Slackware-current ChangeLog (2022-02-01)
Tue Feb 1 08:27:47 UTC 2022
Packages
Rebuilt
- kde/kate-21.12.1-i586-2.txz
Fix missing validation of binaries executed via QProcess.
Thanks to Heinz Wiesinger.
For more information, see:
https://kde.org/info/security/advisory-20220131-1.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *)
Tue Feb 1 05:35:21 UTC 2022
Hey, my shiny brass lamp is almost out of fuel!
Packages
Rebuilt
- a/rpm2tgz-1.2.2-i586-6.txz
Don't use –no-absolute-filenames, because inexplicably it also strips the
leading '/' from symlink targets, generally creating a broken symlink.
The problem we were attempting to fix is far less common than symlinks to
absolute filenames, so we'll revert this for further consideration.
Thanks to pghvlaans.
Tue Feb 1 04:37:04 UTC 2022
The sepulchral voice intones, “The cave is now closed.”
Packages
Upgraded
- n/samba-4.15.5-i586-1.txz
This is a security release in order to address the following defects:
UNIX extensions in SMB1 disclose whether the outside target of a symlink
exists.
Out-of-Bound Read/Write on Samba vfs_fruit module. This vulnerability
allows remote attackers to execute arbitrary code as root on affected Samba
installations that use the VFS module vfs_fruit.
Re-adding an SPN skips subsequent SPN conflict checks. An attacker who has
the ability to write to an account can exploit this to perform a
denial-of-service attack by adding an SPN that matches an existing service.
Additionally, an attacker who can intercept traffic can impersonate existing
services, resulting in a loss of confidentiality and integrity.
For more information, see:
https://www.samba.org/samba/security/CVE-2021-44141.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141
https://www.samba.org/samba/security/CVE-2021-44142.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
https://www.samba.org/samba/security/CVE-2022-0336.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
(* Security fix *)
Rebuilt
- kde/ktexteditor-5.90.0-i586-2.txz
[PATCH] only start programs in user's path.
[PATCH] only execute diff in path.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *) - l/libcanberra-0.30-i586-9.txz
Fix a bug crashing some applications in Wayland desktops.
Thanks to 01micko. - x/xterm-370-i586-7.txz
Rebuilt with –disable-sixel-graphics to fix a buffer overflow.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
(* Security fix *)
Added
- testing/source/linux-5.16.4-configs/*
Sample config files to build 5.16.4 Linux kernels.