https://www.sya54m.eu Latest 20 entries in the Slackwarearm-15.0 ChangeLog https://www.sya54m.eu/immagini/s256.png https://www.sya54m.eu en Sun, 12 Apr 2026 10:08:08 +0200 Mon, 13 Apr 2026 19:30:09 +0200 www.sya54m.eu https://www.sya54m.eu Sun, 12 Apr 2026 10:08:08 +0200 1775981288 patches/packages/openssl-1.1.1zg-arm-1_slack15.0.txz:  Upgraded.
  Apply patch to fix the following security issues:
  Potential Use-after-free in DANE Client Code.
  NULL Pointer Dereference When Processing a Delta CRL.
  Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo.
  Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo.
  These CVEs were fixed by the 1.1.1zg release that is only available to
  subscribers to OpenSSL's premium extended support. The patch was prepared
  by backporting from the OpenSSL-3.0 repo.
  Thanks to Ken Zalewski for the patch!
  For more information, see:
    https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
    https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
    https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
    https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
    https://www.cve.org/CVERecord?id=CVE-2026-28387
    https://www.cve.org/CVERecord?id=CVE-2026-28388
    https://www.cve.org/CVERecord?id=CVE-2026-28389
    https://www.cve.org/CVERecord?id=CVE-2026-28390
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1zg-arm-1_slack15.0.txz:  Upgraded.
]]> https://www.sya54m.eu Fri, 10 Apr 2026 10:08:08 +0200 1775808488 patches/packages/libpng-1.6.57-arm-1_slack15.0.txz:  Upgraded.
  Fixed a medium severity security issue:
  Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST`
  leading to corrupted chunk data and potential heap information disclosure.
  Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`,
  `png_set_unknown_chunks`) against a theoretical variant of the same
  aliasing pattern.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-34757
  (* Security fix *)
]]> https://www.sya54m.eu Sat, 04 Apr 2026 10:08:08 +0200 1775290088 patches/packages/infozip-6.0-arm-6_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Improper handling of Unicode strings can lead to a null pointer dereference.
  The conversion of a wide string to a local string leads to an of out-of-bounds
  write.
  Thanks to pbslxw for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4217
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0529
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0530
  (* Security fix *)
]]> https://www.sya54m.eu Wed, 01 Apr 2026 10:08:08 +0200 1775030888 patches/packages/xz-5.2.13-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fix a buffer overflow in lzma_index_append().
  Fix invalid memory access in --files and --files0.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34743
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 27 Mar 2026 09:08:08 +0100 1774598888 extra/tigervnc/tigervnc-1.16.2-arm-1_slack15.0.txz:  Upgraded.
  Fixed missing security fixes in the 1.16.1 release.
  (* Security fix *)
patches/packages/libpng-1.6.56-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE.
  Out-of-bounds read/write in the palette expansion on ARM Neon.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-33416
    https://www.cve.org/CVERecord?id=CVE-2026-33636
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 26 Mar 2026 09:08:08 +0100 1774512488 If you appreciate what we're doing with Slackware Linux on ARM, please consider
making a donation to support us. Your contribution helps maintain essential
hardware, cover electricity costs, and keep this longstanding open-source
project thriving.

You'll find the ways you can help here:
   https://arm.slackware.com/sponsor/

Thanks for all of your support!

