OBS! Läs changelog för respektive 15.0 och current för full information!!
1.
[slackware-security] cups-filters/cups-browsed (SSA:2024-275-01)
New cups-filters (Slackware 15.0) and cups-browsed (Slackware -current)
packages are available to fix a security issue.
2.
[slackware-security] mozilla-firefox (SSA:2024-275-02)
New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix security issues.
3.
[slackware-security] rpath security issues (SSA:2024-275-03)
Several packages have been updated for Slackware 15.0 and -current to fix
rpath security issues.
[slackware-security] boost (SSA:2024-270-01)
New boost packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/boost-1.78.0-i586-3_slack15.0.txz: Rebuilt.
Get rid of hardcoded temporary paths in the cmake files.
Since these paths point to a location that an unprivileged user could
create and populate with files that could be picked up during a build,
it's possible this bug could be used for malicious purposes.
Thanks to jmacloue.
(* Security fix *)
+--------------------------+
Nytt i denna version:
New Media Foundation backend using FFMpeg.
Initial support for network sessions in DirectPlay.
New Desktop Control Panel applet.
Various bug fixes (18).
Mer info via länken ovan...
[slackware-security] netatalk (SSA:2024-253-01)
New netatalk packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/netatalk-3.2.8-i586-1_slack15.0.txz: Upgraded.
Bump bundled WolfSSL library to stable version 5.7.2, GitHub #1433.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-1544
https://www.cve.org/CVERecord?id=CVE-2024-5288
https://www.cve.org/CVERecord?id=CVE-2024-5991
https://www.cve.org/CVERecord?id=CVE-2024-5814
(* Security fix *)
+--------------------------+
[slackware-security] python3 (SSA:2024-252-01)
New python3 packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/python3-3.9.20-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Bundled libexpat was updated to 2.6.3.
Fix quadratic complexity in parsing "-quoted cookie values with backslashes
by http.cookies.
Fixed various false positives and false negatives in IPv4Address.is_private,
IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
path starting with multiple slashes and no authority.
Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
GNU sparse headers.
email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
2-tuples in more situations where invalid email addresses are encountered
instead of potentially inaccurate values. Add optional strict parameter to
these two functions: use strict=False to get the old behavior, accept
malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
be used to check if the strict paramater is available.
Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
breaking contents using legitimate characters.
Email headers with embedded newlines are now quoted on output. The generator
will now refuse to serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers.
For more information, see:
https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html
https://www.cve.org/CVERecord?id=CVE-2024-28757
https://www.cve.org/CVERecord?id=CVE-2024-45490
https://www.cve.org/CVERecord?id=CVE-2024-45491
https://www.cve.org/CVERecord?id=CVE-2024-45492
https://www.cve.org/CVERecord?id=CVE-2024-7592
https://www.cve.org/CVERecord?id=CVE-2024-4032
https://www.cve.org/CVERecord?id=CVE-2015-2104
https://www.cve.org/CVERecord?id=CVE-2024-6232
https://www.cve.org/CVERecord?id=CVE-2023-27043
https://www.cve.org/CVERecord?id=CVE-2024-8088
https://www.cve.org/CVERecord?id=CVE-2024-6923
(* Security fix *)
+--------------------------+
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering