https://www.sya54m.eu Latest 20 entries in the Slackware64-current ChangeLog https://www.sya54m.eu/immagini/s256.png https://www.sya54m.eu en Wed, 20 May 2026 01:45:24 +0200 Wed, 20 May 2026 17:30:04 +0200 www.sya54m.eu https://www.sya54m.eu Wed, 20 May 2026 01:45:24 +0200 1779234324 a/haveged-1.9.21-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Missing exit out of permission check could lead to root exploit.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-41054
  (* Security fix *)
ap/ghostscript-10.07.1-x86_64-1.txz:  Upgraded.
d/llvm-22.1.6-x86_64-1.txz:  Upgraded.
d/tree-sitter-0.26.9-x86_64-1.txz:  Upgraded.
l/libclc-22.1.6-x86_64-1.txz:  Upgraded.
l/mozjs140-140.11.0esr-x86_64-1.txz:  Upgraded.
l/python-numpy-2.4.6-x86_64-1.txz:  Upgraded.
l/python-setuptools-gettext-0.1.18-x86_64-1.txz:  Upgraded.
x/mesa-26.1.1-x86_64-1.txz:  Upgraded.
x/xev-1.2.7-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-140.11.0esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-48
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
xap/mozilla-thunderbird-140.11.0esr-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.11.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 19 May 2026 00:16:46 +0200 1779142606 a/bash-5.3.009-x86_64-2.txz:  Rebuilt.
  Retain the default BASH_LOADABLES_PATH, adjusted for ${LIBDIRSUFFIX}.
  Thanks to duncan_roe.
a/util-linux-2.42.1-x86_64-1.txz:  Upgraded.
ap/mariadb-11.8.7-x86_64-1.txz:  Upgraded.
ap/sox-14.8.0-x86_64-1.txz:  Upgraded.
ap/vim-9.2.0500-x86_64-1.txz:  Upgraded.
l/libsigc++-2.12.2-x86_64-1.txz:  Upgraded.
l/libusb-1.0.30-x86_64-1.txz:  Upgraded.
l/libusb-compat-0.1.9-x86_64-1.txz:  Upgraded.
l/libxmlb-0.3.27-x86_64-1.txz:  Upgraded.
l/python-lxml-6.1.1-x86_64-1.txz:  Upgraded.
x/libXi-1.8.3-x86_64-1.txz:  Upgraded.
xap/vim-gvim-9.2.0500-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Mon, 18 May 2026 01:23:26 +0200 1779060206 a/dcron-4.5-x86_64-18.txz:  Rebuilt.
  /etc/default/crond: Set the same minimal PATH that's provided by sysvinit at
  boot time to keep things consistent when using rc.crond restart. This PATH
  will be used both at boot and with a restart through rc.crond. Feel free to
  adjust it if needed.
  Thanks to Ken Zalewski.
a/kernel-generic-6.18.32-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.32-x86-1.txz:  Upgraded.
k/kernel-source-6.18.32-noarch-1.txz:  Upgraded.
l/imagemagick-7.1.2_23-x86_64-1.txz:  Upgraded.
l/libsigc++3-3.8.1-x86_64-1.txz:  Upgraded.
l/mozilla-nss-3.124-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.9-x86_64-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-headers-7.0.9-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.9-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Sat, 16 May 2026 22:40:13 +0200 1778964013 l/SDL2_net-2.4.0-x86_64-1.txz:  Upgraded.
l/hyphen-2.8.9-x86_64-1.txz:  Upgraded.
l/libpaper-2.2.8-x86_64-1.txz:  Upgraded.
l/python-numpy-2.4.5-x86_64-1.txz:  Upgraded.
n/postfix-3.11.3-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Sat, 16 May 2026 04:48:04 +0200 1778899684 a/kernel-generic-6.18.31-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
a/lvm2-2.03.41-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.31-x86-1.txz:  Upgraded.
k/kernel-source-6.18.31-noarch-1.txz:  Upgraded.
l/aom-3.14.0-x86_64-1.txz:  Upgraded.
l/librsvg-2.62.2-x86_64-1.txz:  Upgraded.
n/dnsmasq-2.92rel2-x86_64-1.txz:  Upgraded.
  This update fixes security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2291
    https://www.cve.org/CVERecord?id=CVE-2026-4890
    https://www.cve.org/CVERecord?id=CVE-2026-4891
    https://www.cve.org/CVERecord?id=CVE-2026-4892
    https://www.cve.org/CVERecord?id=CVE-2026-4893
    https://www.cve.org/CVERecord?id=CVE-2026-5172
  (* Security fix *)
tcl/tcl-8.6.18-x86_64-1.txz:  Upgraded.
tcl/tk-8.6.18-x86_64-1.txz:  Upgraded.
x/libei-1.6.0-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.8-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
testing/packages/linux-7.0.x/kernel-headers-7.0.8-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.8-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Fri, 15 May 2026 04:12:09 +0200 1778811129 a/kernel-firmware-20260514_5b2bc2e-noarch-1.txz:  Upgraded.
a/kernel-generic-6.18.30-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.30-x86-1.txz:  Upgraded.
k/kernel-source-6.18.30-noarch-1.txz:  Upgraded.
l/gexiv2-0.16.0-x86_64-2.txz:  Rebuilt.
  [PATCH] gexiv2: fix package name in gir file to have -0.16 suffix.
  Thanks to reddog83.
l/openjph-0.27.3-x86_64-1.txz:  Upgraded.
l/python-requests-2.34.2-x86_64-1.txz:  Upgraded.
n/NetworkManager-1.56.1-x86_64-1.txz:  Upgraded.
n/netatalk-4.4.3-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-44047
    https://www.cve.org/CVERecord?id=CVE-2026-44048
    https://www.cve.org/CVERecord?id=CVE-2026-44049
    https://www.cve.org/CVERecord?id=CVE-2026-44050
    https://www.cve.org/CVERecord?id=CVE-2026-44051
    https://www.cve.org/CVERecord?id=CVE-2026-44052
    https://www.cve.org/CVERecord?id=CVE-2026-44054
    https://www.cve.org/CVERecord?id=CVE-2026-44055
    https://www.cve.org/CVERecord?id=CVE-2026-44057
    https://www.cve.org/CVERecord?id=CVE-2026-44060
    https://www.cve.org/CVERecord?id=CVE-2026-44062
    https://www.cve.org/CVERecord?id=CVE-2026-44064
    https://www.cve.org/CVERecord?id=CVE-2026-44066
    https://www.cve.org/CVERecord?id=CVE-2026-44068
    https://www.cve.org/CVERecord?id=CVE-2026-44076
    https://www.cve.org/CVERecord?id=CVE-2026-45354
    https://www.cve.org/CVERecord?id=CVE-2026-45355
    https://www.cve.org/CVERecord?id=CVE-2026-45356
    https://www.cve.org/CVERecord?id=CVE-2026-45698
    https://www.cve.org/CVERecord?id=CVE-2026-45699
  (* Security fix *)
x/libinput-1.31.2-x86_64-1.txz:  Upgraded.
x/mesa-26.0.7-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.7-x86_64-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-headers-7.0.7-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.7-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Wed, 13 May 2026 22:23:22 +0200 1778703802 a/intel-microcode-20260512-noarch-1.txz:  Upgraded.
l/libedit-20260512_3.1-x86_64-1.txz:  Upgraded.
l/pipewire-1.6.5-x86_64-1.txz:  Upgraded.
l/python-idna-3.15-x86_64-1.txz:  Upgraded.
n/gnupg2-2.5.20-x86_64-1.txz:  Upgraded.
y/bsd-games-2.17-x86_64-8.txz:  Rebuilt.
  Patched to fix 'countmail'. Thanks to andygoth.
]]> https://www.sya54m.eu Tue, 12 May 2026 22:48:54 +0200 1778618934 a/elogind-255.25-x86_64-1.txz:  Upgraded.
ap/xfsdump-3.3.0-x86_64-1.txz:  Upgraded.
d/ruby-4.0.4-x86_64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.28.3-x86_64-1.txz:  Upgraded.
l/gst-plugins-base-1.28.3-x86_64-1.txz:  Upgraded.
l/gst-plugins-good-1.28.3-x86_64-1.txz:  Upgraded.
l/gst-plugins-libav-1.28.3-x86_64-1.txz:  Upgraded.
l/gstreamer-1.28.3-x86_64-1.txz:  Upgraded.
l/imagemagick-7.1.2_22-x86_64-1.txz:  Upgraded.
l/openal-soft-1.25.2-x86_64-1.txz:  Upgraded.
n/samba-4.24.2-x86_64-1.txz:  Upgraded.
x/ibus-m17n-1.4.39-x86_64-1.txz:  Upgraded.
x/ibus-table-1.17.19-x86_64-1.txz:  Upgraded.
y/bsd-games-2.17-x86_64-7.txz:  Rebuilt.
  Apply a few patches from the Debian repo.
  Thanks to GazL.
]]> https://www.sya54m.eu Tue, 12 May 2026 04:16:39 +0200 1778552199 a/bcachefs-tools-1.38.3-x86_64-1.txz:  Upgraded.
a/kernel-generic-6.18.29-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present.
  This fixes the second "Dirty Frag" vulnerability.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel module rxrpc.ko (CVE-2026-43500).
  Also remove the module from the kernel if it has been loaded:
    rmmod rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43500
  (* Security fix *)
ap/vim-9.2.0475-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.29-x86-1.txz:  Upgraded.
k/kernel-source-6.18.29-noarch-1.txz:  Upgraded.
kde/wcslib-8.7-x86_64-1.txz:  Upgraded.
l/SDL2_mixer-2.8.2-x86_64-1.txz:  Upgraded.
l/expat-2.8.1-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Fix quadratic runtime from attribute name collision checks that allowed
  denial of service attacks through moderately sized crafted XML input
  (CWE-407). Please note that a layer of compression around XML can
  significantly reduce the minimum attack payload size.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-45186
  (* Security fix *)
l/python-idna-3.14-x86_64-1.txz:  Upgraded.
l/python-installer-1.0.1-x86_64-1.txz:  Upgraded.
l/python-requests-2.34.0-x86_64-1.txz:  Upgraded.
xap/vim-gvim-9.2.0475-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.6-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present.
  This fixes the second "Dirty Frag" vulnerability.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel module rxrpc.ko (CVE-2026-43500).
  Also remove the module from the kernel if it has been loaded:
    rmmod rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43500
  (* Security fix *)
testing/packages/linux-7.0.x/kernel-headers-7.0.6-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.6-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Sun, 10 May 2026 22:41:09 +0200 1778445669 for booting it and saving me a trip back home. :-)
a/btrfs-progs-7.0-x86_64-1.txz:  Upgraded.
d/gdb-17.2-x86_64-1.txz:  Upgraded.
l/openjph-0.27.2-x86_64-1.txz:  Upgraded.
x/OpenCC-1.3.1-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Sat, 09 May 2026 23:25:03 +0200 1778361903 a/elogind-255.24-x86_64-1.txz:  Upgraded.
l/libedit-20260508_3.1-x86_64-1.txz:  Upgraded.
l/pygobject3-3.56.3-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Sat, 09 May 2026 00:14:25 +0200 1778278465 a/kernel-generic-6.18.28-x86_64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  xfrm: esp: avoid in-place decrypt on shared skb frags.
  This update addresses a Linux kernel local privilege escalation attack known
  as "Dirty Frag." Please note that there's a second CVE (CVE-2026-43500) that
  is not yet patched upstream.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko
  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).
  Also remove the modules from the kernel if they have been loaded:
    rmmod esp4 esp6 rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43284
  (* Security fix *)
d/google-go-lang-1.26.3-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.28-x86-1.txz:  Upgraded.
k/kernel-source-6.18.28-noarch-1.txz:  Upgraded.
l/pycurl-7.46.0-x86_64-1.txz:  Upgraded.
l/python-trove-classifiers-2026.5.7.17-x86_64-1.txz:  Upgraded.
n/fetchmail-6.6.4-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-140.10.2esr-x86_64-1.txz:  Upgraded.
y/nethack-5.0.0-x86_64-4.txz:  Rebuilt.
  Another fix for the HACK= sed substitution. Should be good now! :-)
  Thanks to zapwai.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.5-x86_64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  xfrm: esp: avoid in-place decrypt on shared skb frags.
  This update addresses a Linux kernel local privilege escalation attack known
  as "Dirty Frag." Please note that there's a second CVE (CVE-2026-43500) that
  is not yet patched upstream.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko
  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).
  Also remove the modules from the kernel if they have been loaded:
    rmmod esp4 esp6 rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43284
  (* Security fix *)
testing/packages/linux-7.0.x/kernel-headers-7.0.5-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.5-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Fri, 08 May 2026 07:00:03 +0200 1778216403 a/kernel-firmware-20260507_b3d71e9-noarch-1.txz:  Upgraded.
a/kernel-generic-6.18.27-x86_64-1.txz:  Upgraded.
a/xfsprogs-7.0.0-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.27-x86-1.txz:  Upgraded.
d/mercurial-7.2.2-x86_64-1.txz:  Upgraded.
k/kernel-source-6.18.27-noarch-1.txz:  Upgraded.
l/mozjs140-140.10.2esr-x86_64-1.txz:  Upgraded.
l/openjph-0.27.1-x86_64-1.txz:  Upgraded.
l/python-urllib3-2.7.0-x86_64-1.txz:  Upgraded.
n/libgpg-error-1.61-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
   Fix possible stack overflow in es_printf for %.100f format.
   Fix out-of-bounds read in vfnameconcat.
  (* Security fix *)
n/php-8.4.21-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  DOM: Fixed Dom\XMLDocument::C14N() emits duplicate xmlns declarations after
  setAttributeNS().
  FPM: Fixed XSS within status endpoint.
  MBString: Fixed Null pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init().
  MBString: Fixed Out-of-bounds access in mbfl_name2encoding_ex().
  PDO_Firebird: Fixed SQL injection via NUL bytes in quoted strings.
  SOAP: Fixed Stale SOAP_GLOBAL(ref_map) pointer with Apache Map.
  SOAP: Fixed Use-after-free after header parsing failure with
  SOAP_PERSISTENCE_SESSION.
  SOAP: Fixed Broken Apache map value NULL check.
  Standard: Fixed Signed integer overflow of char array offset.
  Standard: Fixed Consistently pass unsigned char to ctype.h functions.
  URI: Fixed uriparser before 1.0.1 has numeric truncation in text range comparison.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.4.21
    https://www.cve.org/CVERecord?id=CVE-2026-7263
    https://www.cve.org/CVERecord?id=CVE-2026-6735
    https://www.cve.org/CVERecord?id=CVE-2026-7259
    https://www.cve.org/CVERecord?id=CVE-2026-6104
    https://www.cve.org/CVERecord?id=CVE-2025-14179
    https://www.cve.org/CVERecord?id=CVE-2026-6722
    https://www.cve.org/CVERecord?id=CVE-2026-7261
    https://www.cve.org/CVERecord?id=CVE-2026-7262
    https://www.cve.org/CVERecord?id=CVE-2026-7568
    https://www.cve.org/CVERecord?id=CVE-2026-7258
    https://www.cve.org/CVERecord?id=CVE-2026-42371
  (* Security fix *)
xap/mozilla-firefox-140.10.2esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.2/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-41
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.4-x86_64-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-headers-7.0.4-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.4-noarch-1.txz:  Upgraded.
testing/packages/php-8.5.6-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  DOM: Fixed Dom\XMLDocument::C14N() emits duplicate xmlns declarations after
  setAttributeNS().
