[slackware-security] netatalk (SSA:2024-253-01)
New netatalk packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/netatalk-3.2.8-i586-1_slack15.0.txz: Upgraded.
Bump bundled WolfSSL library to stable version 5.7.2, GitHub #1433.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-1544
https://www.cve.org/CVERecord?id=CVE-2024-5288
https://www.cve.org/CVERecord?id=CVE-2024-5991
https://www.cve.org/CVERecord?id=CVE-2024-5814
(* Security fix *)
+--------------------------+
[slackware-security] python3 (SSA:2024-252-01)
New python3 packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/python3-3.9.20-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Bundled libexpat was updated to 2.6.3.
Fix quadratic complexity in parsing "-quoted cookie values with backslashes
by http.cookies.
Fixed various false positives and false negatives in IPv4Address.is_private,
IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
path starting with multiple slashes and no authority.
Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
GNU sparse headers.
email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
2-tuples in more situations where invalid email addresses are encountered
instead of potentially inaccurate values. Add optional strict parameter to
these two functions: use strict=False to get the old behavior, accept
malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
be used to check if the strict paramater is available.
Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
breaking contents using legitimate characters.
Email headers with embedded newlines are now quoted on output. The generator
will now refuse to serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers.
For more information, see:
https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html
https://www.cve.org/CVERecord?id=CVE-2024-28757
https://www.cve.org/CVERecord?id=CVE-2024-45490
https://www.cve.org/CVERecord?id=CVE-2024-45491
https://www.cve.org/CVERecord?id=CVE-2024-45492
https://www.cve.org/CVERecord?id=CVE-2024-7592
https://www.cve.org/CVERecord?id=CVE-2024-4032
https://www.cve.org/CVERecord?id=CVE-2015-2104
https://www.cve.org/CVERecord?id=CVE-2024-6232
https://www.cve.org/CVERecord?id=CVE-2023-27043
https://www.cve.org/CVERecord?id=CVE-2024-8088
https://www.cve.org/CVERecord?id=CVE-2024-6923
(* Security fix *)
+--------------------------+
What's new in this release:
Window surface scaling on High DPI displays.
Bundled vkd3d upgraded to version 1.13.
Mono engine updated to version 9.3.0
Improved CPU detection on ARM64.
Various bug fixes (29).
Mer info via länken ovan...
[slackware-security] mozilla-thunderbird (SSA:2024-249-01)
New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-115.15.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.15.0esr/releasenotes/
(* Security fix *)
+--------------------------+
OBS! Det finns flera tidigare säkerhetsuppdateringar postade denna vecka.
Du finner information i ChangeLog (menyn ovan) för respektive version...
15.0 32-bit/64-bit & current 32-bit/64-bit
[slackware-security] expat (SSA:2024-248-01)
New expat packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/expat-2.6.3-i586-1_slack15.0.txz: Upgraded.
This update addresses security issues with impact ranging from denial of
service to potentially artitrary code execution.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-45490
https://www.cve.org/CVERecord?id=CVE-2024-45491
https://www.cve.org/CVERecord?id=CVE-2024-45492
(* Security fix *)
+--------------------------+
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering