blender-3.0.1-x86_64-1_ap.txz: Upgraded.
ap/sqlite-3.53.2-x86_64-1.txz: Upgraded.
l/QScintilla-2.14.1-x86_64-5.txz: Removed.
Nothing in Slackware still uses this, so let's just drop it.
l/cairomm1-1.19.1-x86_64-1.txz: Upgraded.
n/dnsmasq-2.93-x86_64-1.txz: Upgraded.
Rework storage allocation for domain names. This fixes a security bug that
can cause heap-overwrite with long domain names.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-2291
(* Security fix *)
x/libinput-1.31.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
libinput-device-group unescaped phys output can inject udev properties
leading to arbitrary root code execution.
Note that since /dev/uinput and /dev/uhid are only accessible by root on
Slackware (and unlike some other distributions we make no exceptions), we
were not vulnerable to this flaw.
(* Security fix *)
testing/packages/php-8.5.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.5.7
a/bash-5.3.012-x86_64-1.txz: Upgraded.
a/elogind-255.27-x86_64-1.txz: Upgraded.
a/hwdata-0.408-noarch-1.txz: Upgraded.
d/llvm-22.1.7-x86_64-1.txz: Upgraded.
l/abseil-cpp-20260526.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/fast_float-8.2.6-x86_64-1.txz: Upgraded.
l/graphite2-1.3.15-x86_64-2.txz: Rebuilt.
This is the first case I've observed where cmake installs an .la file.
Get rid of it.
Thanks to jtsn.
l/harfbuzz-14.2.1-x86_64-1.txz: Upgraded.
l/libclc-22.1.7-x86_64-1.txz: Upgraded.
l/ocl-icd-2.3.5-x86_64-1.txz: Upgraded.
l/protobuf-35.0-x86_64-2.txz: Rebuilt.
Recompiled against abseil-cpp-20260526.0.
l/python-hatchling-1.30.1-x86_64-1.txz: Upgraded.
l/python-idna-3.18-x86_64-1.txz: Upgraded.
l/python-snowballstemmer-3.1.1-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2026.6.1.19-x86_64-1.txz: Upgraded.
l/qt6-6.11.1_20260508_bfde7b89-x86_64-1.txz: Upgraded.
Thanks to alienBOB for the 32-bit fixes!
Compiled against abseil-cpp-20260526.0.
n/httpd-2.4.67-x86_64-2.txz: Rebuilt.
This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
attack against HTTP/2.
For more information, see:
https://seclists.org/oss-sec/2026/q2/790
https://www.cve.org/CVERecord?id=CVE-2026-49975
(* Security fix *)
n/mosh-1.4.0-x86_64-21.txz: Rebuilt.
Recompiled against abseil-cpp-20260526.0.
n/net-tools-20181103_0eebece-x86_64-4.txz: Rebuilt.
This update fixes a security issue:
interface.c: Stack-based Buffer Overflow in get_name().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-46836
(* Security fix *)
n/proftpd-1.3.9b-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Additional fixes for SQL injection, notably for handling `%{env:...}`
and `%{note:...}` variables.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-42167
(* Security fix *)
x/fontconfig-2.18.1-x86_64-1.txz: Upgraded.
x/intel-media-driver-26.2.1-x86_64-1.txz: Upgraded.
x/mesa-26.1.2-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.23-x86_64-1.txz: Upgraded.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
x/xorg-server-xephyr-21.1.23-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.23-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.23-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-24.1.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
extra/tigervnc/tigervnc-1.16.2-x86_64-3.txz: Rebuilt.
Patched with fixes for the following xorg-server security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
a/kernel-firmware-20260529_d953ad8-noarch-1.txz: Upgraded.
a/kernel-generic-6.18.34-x86_64-1.txz: Upgraded.
crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
ap/alsa-utils-1.2.16-x86_64-1.txz: Upgraded.
ap/zsh-5.9.1-x86_64-1.txz: Upgraded.
d/cargo-c-0.10.23-x86_64-1.txz: Upgraded.
d/kernel-headers-6.18.34-x86-1.txz: Upgraded.
k/kernel-source-6.18.34-noarch-1.txz: Upgraded.
kde/kstars-3.8.3-x86_64-1.txz: Upgraded.
kde/libindi-2.2.2-x86_64-1.txz: Upgraded.
l/QScintilla-2.14.1-x86_64-5.txz: Rebuilt.
Shared library .so-version bump.
Recompiled against qt6.
l/alsa-lib-1.2.16-x86_64-1.txz: Upgraded.
l/graphite2-1.3.15-x86_64-1.txz: Upgraded.
l/librsvg-2.62.3-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-22.1.3-x86_64-1.txz: Upgraded.
x/noto-fonts-ttf-2026.06.01-noarch-1.txz: Upgraded.
xap/audacious-4.6-x86_64-1.txz: Upgraded.
xap/audacious-plugins-4.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.11-x86_64-1.txz: Upgraded.
rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
This improves the fix for CVE-2026-43500.
crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
testing/packages/linux-7.0.x/kernel-headers-7.0.11-x86-1.txz: Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.11-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/sqlite-3.53.2-aarch64-1.txz: Upgraded.
l/QScintilla-2.14.1-aarch64-5.txz: Removed.
Nothing in Slackware still uses this, so let's just drop it.
l/cairomm1-1.19.1-aarch64-1.txz: Upgraded.
n/dnsmasq-2.93-aarch64-1.txz: Upgraded.
Rework storage allocation for domain names. This fixes a security bug that
can cause heap-overwrite with long domain names.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-2291
(* Security fix *)
x/libinput-1.31.3-aarch64-1.txz: Upgraded.
This update fixes a security issue:
libinput-device-group unescaped phys output can inject udev properties
leading to arbitrary root code execution.
Note that since /dev/uinput and /dev/uhid are only accessible by root on
Slackware (and unlike some other distributions we make no exceptions), we
were not vulnerable to this flaw.
(* Security fix *)
a/bash-5.3.012-aarch64-1.txz: Upgraded.
a/elogind-255.27-aarch64-1.txz: Upgraded.
a/hwdata-0.408-aarch64-1.txz: Upgraded.
d/llvm-22.1.7-aarch64-1.txz: Upgraded.
l/abseil-cpp-20260526.0-aarch64-1.txz: Upgraded.
Shared library .so-version bump.
l/fast_float-8.2.6-aarch64-1.txz: Upgraded.
l/graphite2-1.3.15-aarch64-2.txz: Rebuilt.
Removed .la files from the package.
Thanks to jtsn.
l/harfbuzz-14.2.1-aarch64-1.txz: Upgraded.
l/libclc-22.1.7-aarch64-1.txz: Upgraded.
l/ocl-icd-2.3.5-aarch64-1.txz: Upgraded.
l/protobuf-35.0-aarch64-2.txz: Rebuilt.
Recompiled against abseil-cpp-20260526.0.
l/python-hatchling-1.30.1-aarch64-1.txz: Upgraded.
l/python-idna-3.18-aarch64-1.txz: Upgraded.
l/python-snowballstemmer-3.1.1-aarch64-1.txz: Upgraded.
l/python-trove-classifiers-2026.6.1.19-aarch64-1.txz: Upgraded.
l/qt6-6.11.1_20260508_bfde7b89-aarch64-1.txz: Upgraded.
Thanks to alienBOB for the 32-bit fixes!
Compiled against abseil-cpp-20260526.0.
n/httpd-2.4.67-aarch64-2.txz: Rebuilt.
This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
attack against HTTP/2.
For more information, see:
https://seclists.org/oss-sec/2026/q2/790
https://www.cve.org/CVERecord?id=CVE-2026-49975
(* Security fix *)
n/mosh-1.4.0-aarch64-20.txz: Rebuilt.
Recompiled against abseil-cpp-20260526.0.
n/net-tools-20181103_0eebece-aarch64-3.txz: Rebuilt.
This update fixes a security issue:
interface.c: Stack-based Buffer Overflow in get_name().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-46836
(* Security fix *)
n/proftpd-1.3.9b-aarch64-1.txz: Upgraded.
This update fixes a security issue:
Additional fixes for SQL injection, notably for handling `%{env:...}`
and `%{note:...}` variables.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-42167
(* Security fix *)
x/fontconfig-2.18.1-aarch64-1.txz: Upgraded.
x/mesa-26.1.2-aarch64-1.txz: Upgraded.
x/xorg-server-21.1.23-aarch64-1.txz: Upgraded.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
x/xorg-server-xephyr-21.1.23-aarch64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.23-aarch64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.23-aarch64-1.txz: Upgraded.
x/xorg-server-xwayland-24.1.12-aarch64-1.txz: Upgraded.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
extra/tigervnc/tigervnc-1.16.2-aarch64-3.txz: Rebuilt.
Patched with fixes for the following xorg-server security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
a/kernel-firmware-20260529_d953ad8-noarch-1.txz: Upgraded.
a/kernel_armv8-6.18.34-aarch64-1.txz: Upgraded.
/boot/initrd/[load_kernel_modules.scr/platform/aarch64/snapdragon]
Added additional power-related modules.
Kernel config changes:
PHY_QCOM_QMP_PCIE=m -> y
Thanks to Brent Earl.
Security fix: crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length
checks
ap/alsa-utils-1.2.16-aarch64-1.txz: Upgraded.
ap/zsh-5.9.1-aarch64-1.txz: Upgraded.
d/cargo-c-0.10.23-aarch64-1.txz: Upgraded.
d/kernel-headers-6.18.34-aarch64-1.txz: Upgraded.
k/kernel-source-6.18.34-aarch64-1.txz: Upgraded.
kde/kstars-3.8.3-aarch64-1.txz: Upgraded.
kde/libindi-2.2.2-aarch64-1.txz: Upgraded.
l/PyQt-builder-1.19.1-aarch64-2.txz: Rebuilt.
l/PyQt6-6.11.0-aarch64-1.txz: Upgraded.
l/PyQt6_sip-13.11.1-aarch64-2.txz: Rebuilt.
l/QScintilla-2.14.1-aarch64-5.txz: Rebuilt.
Shared library .so-version bump.
Recompiled against qt6.
l/alsa-lib-1.2.16-aarch64-1.txz: Upgraded.
l/graphite2-1.3.15-aarch64-1.txz: Upgraded.
l/librsvg-2.62.3-aarch64-1.txz: Upgraded.
l/spirv-llvm-translator-22.1.3-aarch64-1.txz: Upgraded.
x/noto-fonts-ttf-2026.06.01-noarch-1.txz: Upgraded.
xap/audacious-4.6-aarch64-1.txz: Upgraded.
xap/audacious-plugins-4.6-aarch64-1.txz: Upgraded.
installer/*: Rebuilt.
kernels/*: Upgraded.
patches/packages/dnsmasq-2.93-x86_64-1_slack15.0.txz: Upgraded.
Rework storage allocation for domain names. This fixes a security bug that
can cause heap-overwrite with long domain names.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-2291
(* Security fix *)
patches/packages/libinput-1.31.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
libinput-device-group unescaped phys output can inject udev properties
leading to arbitrary root code execution.
Note that since /dev/uinput and /dev/uhid are only accessible by root on
Slackware (and unlike some other distributions we make no exceptions), we
were not vulnerable to this flaw.
(* Security fix *)
patches/packages/meson-1.11.1-x86_64-1_slack15.0.txz: Upgraded.
This is needed to compile libinput-1.31.3.
extra/tigervnc/tigervnc-1.16.2-x86_64-3_slack15.0.txz: Rebuilt.
Patched with fixes for the following xorg-server security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/httpd-2.4.67-x86_64-2_slack15.0.txz: Rebuilt.
This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
attack against HTTP/2.
For more information, see:
https://seclists.org/oss-sec/2026/q2/790
https://www.cve.org/CVERecord?id=CVE-2026-49975
(* Security fix *)
patches/packages/net-tools-20181103_0eebece-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes a security issue:
interface.c: Stack-based Buffer Overflow in get_name().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-46836
(* Security fix *)
patches/packages/proftpd-1.3.9b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Additional fixes for SQL injection, notably for handling `%{env:...}`
and `%{note:...}` variables.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-42167
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-20_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
testing/packages/openrsync-20250126_a257c0f-x86_64-1_slack15.0.txz: Added.
patches/packages/linux-5.15.209/kernel-generic-5.15.209-x86_64-1.txz: Upgraded.
This update fixes security issues:
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
rxrpc: Fix anonymous key handling
rxrpc: only handle RESPONSE during service challenge
rxrpc: Fix recvmsg() unconditional requeue
rxrpc: reject undecryptable rxkad response tickets
rxrpc: Fix call removal to use RCU safe deletion
rxrpc: Fix key quota calculation for multitoken keys
rxrpc: proc: size address buffers for %pISpc output
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-31696
https://www.cve.org/CVERecord?id=CVE-2026-31676
https://www.cve.org/CVERecord?id=CVE-2026-23066
https://www.cve.org/CVERecord?id=CVE-2026-31637
https://www.cve.org/CVERecord?id=CVE-2026-31642
https://www.cve.org/CVERecord?id=CVE-2026-31630
(* Security fix *)
patches/packages/linux-5.15.209/kernel-headers-5.15.209-x86-1.txz: Upgraded.
patches/packages/linux-5.15.209/kernel-huge-5.15.209-x86_64-1.txz: Upgraded.
This update fixes security issues:
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
rxrpc: Fix anonymous key handling
rxrpc: only handle RESPONSE during service challenge
rxrpc: Fix recvmsg() unconditional requeue
rxrpc: reject undecryptable rxkad response tickets
rxrpc: Fix call removal to use RCU safe deletion
rxrpc: Fix key quota calculation for multitoken keys
rxrpc: proc: size address buffers for %pISpc output
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-31696
https://www.cve.org/CVERecord?id=CVE-2026-31676
https://www.cve.org/CVERecord?id=CVE-2026-23066
https://www.cve.org/CVERecord?id=CVE-2026-31637
https://www.cve.org/CVERecord?id=CVE-2026-31642
https://www.cve.org/CVERecord?id=CVE-2026-31630
(* Security fix *)
patches/packages/linux-5.15.209/kernel-modules-5.15.209-x86_64-1.txz: Upgraded.
patches/packages/linux-5.15.209/kernel-source-5.15.209-noarch-1.txz: Upgraded.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
patches/packages/dnsmasq-2.93-arm-1_slack15.0.txz: Upgraded.
Rework storage allocation for domain names. This fixes a security bug that
can cause heap-overwrite with long domain names.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-2291
(* Security fix *)
patches/packages/libinput-1.31.3-arm-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
libinput-device-group unescaped phys output can inject udev properties
leading to arbitrary root code execution.
Note that since /dev/uinput and /dev/uhid are only accessible by root on
Slackware (and unlike some other distributions we make no exceptions), we
were not vulnerable to this flaw.
(* Security fix *)
patches/packages/meson-1.11.1-arm-1_slack15.0.txz: Upgraded.
This is needed to compile libinput-1.31.3.
extra/tigervnc/tigervnc-1.16.2-arm-3_slack15.0.txz: Rebuilt.
Patched with fixes for the following xorg-server security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/httpd-2.4.67-arm-2_slack15.0.txz: Rebuilt.
This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
attack against HTTP/2.
For more information, see:
https://seclists.org/oss-sec/2026/q2/790
https://www.cve.org/CVERecord?id=CVE-2026-49975
(* Security fix *)
patches/packages/net-tools-20181103_0eebece-arm-3_slack15.0.txz: Rebuilt.
This update fixes a security issue:
interface.c: Stack-based Buffer Overflow in get_name().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-46836
(* Security fix *)
patches/packages/proftpd-1.3.9b-arm-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Additional fixes for SQL injection, notably for handling `%{env:...}`
and `%{note:...}` variables.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-42167
(* Security fix *)
patches/packages/xorg-server-1.20.14-arm-20_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-arm-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-arm-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-arm-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-arm-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/linux-5.15.209/*: Upgraded.