  FPM: Fixed XSS within status endpoint.
  MBString: Fixed Null pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init().
  MBString: Fixed Out-of-bounds access in mbfl_name2encoding_ex().
  PDO_Firebird: Fixed SQL injection via NUL bytes in quoted strings.
  SOAP: Fixed Stale SOAP_GLOBAL(ref_map) pointer with Apache Map.
  SOAP: Fixed Use-after-free after header parsing failure with
  SOAP_PERSISTENCE_SESSION.
  SOAP: Fixed Broken Apache map value NULL check.
  Standard: Fixed Signed integer overflow of char array offset.
  Standard: Fixed Consistently pass unsigned char to ctype.h functions.
  URI: Fixed uriparser before 1.0.1 has numeric truncation in text range comparison.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.5.6
    https://www.cve.org/CVERecord?id=CVE-2026-7263
    https://www.cve.org/CVERecord?id=CVE-2026-6735
    https://www.cve.org/CVERecord?id=CVE-2026-7259
    https://www.cve.org/CVERecord?id=CVE-2026-6104
    https://www.cve.org/CVERecord?id=CVE-2025-14179
    https://www.cve.org/CVERecord?id=CVE-2026-6722
    https://www.cve.org/CVERecord?id=CVE-2026-7261
    https://www.cve.org/CVERecord?id=CVE-2026-7262
    https://www.cve.org/CVERecord?id=CVE-2026-7568
    https://www.cve.org/CVERecord?id=CVE-2026-7258
    https://www.cve.org/CVERecord?id=CVE-2026-42371
  (* Security fix *)
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Thu, 07 May 2026 00:38:32 +0200 1778107112 d/AMF-headers-1.5.2-noarch-1.txz:  Upgraded.
d/llvm-22.1.5-x86_64-1.txz:  Upgraded.
kde/okteta-0.26.27-x86_64-1.txz:  Upgraded.
l/djvulibre-3.5.30-x86_64-1.txz:  Upgraded.
l/lcms2-2.19.1-x86_64-1.txz:  Upgraded.
l/libclc-22.1.5-x86_64-1.txz:  Upgraded.
x/mesa-26.1.0-x86_64-1.txz:  Upgraded.
y/nethack-5.0.0-x86_64-3.txz:  Rebuilt.
  Fixed some paths / perms.
  Thanks to zapwai.
]]> https://www.sya54m.eu Tue, 05 May 2026 22:12:56 +0200 1778011976 a/hwdata-0.407-noarch-1.txz:  Upgraded.
a/pam-1.7.2-x86_64-2.txz:  Rebuilt.
  Harden perms on /sbin/unix_chkpwd.
ap/sqlite-3.53.1-x86_64-1.txz:  Upgraded.
l/ffmpeg-7.1.4-x86_64-1.txz:  Upgraded.
l/hunspell-1.7.3-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://github.com/hunspell/hunspell/releases/tag/v1.7.3
  (* Security fix *)
l/libgtop-2.41.3-x86_64-3.txz:  Rebuilt.
  Harden perms on /usr/lib${LIBDIRSUFFIX}/libgtop/libgtop_server2.
n/procmail-3.24-x86_64-3.txz:  Rebuilt.
  Harden perms on /usr/sbin/procmail.
testing/packages/ffmpeg-8.1.1-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Tue, 05 May 2026 02:17:21 +0200 1777940241 y/nethack-5.0.0-x86_64-2.txz:  Rebuilt.
  Fixed HACKDIR location.
]]> https://www.sya54m.eu Tue, 05 May 2026 00:37:35 +0200 1777934255 a/util-linux-2.42-x86_64-2.txz:  Rebuilt.
