https://www.sya54m.eu Latest 20 entries in the Slackware64-15.0 ChangeLog https://www.sya54m.eu/immagini/s256.png https://www.sya54m.eu en Wed, 10 Jun 2026 22:15:05 +0200 Fri, 12 Jun 2026 19:30:06 +0200 www.sya54m.eu https://www.sya54m.eu Wed, 10 Jun 2026 22:15:05 +0200 1781122505 patches/packages/httpd-2.4.68-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release (CVE-2026-49975 was already patched here.)
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.68
]]> https://www.sya54m.eu Tue, 09 Jun 2026 23:03:28 +0200 1781039008 testing/packages/autoconf-2.73-noarch-1_slack15.0.txz:  Added.
]]> https://www.sya54m.eu Mon, 08 Jun 2026 22:41:30 +0200 1780951290 patches/packages/rsync-3.4.4-x86_64-1_slack15.0.txz:  Upgraded.
  Rsync version 3.4.4 has been released. This is a regression fix release for
  the issues that have been reported with the 3.4.3 security release. Many
  thanks to everyone who reported the issues (see NEWS.md for credits).
  The 3.4.3 release had so many issues for two main reasons:
  * the 3.4 testsuite did not have broad enough coverage to catch the
    regressions noticed by users
  * the nature of a security release prevents wide beta testing, resulting in
    not enough manual testing in disparate environments
  To fix this for future releases we have greatly expanded the test suite for
  3.5 (currently in master) and grown the development team, especially with
  more people with security expertise. Thanks for your patience!
]]> https://www.sya54m.eu Mon, 08 Jun 2026 00:20:12 +0200 1780870812 extra/samba-4.22.10-x86_64-1_slack15.0.txz:  Upgraded.
  This is a security release in order to address the following defects:
  Missing access checks on reparse point operations.
  WORM vfs module does not block overwrites.
  auto-enrolment GPO installing CA certificate over http without verification.
  Denial of service against AD DC WINS server.
  Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR server.
  Unauthenticated Remote Code Execution in Samba printing subsystem.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2026-1933.html
    https://www.samba.org/samba/security/CVE-2026-2340.html
    https://www.samba.org/samba/security/CVE-2026-3012.html
    https://www.samba.org/samba/security/CVE-2026-3238.html
    https://www.samba.org/samba/security/CVE-2026-4408.html
    https://www.samba.org/samba/security/CVE-2026-4480.html
    https://www.cve.org/CVERecord?id=CVE-2026-1933
    https://www.cve.org/CVERecord?id=CVE-2026-2340
    https://www.cve.org/CVERecord?id=CVE-2026-3012
    https://www.cve.org/CVERecord?id=CVE-2026-3238
    https://www.cve.org/CVERecord?id=CVE-2026-4408
    https://www.cve.org/CVERecord?id=CVE-2026-4480
  (* Security fix *)
]]> https://www.sya54m.eu Thu, 04 Jun 2026 23:45:06 +0200 1780609506 patches/packages/dnsmasq-2.93-x86_64-1_slack15.0.txz:  Upgraded.
  Rework storage allocation for domain names. This fixes a security bug that
  can cause heap-overwrite with long domain names.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2291
  (* Security fix *)
patches/packages/libinput-1.31.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  libinput-device-group unescaped phys output can inject udev properties
  leading to arbitrary root code execution.
  Note that since /dev/uinput and /dev/uhid are only accessible by root on
  Slackware (and unlike some other distributions we make no exceptions), we
  were not vulnerable to this flaw.
  (* Security fix *)
patches/packages/meson-1.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is needed to compile libinput-1.31.3.
]]> https://www.sya54m.eu Thu, 04 Jun 2026 03:22:28 +0200 1780536148 extra/tigervnc/tigervnc-1.16.2-x86_64-3_slack15.0.txz:  Rebuilt.