This update fixes security issues:
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
rxrpc: Fix anonymous key handling
rxrpc: only handle RESPONSE during service challenge
rxrpc: Fix recvmsg() unconditional requeue
rxrpc: reject undecryptable rxkad response tickets
rxrpc: Fix call removal to use RCU safe deletion
rxrpc: Fix key quota calculation for multitoken keys
rxrpc: proc: size address buffers for %pISpc output
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-31696
https://www.cve.org/CVERecord?id=CVE-2026-31676
https://www.cve.org/CVERecord?id=CVE-2026-23066
https://www.cve.org/CVERecord?id=CVE-2026-31637
https://www.cve.org/CVERecord?id=CVE-2026-31642
https://www.cve.org/CVERecord?id=CVE-2026-31630
(* Security fix *)
24/02/2022: Aggiornato HowTo Automatizzare l'aggiornamento di Slackware
15/12/2015: Aggiornato HowTo automatizzare la compilazione del kernel
15/12/2015: Aggiornato HowTo Automatizzare l'aggiornamento di Slackware current
24/11/2015: Aggiornato HowTo automatizzare la compilazione del kernel
22/11/2015: Aggiornato HowTo Automatizzare l'aggiornamento di Slackware current
07/11/2015: Aggiornato HowTo automatizzare la compilazione del kernel
05/11/2015: Nuovo HowTo Automatizzare l'aggiornamento di Slackware current
30/10/2015: Aggiornato HowTo Automatizzare la prima configurazione di Slackware
26/05/2015: Aggiornato HowTo mini Slackware su pendrive
07/05/2015: Aggiornato HowTo automatizzare la compilazione del kernel
13/04/2015: Aggiornato HowTo automatizzare la compilazione del kernel
02/04/2015: Aggiornato HowTo automatizzare la compilazione del kernel
Questo script provvede ad aggiornare Slackware o Slackware64 all'ultima current in maniera del tutto autonoma, dalla ricerca di aggiornamenti all'aggiornamento del bootloader.
Scarica la lista dei pacchetti e la confronta con quelli installati, dopodiché controlla se i nuovi pacchetti sono presenti in un eventuale DVD già montato altrimenti li scarica da internet.
Lo script può gestire anche un sistema multilib, infatti se...
Uno script da eseguire al primo avvio di Slackware.
Mi capita spesso di fare nuove installazioni di Slackware e di ripetere sempre le stesse operazioni atte ad una prima configurazione di base, come ad esempio l'italianizzazione o l'impostazione della corretta risoluzione framebuffer.
Per cui ho deciso di raggruppare tutte queste operazioni di base, che possono...
Ecco che la bash ci viene in aiuto anche per realizzare un semplice sistema di video sorveglianza molto economico.
Questo script scatta una foto dalla webcam impostata nella variabile DEV con mplayer, ne fa una copia con la data corrente come nome del file per conservare una copia di tutte le foto scattate e per sapere a prima vista a quando risalgono. Dopodiché carica entrambe le copie della foto sul server ftp...
Spesso i produttori di hardware ottengono costi di produzione più bassi utilizzando componenti con capacità superiori in dispositivi non progettati per sfruttarle piuttosto che utilizzando componenti su misura, questo è anche il caso del mio mouse Logitech RX1000.
Aprendo il mouse e guardando le piste stampate sul retro della scheda si nota che il controller ha un pin inutilizzato, quindi leggendo il codice (CY7C63813) sul chip e trovandone il...
Compilare il kernel Linux non è certamente cosa difficile, ma chi è alle prime armi spesso è spaventato da questa procedura e anche per chi è pratico a volte diventa scocciante aggiornare ad ogni release.
Dunque ho scritto questo script bash che automatizza la procedura: rileva quanti core ha il proprio processore per decidere in quanti processi paralleli eseguire la compilazione in modo da ottimizzarne i tempi, poi controlla se la versione scelta...
Condividi sui tuoi social preferiti!
Telegram Facebook Linkedin Twitter Pinterest