-up.
For more information, see:
https://github.com/advisories/GHSA-2jc9-36w4-pmqw
https://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
Thu May 9 19:26:51 UTC 2024
patches/packages/sg3_utils-1.47-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release to fix a regression in rescan-scsi-bus.sh that
causes all SCSI devices to be removed from the system when the '-r'
option is used. Thanks to jwoithe for the link to the upstream patch.
Sun May 12 19:10:12 UTC 2024
patches/packages/whois-5.5.23-x86_64-1_slack15.0.txz: Upgraded.
Updated the .sc, .********* (.xn--yfro4i67o, Singapore)
and .********************************* (.xn--clchc0ea0b2g2a9gcd, Singapore)
TLD servers.
Rather, for Slackware users reading Chinese and/or Tamil as UTF-8 is good for them (actually, for every one I think):
Update the .新加坡 (.xn--yfro4i67o, Singapore) TLD server
Update the .சிங்கப்பூர் (.xn--clchc0ea0b2g2a9gcd, Singapore) TLD server
Last edited by Didier Spaier; 05-12-2024 at 04:12 PM.
Thu May 16 02:31:40 UTC 2024
patches/packages/gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
patches/packages/git-2.39.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002
https://www.cve.org/CVERecord?id=CVE-2024-32004
https://www.cve.org/CVERecord?id=CVE-2024-32020
https://www.cve.org/CVERecord?id=CVE-2024-32021
https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
patches/packages/popa3d-1.0.3-x86_64-7_slack15.0.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
Mon May 20 18:42:49 UTC 2024
patches/packages/mariadb-10.5.25-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Difficult to exploit vulnerability allows unauthenticated attacker with
logon to the infrastructure where MariaDB Server executes to compromise the
server. This could result in unauthorized update, insert or delete access
to some of the data as well as unauthorized read access to a subset of the
data and unauthorized ability to cause a partial denial of service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-21096
(* Security fix *)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.