  Harden perms on /bin/mount and /bin/umount.
ap/lxc-7.0.0-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/libexec/lxc/lxc-user-nic.
d/ccache-4.13.6-x86_64-1.txz:  Upgraded.
d/python-pip-26.1.1-x86_64-1.txz:  Upgraded.
l/fuse-2.9.9-x86_64-5.txz:  Rebuilt.
  Harden perms on /bin/fusermount.
l/fuse3-3.16.2-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/bin/fusermount3.
l/libgtop-2.41.3-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/lib64/libgtop/libgtop_server2.
l/polkit-127-x86_64-2.txz:  Rebuilt.
n/httpd-2.4.67-x86_64-1.txz:  Upgraded.
  This release fixes bugs and the following security issues:
  mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data().
  mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check.
  Off-by-one OOB reads in AJP getter functions.
  HTTP response splitting forwarding malicious status line.
  mod_authn_socache crash.
  mod_auth_digest timing attack.
  mod_md unrestricted OCSP response.
  buffer overflow in mod_proxy_ajp via ajp_msg_check_header().
  mod_rewrite elevation of privileges via ap_expr.
  http2: double free and possible RCE on early reset.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.67
    https://www.cve.org/CVERecord?id=CVE-2026-34059
    https://www.cve.org/CVERecord?id=CVE-2026-34032
    https://www.cve.org/CVERecord?id=CVE-2026-33857
    https://www.cve.org/CVERecord?id=CVE-2026-33523
    https://www.cve.org/CVERecord?id=CVE-2026-33007
    https://www.cve.org/CVERecord?id=CVE-2026-33006
    https://www.cve.org/CVERecord?id=CVE-2026-29169
    https://www.cve.org/CVERecord?id=CVE-2026-29168
    https://www.cve.org/CVERecord?id=CVE-2026-28780
    https://www.cve.org/CVERecord?id=CVE-2026-24072
    https://www.cve.org/CVERecord?id=CVE-2026-23918
  (* Security fix *)
n/krb5-1.22.2-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/bin/ksu.
x/xf86-video-intel-20230201_b74b67f0-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/libexec/xf86-video-intel-backlight-helper.
x/xorg-server-21.1.22-x86_64-3.txz:  Rebuilt.
  Harden perms on /usr/libexec/Xorg.wrap.
x/xorg-server-xephyr-21.1.22-x86_64-3.txz:  Rebuilt.
x/xorg-server-xnest-21.1.22-x86_64-3.txz:  Rebuilt.
x/xorg-server-xvfb-21.1.22-x86_64-3.txz:  Rebuilt.
xap/xscreensaver-6.15-x86_64-2.txz:  Rebuilt.
  Harden perms on /usr/libexec/xscreensaver/sonar and
  /usr/libexec/xscreensaver/xscreensaver-auth.
y/nethack-5.0.0-x86_64-1.txz:  Upgraded.
  Thanks to zapwai.
]]> https://www.sya54m.eu Mon, 04 May 2026 01:27:40 +0200 1777850860 xap/gimp-3.2.4-x86_64-3.txz:  Rebuilt.
  Patched to build with gexiv2-0.16.0.
  Thanks to USUARIONUEVO.
l/gexiv2-0.16.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
  Thanks to saxa.
a/bcachefs-tools-1.38.2-x86_64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Sun, 03 May 2026 03:36:26 +0200 1777772186 a/dracut-111-x86_64-1.txz:  Upgraded.
a/elogind-255.23-x86_64-1.txz:  Upgraded.
a/haveged-1.9.20-x86_64-1.txz:  Upgraded.
a/kernel-firmware-20260429_56a13f9-noarch-1.txz:  Upgraded.
a/kernel-generic-6.18.26-x86_64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
ap/joe-4.8-x86_64-1.txz:  Upgraded.
ap/lxc-7.0.0-x86_64-1.txz:  Upgraded.
ap/vim-9.2.0433-x86_64-1.txz:  Upgraded.
d/doxygen-1.17.0-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.18.26-x86-1.txz:  Upgraded.