extra/tigervnc/tigervnc-1.16.1-arm-1_slack15.0.txz:  Upgraded.
  The bug fix release TigerVNC 1.16.1 is now available. This release is
  primarily a security release to fix an issue in x0vncserver, where other
  users can observe and manipulate the screen contents. Users of
  x0vncserver are advised to update immediately.
  The release also contains a fix for using the Plain security type with
  the new w0vncserver, as well as some translation updates.
  (* Security fix *)
patches/packages/bind-9.18.47-arm-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix unbounded NSEC3 iterations when validating referrals to unsigned
  delegations.
  For more information, see:
    https://kb.isc.org/docs/cve-2026-1519
    https://www.cve.org/CVERecord?id=CVE-2026-1519
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 19 Mar 2026 09:08:08 +0100 1773907688 patches/packages/expat-2.7.5-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fix NULL function pointer dereference for empty external parameter entities;
  it takes use of both functions XML_ExternalEntityParserCreate and
  XML_SetParamEntityParsing for an application to be vulnerable.
  Protect from XML_TOK_INSTANCE_START infinite loop in function
  entityValueProcessor; it takes use of both functions
  XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an
  application to be vulnerable.
  Fix NULL dereference in function setContext on retry after an earlier
  ouf-of-memory condition; it takes use of function XML_ParserCreateNS or
  XML_ParserCreate_MM for an application to be vulnerable.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-32776
    https://www.cve.org/CVERecord?id=CVE-2026-32777
    https://www.cve.org/CVERecord?id=CVE-2026-32778
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 12 Mar 2026 09:08:08 +0100 1773302888 patches/packages/libarchive-3.8.6-arm-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  libarchive: fix incompatibility with Nettle 4.x (#2858)
  libarchive: fix NULL pointer dereference in
  archive_acl_from_text_w() (#2859)
  bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
  7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
  7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
  RAR5 reader: fix infinite loop in rar5 decompression (#2877)
  RAR5 reader: fix potential memory leak (#2892)
  RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
  twice (#2893)
  CAB reader: fix memory leak on repeated calls to
  archive_read_support_format_cab (#2895)
  mtree reader: Fix file descriptor leak in mtree parser
  cleanup (CWE-775, #2878)
  various small bugfixes in code and documentation
  (* Security fix *)
patches/packages/libxml2-2.11.9-arm-7_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c
  CVE-2026-0990 fix: Prevent infinite recursion in
  xmlCatalogListXMLResolve
  CVE-2026-0992 fix: Exponential behavior when handling
  parser: Fix infinite loop in xmlCtxtParseContent
  CVE-2025-10911 libxslt related: Ignore next/prev of documents when
  traversing XPath
  CVE-2026-0989 fix: Add RelaxNG include limit
  Thanks to r1w1s1 for locating the backported patches.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-1757
    https://www.cve.org/CVERecord?id=CVE-2026-0990
    https://www.cve.org/CVERecord?id=CVE-2026-0992
    https://www.cve.org/CVERecord?id=CVE-2025-10911
    https://www.cve.org/CVERecord?id=CVE-2026-0989
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 05 Mar 2026 09:08:08 +0100 1772698088 patches/packages/nfs-utils-2.5.4-arm-3_slack15.0.txz:  Rebuilt.
  Added sample /etc/idmapd.conf and missing documentation for nfsidmap.
patches/packages/nvi-1.81.6-arm-3_slack15.0.txz:  Rebuilt.
  Merge patchset from Debian.
  This makes a number of fixes and improvements, especially concerning
  wide-character support. It also fixes a possible heap-based buffer
  overflow in the regex handling affecting 32-bit platforms.
  Thanks to r1w1s1.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2015-2305
  (* Security fix *)
]]> https://www.sya54m.eu Wed, 04 Mar 2026 09:08:08 +0100 1772611688 patches/packages/glibc-zoneinfo-2026a-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/nfs-utils-2.5.4-arm-2_slack15.0.txz:  Rebuilt.
  rc.nfsd: mount nfsd virtual filesystem on /proc/fs/nfsd, not /proc/fs/nfs.
  Thanks to Jonathan Woithe.
  Kill processes only within the current namespace.
  Support starting rpc.gssd, rpc.svcgssd, and rpc.idmapd.
patches/packages/python3-3.9.25-arm-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For details, see /usr/doc/python3-3.9.25/Misc/NEWS.
  (* Security fix *)
]]> https://www.sya54m.eu Sun, 01 Mar 2026 09:08:08 +0100 1772352488 If you appreciate what we're doing with Slackware Linux on ARM, please consider
making a donation to support us. Your contribution helps maintain essential
hardware, cover electricity costs, and keep this longstanding open-source
project thriving.

You'll find the ways you can help here:
   https://arm.slackware.com/sponsor/

Thanks for all of your support!