  Patched with fixes for the following xorg-server security issues:
  Font Alias Stack-based Buffer Overflow.
  XSYNC Use-After-Free in miSyncDestroyFence().
  XKB Key Types Stack-based Buffer Overflow.
  XKB SetMap Request Stack-based Buffer Overflow.
  XSYNC Use-After-Free in FreeCounter().
  XSYNC Use-After-Free in SyncChangeCounter().
  GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
  CreateSaverWindow Use-After-Free Information Disclosure.
  DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
  For more information, see:
    https://lists.x.org/archives/xorg/2026-June/062239.html
    Zero Day Initiative identifiers:
    ZDI-CAN-30136
    ZDI-CAN-30159
    ZDI-CAN-30160
    ZDI-CAN-30161
    ZDI-CAN-30163
    ZDI-CAN-30164
    ZDI-CAN-30165
    ZDI-CAN-30168
  (* Security fix *)
patches/packages/httpd-2.4.67-x86_64-2_slack15.0.txz:  Rebuilt.
  This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
  attack against HTTP/2.
  For more information, see:
    https://seclists.org/oss-sec/2026/q2/790
    https://www.cve.org/CVERecord?id=CVE-2026-49975
  (* Security fix *)
patches/packages/net-tools-20181103_0eebece-x86_64-4_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  interface.c: Stack-based Buffer Overflow in get_name().
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2025-46836
  (* Security fix *)
patches/packages/proftpd-1.3.9b-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Additional fixes for SQL injection, notably for handling `%{env:...}`
  and `%{note:...}` variables.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-42167
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-20_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Font Alias Stack-based Buffer Overflow.
  XSYNC Use-After-Free in miSyncDestroyFence().
  XKB Key Types Stack-based Buffer Overflow.
  XKB SetMap Request Stack-based Buffer Overflow.
  XSYNC Use-After-Free in FreeCounter().
  XSYNC Use-After-Free in SyncChangeCounter().
  GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
  CreateSaverWindow Use-After-Free Information Disclosure.
  DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
  For more information, see:
    https://lists.x.org/archives/xorg/2026-June/062239.html
    Zero Day Initiative identifiers:
    ZDI-CAN-30136
    ZDI-CAN-30159
    ZDI-CAN-30160
    ZDI-CAN-30161
    ZDI-CAN-30163
    ZDI-CAN-30164
    ZDI-CAN-30165
    ZDI-CAN-30168
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Font Alias Stack-based Buffer Overflow.
  XSYNC Use-After-Free in miSyncDestroyFence().
  XKB Key Types Stack-based Buffer Overflow.
  XKB SetMap Request Stack-based Buffer Overflow.
  XSYNC Use-After-Free in FreeCounter().
  XSYNC Use-After-Free in SyncChangeCounter().
  GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
  CreateSaverWindow Use-After-Free Information Disclosure.
  For more information, see:
    https://lists.x.org/archives/xorg/2026-June/062239.html
    Zero Day Initiative identifiers:
    ZDI-CAN-30136
    ZDI-CAN-30159
    ZDI-CAN-30160
    ZDI-CAN-30161
    ZDI-CAN-30163
    ZDI-CAN-30164
    ZDI-CAN-30165
    ZDI-CAN-30168
  (* Security fix *)
testing/packages/openrsync-20250126_a257c0f-x86_64-1_slack15.0.txz:  Added.
]]> https://www.sya54m.eu Tue, 02 Jun 2026 04:32:11 +0200 1780367531 patches/packages/linux-5.15.209/kernel-generic-5.15.209-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
  rxrpc: Fix anonymous key handling
  rxrpc: only handle RESPONSE during service challenge
  rxrpc: Fix recvmsg() unconditional requeue
  rxrpc: reject undecryptable rxkad response tickets
  rxrpc: Fix call removal to use RCU safe deletion
  rxrpc: Fix key quota calculation for multitoken keys
  rxrpc: proc: size address buffers for %pISpc output
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-31696
    https://www.cve.org/CVERecord?id=CVE-2026-31676
    https://www.cve.org/CVERecord?id=CVE-2026-23066
    https://www.cve.org/CVERecord?id=CVE-2026-31637
    https://www.cve.org/CVERecord?id=CVE-2026-31642
    https://www.cve.org/CVERecord?id=CVE-2026-31630
  (* Security fix *)
patches/packages/linux-5.15.209/kernel-headers-5.15.209-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.209/kernel-huge-5.15.209-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
  rxrpc: Fix anonymous key handling
  rxrpc: only handle RESPONSE during service challenge
  rxrpc: Fix recvmsg() unconditional requeue
  rxrpc: reject undecryptable rxkad response tickets
  rxrpc: Fix call removal to use RCU safe deletion
  rxrpc: Fix key quota calculation for multitoken keys
  rxrpc: proc: size address buffers for %pISpc output
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-31696
    https://www.cve.org/CVERecord?id=CVE-2026-31676
    https://www.cve.org/CVERecord?id=CVE-2026-23066
    https://www.cve.org/CVERecord?id=CVE-2026-31637
    https://www.cve.org/CVERecord?id=CVE-2026-31642
    https://www.cve.org/CVERecord?id=CVE-2026-31630
  (* Security fix *)
patches/packages/linux-5.15.209/kernel-modules-5.15.209-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.209/kernel-source-5.15.209-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Wed, 27 May 2026 01:17:58 +0200 1779837478 patches/packages/mozilla-thunderbird-140.11.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.11.1esr/releasenotes/
  (* Security fix *)
]]> https://www.sya54m.eu Sun, 24 May 2026 22:43:18 +0200 1779655398 patches/packages/linux-5.15.208/kernel-generic-5.15.208-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  net: skbuff: propagate shared-frag marker through frag-transfer helpers.
  net: skbuff: preserve shared-frag marker during coalescing.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-43503
    https://www.cve.org/CVERecord?id=CVE-2026-46300
  (* Security fix *)
patches/packages/linux-5.15.208/kernel-headers-5.15.208-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.208/kernel-huge-5.15.208-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  net: skbuff: propagate shared-frag marker through frag-transfer helpers.
  net: skbuff: preserve shared-frag marker during coalescing.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-43503
    https://www.cve.org/CVERecord?id=CVE-2026-46300
  (* Security fix *)
patches/packages/linux-5.15.208/kernel-modules-5.15.208-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.208/kernel-source-5.15.208-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Fri, 22 May 2026 22:33:38 +0200 1779482018 patches/packages/lxc-4.0.12-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  Thanks to fourtysixandtwo.
]]> https://www.sya54m.eu Thu, 21 May 2026 06:59:09 +0200 1779339549 patches/packages/bind-9.18.49-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fix outgoing zone transfers' quota issue.
  Limit resolver server list size.
  Fix GSS-API resource leak.
  Avoid unbounded recursion loop.
  Disable recursion, UPDATE, and NOTIFY for non-IN views.
  For more information, see:
    https://kb.isc.org/docs/CVE-2026-3592
    https://kb.isc.org/docs/CVE-2026-3039
    https://kb.isc.org/docs/CVE-2026-5947
    https://kb.isc.org/docs/CVE-2026-5950
    https://kb.isc.org/docs/CVE-2026-5946
    https://www.cve.org/CVERecord?id=CVE-2026-3592
    https://www.cve.org/CVERecord?id=CVE-2026-3039
    https://www.cve.org/CVERecord?id=CVE-2026-5947
    https://www.cve.org/CVERecord?id=CVE-2026-5950
    https://www.cve.org/CVERecord?id=CVE-2026-5946
  (* Security fix *)
patches/packages/rsync-3.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  TOCTOU symlink race condition allowing local privilege escalation in daemon
  mode without chroot.
  Hostname/ACL bypass on an rsync daemon configured with `daemon chroot = /X`
  in rsyncd.conf when the chroot tree lacks DNS resolution support.
  Integer overflow in the compressed-token decoder enabling remote memory
  disclosure to an authenticated daemon peer.
  Symlink races on path-based system calls in "use chroot = no" daemon mode.
  Out-of-bounds read in the receiver's recv_files() enabling remote
  denial-of-service of any client pulling from a malicious server.
  Off-by-one out-of-bounds stack write in the rsync client's HTTP CONNECT proxy
  handler (`establish_proxy_connection()` in `socket.c`).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-29518
    https://www.cve.org/CVERecord?id=CVE-2026-43617
    https://www.cve.org/CVERecord?id=CVE-2026-43618
    https://www.cve.org/CVERecord?id=CVE-2026-43619
    https://www.cve.org/CVERecord?id=CVE-2026-43620
    https://www.cve.org/CVERecord?id=CVE-2026-45232
  (* Security fix *)
]]> https://www.sya54m.eu Wed, 20 May 2026 01:45:24 +0200 1779234324 patches/packages/haveged-1.9.21-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Missing exit out of permission check could lead to root exploit.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-41054
  (* Security fix *)
patches/packages/mozilla-firefox-140.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-48
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
patches/packages/mozilla-thunderbird-140.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.11.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
]]> https://www.sya54m.eu Mon, 18 May 2026 01:23:26 +0200 1779060206 patches/packages/dcron-4.5-x86_64-14_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  Rebase the run-parts script on the latest version from Fedora's crontabs
  package. Thanks to avian.
  rc.crond: ensure world-writable permissions on /run/cron, needed for
  crontab -e with some editors. Thanks to lostintime.
  Add /etc/default/run-parts. Thanks to lostintime.
  run-parts: don't redirect stderr to stdout. Thanks to Thom1b.
  run-parts: skip *.orig files. Thanks to metaed.
  run-parts.8: document skiping *.orig files. Thanks to metaed.
  /etc/default/crond: Set the same minimal PATH that's provided by sysvinit at
  boot time to keep things consistent when using rc.crond restart. This PATH
  will be used both at boot and with a restart through rc.crond. Feel free to
  adjust it if needed. Thanks to Ken Zalewski.
]]> https://www.sya54m.eu Sat, 16 May 2026 04:48:04 +0200 1778899684 patches/packages/dnsmasq-2.92rel2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2291
    https://www.cve.org/CVERecord?id=CVE-2026-4890
    https://www.cve.org/CVERecord?id=CVE-2026-4891
    https://www.cve.org/CVERecord?id=CVE-2026-4892
    https://www.cve.org/CVERecord?id=CVE-2026-4893
    https://www.cve.org/CVERecord?id=CVE-2026-5172
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-generic-5.15.207-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-headers-5.15.207-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.207/kernel-huge-5.15.207-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-modules-5.15.207-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.207/kernel-source-5.15.207-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Tue, 12 May 2026 04:16:39 +0200 1778552199 patches/packages/expat-2.7.5-x86_64-2_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  Fix quadratic runtime from attribute name collision checks that allowed
  denial of service attacks through moderately sized crafted XML input
  (CWE-407). Please note that a layer of compression around XML can
  significantly reduce the minimum attack payload size.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-45186
  (* Security fix *)
]]> https://www.sya54m.eu Sat, 09 May 2026 23:25:03 +0200 1778361903 patches/packages/linux-5.15.206/kernel-generic-5.15.206-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-headers-5.15.206-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-huge-5.15.206-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-modules-5.15.206-x86_64-1.txz:  Upgraded.