k/kernel-source-6.18.26-noarch-1.txz:  Upgraded.
kde/xsimd-14.2.0-noarch-1.txz:  Upgraded.
l/SDL2_image-2.8.12-x86_64-1.txz:  Upgraded.
l/SDL3-3.4.8-x86_64-1.txz:  Upgraded.
l/at-spi2-core-2.60.3-x86_64-1.txz:  Upgraded.
l/cfitsio-4.6.4-x86_64-1.txz:  Upgraded.
l/enchant-2.8.16-x86_64-1.txz:  Upgraded.
l/glib2-2.88.1-x86_64-1.txz:  Upgraded.
l/gtk4-4.22.4-x86_64-1.txz:  Upgraded.
l/libgsf-1.14.58-x86_64-1.txz:  Upgraded.
l/openexr-3.4.11-x86_64-1.txz:  Upgraded.
  Patch release that addresses the following security vulnerabilities:
  Shift exponent overflow in readVariableLengthInteger().
  Out-of-bounds read in IDManifest::init() during prefix expansion.
  Integer overflow in ImageChannel::resize leads to heap OOB write via
  OpenEXRUtil public API.
  Heap-buffer-overflow in DwaCompressor_uncompress.
  Null-dereference READ in Imf_3_3::prefixFromLayerName.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-42217
    https://www.cve.org/CVERecord?id=CVE-2026-42216
    https://www.cve.org/CVERecord?id=CVE-2026-41142
  (* Security fix *)
l/python-build-1.5.0-x86_64-1.txz:  Upgraded.
l/qtkeychain-0.16.0-x86_64-1.txz:  Upgraded.
l/spirv-llvm-translator-22.1.2-x86_64-1.txz:  Upgraded.
n/curl-8.20.0-x86_64-1.txz:  Upgraded.
n/dhcpcd-10.3.2-x86_64-1.txz:  Upgraded.
n/gnutls-3.8.13-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Add more checks to DTLS reassembly. Previously, gnutls didn't check that
  DTLS fragments claimed a consistent message_length value. Additionally,
  a crucial array size check was missing, enabling an attacker to cause a
  heap overwrite. Reject fragments with mismatching length and add a missing
  boundary check. Independently reported by Haruto Kimura (Stella), Oscar
  Reparaz and Zou Dikai.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-33846
  (* Security fix *)
n/openvpn-2.7.4-x86_64-1.txz:  Upgraded.
n/postfix-3.11.2-x86_64-1.txz:  Upgraded.
x/ibus-1.5.34-x86_64-1.txz:  Upgraded.
x/mesa-26.0.6-x86_64-1.txz:  Upgraded.
x/noto-fonts-ttf-2026.05.01-noarch-1.txz:  Upgraded.
x/xterm-410-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-140.10.1esr-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.1esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
xap/vim-gvim-9.2.0433-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/linux-7.0.x/kernel-generic-7.0.3-x86_64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
testing/packages/linux-7.0.x/kernel-headers-7.0.3-x86-1.txz:  Upgraded.
testing/packages/linux-7.0.x/kernel-source-7.0.3-noarch-1.txz:  Upgraded.
testing/packages/mesa-26.1.0_rc3-x86_64-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
]]> https://www.sya54m.eu Fri, 01 May 2026 21:44:58 +0200 1777664698 a/lvm2-2.03.40-x86_64-1.txz:  Upgraded.
ap/htop-3.5.1-x86_64-1.txz:  Upgraded.
l/mozjs140-140.10.1esr-x86_64-1.txz:  Upgraded.
l/python-trove-classifiers-2026.4.28.13-x86_64-1.txz:  Upgraded.
n/ethtool-7.0-x86_64-1.txz:  Upgraded.
n/rsync-3.4.2-x86_64-1.txz:  Upgraded.
x/ibus-table-1.17.18-x86_64-1.txz:  Upgraded.
x/libdrm-2.4.133-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-140.10.1esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-36
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
]]>