Slackware 1231 Published by Philipp Esselbach 0

Mozilla Firefox and Thunderbird packages have been updated for Slackware 15.0 and -current to fix security issues, including a heap buffer overflow in libvpx. The new packages can be found on the official Slackware FTP servers or mirror sites near you, and the MD5 signatures are provided for verification. Additionally, a new lrzip package is available to address multiple potential security issues with crafted or corrupt archives. Users should upgrade the packages as root by running the "upgradepkg" command with the corresponding package name.

mozilla-firefox (SSA:2026-047-03)
mozilla-thunderbird (SSA:2026-047-04)
lrzip (SSA:2026-047-02)
libssh (SSA:2026-047-01)

Slackware 1231 Published by Philipp Esselbach 0

New security updates are available for OpenSSL and p11-kit on Slackware 15.0. The OpenSSL update fixes several vulnerabilities, including heap out-of-bounds write, unauthenticated/unencrypted trailing bytes, and null pointer dereference issues. The p11-kit update addresses a single security issue: a NULL dereference via C_DeriveKey with specific NULL parameters. This vulnerability has been fixed in the latest version of p11-kit, which is now available for Slackware 15.0 and -current.

openssl (SSA:2026-037-02)
p11-kit (SSA:2026-037-01)

Slackware 1231 Published by Philipp Esselbach 0

Expats packages have been updated for Slackware 15.0 and -current to fix security issues, including vulnerabilities that can cause denial of service or integer overflow. The update addresses two specific CVEs: CVE-2026-24515 and CVE-2026-25210. Users can find the new packages on various mirror sites, including the official Slackware website and the OSU Open Source Lab's FTP servers.

expat (SSA:2026-031-01)

Slackware 1231 Published by Philipp Esselbach 0

New packages for Mozilla Thunderbird have been released to address security issues in Slackware 15.0 and -current. The updated packages, including version 140.7.1esr, can be found on the official Slackware FTP site or through additional mirror sites listed on the "Get Slack" section of the Slackware website.

mozilla-thunderbird (SSA:2026-027-01)

Slackware 1231 Published by Philipp Esselbach 0

New bind packages are available for Slackware 15.0 and -current to fix security issues. The update fixes a security issue where malformed BRID and HHIT records could trigger an assertion failure, with more information available on the ISC Knowledge Base.

bind (SSA:2026-021-01)

Slackware 1231 Published by Philipp Esselbach 0

Mozilla Firefox, libpng, and Mozilla Thunderbird security updates are available for Slackware 15.0 and -current to fix security issues. The updates contain patches for security vulnerabilities, including heap buffer over-reads and integer truncation errors. Users can find the new packages on the OSU Open Source Lab's FTP site or by visiting additional mirror sites listed on the Slackware website.

mozilla-firefox (SSA:2026-014-02)
libpng (SSA:2026-014-01)
mozilla-thunderbird (SSA:2026-014-03)

Slackware 1231 Published by Philipp Esselbach 0

New lcms2 packages are available for Slackware 15.0 and -current to address a security issue. The updated package, lcms2-2.18-i586-1_slack15.0.txz, fixes a heap buffer overflow on convert_utf16_to_utf32() (* Security fix *) and is available from the official FTP site or through additional mirror sites listed on the Slackware website.

lcms2 (SSA:2026-009-01)

Slackware 1231 Published by Philipp Esselbach 0

New libtasn1 packages have been released for Slackware 15.0 and -current to fix a security issue caused by a stack-based buffer overflow. This update fixes CVE-2025-13151, and more information about the vulnerability can be found on the CERT website.

libtasn1 (SSA:2026-008-01)

Slackware 1231 Published by Philipp Esselbach 0

New packages for curl have been released to fix security issues on Slackware 15.0 and -current. The updates address three vulnerabilities: an OpenSSL partial chain store policy bypass, a bearer token leak on cross-protocol redirect, and No QUIC certificate pinning with GnuTLS.

curl (SSA:2026-007-01)

Slackware 1231 Published by Philipp Esselbach 0

New packages for libsodium are available to fix a security issue in Slackware 15.0 and -current. The update fixes an insufficient validation vulnerability in crypto_core_ed25519_is_valid_point() and can be found at the official Slackware FTP site. To upgrade, users should run the "upgradepkg libsodium-1.0.18-i586-4_slack15.0.txz" command as root. The security issue is documented on the CVE website with ID CVE-2025-69277.

libsodium (SSA:2026-006-01)

Slackware 1231 Published by Philipp Esselbach 0

New gnupg2 packages are available for Slackware 15.0 and -current to address security issues, including CVE-2025-68973 and CVE-2025-68972. These updates also include improvements and require the installation of the new libgpg-error package. Additionally, new wget2 packages are available for Slackware 15.0 and -current to address bugs and security issues, including a file overwrite issue with metalink and buffer overflows in get_local_filename_real() and wget_iri_clone(). Users can upgrade these packages by running the command "upgradepkg" as root.

gnupg2 (SSA:2025-364-01)
wget2 (SSA:2025-364-02)

Slackware 1231 Published by Philipp Esselbach 0

New vim packages are available for Slackware 15.0 and -current to address a security issue involving a buffer overflow with incomplete multi-byte characters. The updated packages include vim-9.1.2028-i586-1_slack15.0.txz, vim-gvim-9.1.2028-i586-1_slack15.0.txz, and corresponding packages for Slackware x86_64 15.0 and -current.

vim (SSA:2025-361-01)

Slackware 1231 Published by Philipp Esselbach 0

A security issue has been fixed in the net-snmp packages for Slackware 15.0 and current, with new updates available to fix a critical vulnerability triggered by a specially crafted trap. The update is a result of patches/packages/net-snmp-5.9.3-i586-2_slack15.0.txz, which can be downloaded from the Slackware FTP site or other mirror sites near you.

net-snmp (SSA:2025-359-01)

Slackware 1231 Published by Philipp Esselbach 0

New packages for PHP have been released to address security issues in Slackware 15.0 and -current. The updates fix vulnerabilities in PDO quoting, array_merge(), and getimagesize(). Users can find the updated packages at various mirror sites, including ftp.slackware.com and osuosl.org. To install the new package, users should upgrade as root and then restart Apache httpd.

php (SSA:2025-353-01)

Slackware 1231 Published by Philipp Esselbach 0

Mozilla Firefox has released new packages to fix security issues, available for Slackware 15.0 and -current. The update includes security fixes and improvements, and can be found on the official Mozilla website. To install the update, users should run "upgradepkg mozilla-firefox-140.6.0esr-i686-1_slack15.0.txz" as root.

mozilla-firefox (SSA:2025-343-01)

Slackware 1231 Published by Philipp Esselbach 0

Security updates are available for libpng and httpd packages on Slackware 15.0 and -current. The libpng update fixes a high-severity security issue related to an out-of-bounds read, while the httpd update addresses multiple security issues, including bugs and vulnerabilities that could allow bypasses or data leaks. The updated packages can be downloaded from the Slackware FTP site or other mirror sites listed on the project's website. To install the updates, run the upgradepkg command as root and then restart Apache httpd.

libpng (SSA:2025-338-02)
httpd (SSA:2025-338-01)

Slackware 1231 Published by Philipp Esselbach 0

New libxslt packages are available for Slackware 15.0 and -current to fix security issues. The updates address vulnerabilities including CVE-2025-9714, CVE-2025-7424, and CVE-2025-11731. These fixes were contributed by Apple's engineers, who identified type confusion in xmlNode.psvi between stylesheet and source nodes.

libxslt (SSA:2025-332-01)