  This update fixes a regression in Linux 5.15.205:
  xfrm: esp: ipv4: fix up flags setting.
patches/packages/linux-5.15.206/kernel-source-5.15.206-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Sat, 09 May 2026 00:14:25 +0200 1778278465 patches/packages/linux-5.15.205/kernel-generic-5.15.205-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-headers-5.15.205-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-huge-5.15.205-x86_64-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-modules-5.15.205-x86_64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  xfrm: esp: avoid in-place decrypt on shared skb frags.
  This update addresses a Linux kernel local privilege escalation attack known
  as "Dirty Frag." Please note that there's a second CVE (CVE-2026-43500) that
  is not yet patched upstream.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko
  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).
  Also remove the modules from the kernel if they have been loaded:
    rmmod esp4 esp6 rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43284
  (* Security fix *)
patches/packages/linux-5.15.205/kernel-source-5.15.205-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
patches/packages/mozilla-thunderbird-140.10.2esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.2esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 08 May 2026 07:00:03 +0200 1778216403 extra/php82/php82-8.2.31-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  FPM: Fixed XSS within status endpoint.
  MBString: Fixed Null pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init().
  PDO_Firebird: Fixed SQL injection via NUL bytes in quoted strings.
  SOAP: Fixed Stale SOAP_GLOBAL(ref_map) pointer with Apache Map.
  SOAP: Fixed Use-after-free after header parsing failure with
  SOAP_PERSISTENCE_SESSION.
  SOAP: Fixed Broken Apache map value NULL check.
  Standard: Fixed Signed integer overflow of char array offset.
  Standard: Fixed Consistently pass unsigned char to ctype.h functions.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.2.31
    https://www.cve.org/CVERecord?id=CVE-2026-6735
    https://www.cve.org/CVERecord?id=CVE-2026-7259
    https://www.cve.org/CVERecord?id=CVE-2025-14179
    https://www.cve.org/CVERecord?id=CVE-2026-6722
    https://www.cve.org/CVERecord?id=CVE-2026-7261
    https://www.cve.org/CVERecord?id=CVE-2026-7262
    https://www.cve.org/CVERecord?id=CVE-2026-7568
    https://www.cve.org/CVERecord?id=CVE-2026-7258
  (* Security fix *)
patches/packages/libgpg-error-1.61-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
   Fix possible stack overflow in es_printf for %.100f format.
   Fix out-of-bounds read in vfnameconcat.
  (* Security fix *)
patches/packages/mozilla-firefox-140.10.2esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.2/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-41
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 05 May 2026 22:12:56 +0200 1778011976 patches/packages/hunspell-1.7.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://github.com/hunspell/hunspell/releases/tag/v1.7.3
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 05 May 2026 00:37:35 +0200 1777934255 patches/packages/httpd-2.4.67-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes bugs and the following security issues:
  mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data().
  mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check.
  Off-by-one OOB reads in AJP getter functions.
  HTTP response splitting forwarding malicious status line.
  mod_authn_socache crash.
  mod_auth_digest timing attack.
  mod_md unrestricted OCSP response.
  buffer overflow in mod_proxy_ajp via ajp_msg_check_header().
  mod_rewrite elevation of privileges via ap_expr.
  http2: double free and possible RCE on early reset.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.67
    https://www.cve.org/CVERecord?id=CVE-2026-34059
    https://www.cve.org/CVERecord?id=CVE-2026-34032
    https://www.cve.org/CVERecord?id=CVE-2026-33857
    https://www.cve.org/CVERecord?id=CVE-2026-33523
    https://www.cve.org/CVERecord?id=CVE-2026-33007
    https://www.cve.org/CVERecord?id=CVE-2026-33006
    https://www.cve.org/CVERecord?id=CVE-2026-29169
    https://www.cve.org/CVERecord?id=CVE-2026-29168
    https://www.cve.org/CVERecord?id=CVE-2026-28780
    https://www.cve.org/CVERecord?id=CVE-2026-24072
    https://www.cve.org/CVERecord?id=CVE-2026-23918
  (* Security fix *)
]]>