patches/packages/bind-9.18.46-arm-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/gvfs-1.48.1-arm-2_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  ftp: Use control connection address for PASV data.
  ftp: Reject paths containing CR/LF characters.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-28295
    https://www.cve.org/CVERecord?id=CVE-2026-28296
  (* Security fix *)
patches/packages/telnet-0.17-arm-6_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  The nextitem() function in telnetd/utility.c has no bounds checking in the SB
  (suboption) case. The for(;;) loop scans past nfrontp into uncontrolled
  memory. This can be exploited by an unauthenticated remote attacker to
  execute arbitrary code on the server running telnetd.
  Please note that while telnet itself is a useful utility for network testing,
  telnetd is a legacy application which should generally not be used. If it is
  used, it should be used only on isolated networks where there is no
  expectation of security.
  Thanks to r1w1s1.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2020-10188
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 17 Feb 2026 09:08:08 +0100 1771315688 patches/packages/libssh-0.11.4-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  SCP Protocol Path Traversal in ssh_scp_pull_request().
  Possible Denial of Service when parsing unexpected configuration files.
  Buffer underflow in ssh_get_hexa() on invalid input.
  Specially crafted patterns could cause DoS.
  OOB Read in sftp_parse_longname().
  Read buffer overrun when handling SFTP extensions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-0964
    https://www.cve.org/CVERecord?id=CVE-2026-0965
    https://www.cve.org/CVERecord?id=CVE-2026-0966
    https://www.cve.org/CVERecord?id=CVE-2026-0967
    https://www.cve.org/CVERecord?id=CVE-2026-0968
    https://www.cve.org/CVERecord?id=CVE-2025-14821
  (* Security fix *)
patches/packages/lrzip-0.660-arm-1_slack15.0.txz:  Upgraded.
  Address multiple potential security issues with crafted or corrupt archives.
  (* Security fix *)
patches/packages/whois-5.6.6-arm-1_slack15.0.txz:  Upgraded.
  Added the .mc TLD server.
  Updated the .ps TLD server.
  Removed the .info, .mobi, .travel and .ï¿œ.ï¿œ.سطￜ.ï¿œ. (.xn--ygbi2ammx,
  Palestinian Territory) TLD servers.
  Removed 3 new gTLDs which are no longer active.
  mkpasswd: added support the Chinese SM3-based hashing algorithms.
]]> https://www.sya54m.eu Sun, 15 Feb 2026 09:08:08 +0100 1771142888 patches/packages/ca-certificates-20260212-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
]]> https://www.sya54m.eu Thu, 12 Feb 2026 09:08:08 +0100 1770883688 patches/packages/gnutls-3.8.12-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libgnutls: Fix NULL pointer dereference in PSK binder verification.
  libgnutls: Fix name constraint processing performance issue.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-1584
    https://www.cve.org/CVERecord?id=CVE-2025-14831
  (* Security fix *)
patches/packages/libpng-1.6.55-arm-1_slack15.0.txz:  Upgraded.
  Fixed a high severity security issue:
  Heap buffer overflow in `png_set_quantize`.
  Reported and fixed by Joshua Inscoe.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-25646
  (* Security fix *)
]]> https://www.sya54m.eu Sat, 07 Feb 2026 09:08:08 +0100 1770451688 patches/packages/openssl-1.1.1ze-arm-1_slack15.0.txz:  Upgraded.
  Apply patch to fix the following security issues:
  Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes.
  Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function
  calls.
  Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
  Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
  Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function.
  Fixed Missing ASN1_TYPE validation in PKCS#12 parsing.
  Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function.
  These CVEs were fixed by the 1.1.1ze release that is only available to
  subscribers to OpenSSL's premium extended support. The patch was prepared
  by backporting from the OpenSSL-3.0 repo.
  Thanks to Ken Zalewski for the patch!
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2025-68160
    https://www.cve.org/CVERecord?id=CVE-2025-69418
    https://www.cve.org/CVERecord?id=CVE-2025-69419
    https://www.cve.org/CVERecord?id=CVE-2025-69420
    https://www.cve.org/CVERecord?id=CVE-2025-69421
    https://www.cve.org/CVERecord?id=CVE-2026-22795
    https://www.cve.org/CVERecord?id=CVE-2026-22796
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1ze-arm-1_slack15.0.txz:  Upgraded.
patches/packages/p11-kit-0.26.2-arm-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2100
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 06 Feb 2026 09:08:08 +0100 1770365288 If you appreciate what we're doing with Slackware Linux on ARM, please consider
making a donation to support us. Your contribution helps maintain essential
hardware, cover electricity costs, and keep this longstanding open-source
project thriving.

You'll find the ways you can help here:
   https://arm.slackware.com/sponsor/

Thanks for all of your support!

patches/packages/ca-certificates-20260203-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/nano-8.7.1-arm-1_slack15.0.txz:  Upgraded.
]]> https://www.sya54m.eu Sun, 01 Feb 2026 09:08:08 +0100 1769933288 patches/packages/expat-2.7.4-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Function XML_ExternalEntityParserCreate failed to copy the encoding handler
  data passed to XML_SetUnknownEncodingHandler from the parent to the new
  subparser. This can cause a NULL dereference and denial of service.
  Integer overflow related to buffer size determination in function doContent.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-24515
    https://www.cve.org/CVERecord?id=CVE-2026-25210
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 22 Jan 2026 09:08:08 +0100 1769069288 patches/packages/bind-9.18.44-arm-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix incorrect length checks for BRID and HHIT records.
  Malformed BRID and HHIT records could trigger an assertion failure.
  For more information, see:
    https://kb.isc.org/docs/cve-2025-13878
    https://www.cve.org/CVERecord?id=CVE-2025-13878
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 15 Jan 2026 09:08:08 +0100 1768464488 patches/packages/libpng-1.6.54-arm-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Heap buffer over-read in the libpng simplified API function
  png_image_finish_read() when processing interlaced 16-bit PNGs with 8-bit
  output format and non-minimal row stride.
  Integer truncation in the libpng simplified write API functions
  png_write_image_16bit() and png_write_image_8bit() causes heap buffer
  over-read when the caller provides a negative row stride (for bottom-up
  image layouts) or a stride exceeding 65535 bytes.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-22695
    https://www.cve.org/CVERecord?id=CVE-2026-22801
  (* Security fix *)
]]> https://www.sya54m.eu Sat, 10 Jan 2026 09:08:08 +0100 1768032488 patches/packages/lcms2-2.18-arm-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix for #469 heap buffer overflow on convert_utf16_to_utf32().
  (* Security fix *)
patches/packages/libtasn1-4.21.0-arm-1_slack15.0.txz:  Upgraded.
  This update fixes a stack-based buffer overflow.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2025-13151
  (* Security fix *)
patches/packages/vim-9.1.2072-arm-1_slack15.0.txz:  Upgraded.
  Bundle universal-ctags with the vim package. Thanks to jmccue.
]]>