Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team released SSA:2026-197-01 to update the netatalk package to version 4.5.1 across Slackware 15.0 and the current development branch. This release patches four documented vulnerabilities identified as CVE-2026-62318 through CVE-2026-62321 alongside general code corrections.

netatalk (SSA:2026-197-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team released updated p11-kit packages for versions 15.0 and current to address CVE-2026-13757. This security patch resolves a stack exhaustion flaw caused by unbounded recursion during RPC attribute parsing. Administrators can download the corrected i586 and x86_64 builds directly from the official Slackware FTP server.

p11-kit (SSA:2026-191-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware Linux Security Team released updated tigervnc packages for Slackware 15.0 and the -current branch to patch two critical vulnerabilities in the Xorg server components. The fixes address a heap buffer overflow in the glamor Font Atlas and a use-after-free error during CommonMakeCurrent operations.

tigervnc (SSA:2026-190-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware Linux Security Team released new packages for Slackware 15.0 and -current to patch security vulnerabilities in proftpd, xorg-server, and libXfont2. The proftpd update resolves numerous flaws including stack buffer overflows in MLSD/MLST handling, SQL injection risks in group name lookups, and bypasses of transfer limits that compromise data integrity. Updates for xorg-server address heap buffer overflows in the glamor Font Atlas and a use-after-free error in GLX context tags, linked to CVE-2026-55999 and CVE-2026-56000. The libXfont2 upgrade mitigates three integer overflow and heap buffer overflow issues within bitmap scaling, PCF font parsing, and property computation functions, associated with CVE-2026-56001 through CVE-2026-56003.

proftpd (SSA:2026-189-02)
xorg-server (SSA:2026-189-03)
libXfont2 (SSA:2026-189-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team released SSA:2026-188-01 to address multiple vulnerabilities in the tftp-hpa package. Version 5.4 resolves uninitialized buffer reads, broken path tokenizers, and several buffer overflow flaws that allowed crafted requests to bypass directory restrictions or crash the daemon.

tftp-hpa (SSA:2026-188-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team released patched packages for openssh and c-ares to resolve critical flaws across Slackware 15.0 and -current distributions. The openssh update closes path traversal gaps in sftp and scp, fixes a silent argument truncation bug in sshd, and patches a client-side use-after-free error that triggers during host key reexchanges.

openssh (SSA:2026-187-02)
c-ares (SSA:2026-187-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team distributed updated packages for Slackware 15.0 to patch security flaws in php82 and mutt. The php82 version 8.2.32 update resolves CVE-2026-14355, a memory corruption bug in the zend_mm_heap triggered by openssl_encrypt calls using AES-WRAP-PAD. The mutt version 2.4.1 release eliminates an unsigned integer overflow in imap_cmd_step that allows a malicious IMAP server to shrink a buffer allocation and write data past the end of memory. Administrators need to run upgradepkg as root to apply these fixes, and they must restart the Apache httpd service to complete the php82 installation.

Slackware 15.0 php82 (SSA:2026-186-02)
mutt (SSA:2026-186-01)

Slackware 1278 Published by Philipp Esselbach 0

he Slackware Linux Security Team issued three new package updates to address active vulnerabilities in libevent, Mozilla Thunderbird, and libseccomp. Administrators running Slackware 15.0 or the -current branch can download the patched files for both i586 and x86_64 architectures from the official FTP mirror. The libseccomp update specifically repairs memory corruption and filter weakening bugs, while the other two releases contain broader security patches for affected system modules.

libevent (SSA:2026-182-01)
mozilla-thunderbird (SSA:2026-182-02)
libseccomp (SSA:2026-183-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team has released libarchive 3.8.8 to fix security issues across 15.0 and -current, so you'll want to grab it. Libarchive has been the silent workhorse behind so many compression tasks for years, and it handles quirky formats way better than most alternatives.

libarchive (SSA:2026-174-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team just rolled out a major security update that patches critical vulnerabilities across five essential packages for both Slackware 15.0 and current development branches. Mozilla Thunderbird and Firefox now ship with updated ESR builds that close dozens of memory safety flaws, while OpenSSL received carefully backported fixes for heap overreads and use-after-free errors. The remaining updates tackle a dangerous out-of-bounds read in libidn alongside a DNS64 response corruption bug that previously allowed corrupted data to reach clients. You can grab the verified packages from official FTP mirrors right now and apply them quickly using standard upgrade commands to keep your systems protected.

mozilla-thunderbird (SSA:2026-168-04)
mozilla-firefox (SSA:2026-168-03)
openssl (SSA:2026-168-05)
libidn (SSA:2026-168-02)
bind (SSA:2026-168-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware 15.0 has released a critical security update for its Samba package to address multiple high severity vulnerabilities. This new version patches dangerous flaws that could allow unauthenticated attackers to execute arbitrary code or bypass authentication mechanisms. Administrators should prioritize installing the upgrade immediately to protect their file sharing and directory services from potential compromise. You can download the updated packages directly from the official Slackware FTP server and apply them using the standard package upgrade command.

samba (SSA:2026-158-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware Linux has released urgent security patches for libinput and dnsmasq to address critical vulnerabilities in versions 15.0 and the rolling current branch. The libinput update resolves an unescaped physical output flaw that could potentially allow arbitrary root code execution through malicious udev properties, though local access restrictions currently limit immediate exploitation risk. Meanwhile, the dnsmasq upgrade addresses a separate memory corruption flaw that triggers during unusually long domain lookups. Administrators should grab the new files from official FTP mirrors and run the standard root installation commands right away to keep their systems secure.

libinput (SSA:2026-155-02)
dnsmasq (SSA:2026-155-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team has released a comprehensive security advisory addressing multiple critical vulnerabilities across five core system packages. Administrators running Slackware 15.0 or the current development branch should immediately apply these patches to protect against resource exhaustion attacks, SQL injection flaws, and dangerous buffer overflow exploits in their web servers, FTP daemons, remote desktop clients, network utilities, and X window infrastructure.

httpd (SSA:2026-154-01)
proftpd (SSA:2026-154-03)
tigervnc (SSA:2026-154-05)
net-tools (SSA:2026-154-02)
xorg-server (SSA:2026-154-04)

Slackware 1278 Published by Philipp Esselbach 0

Slackware Linux administrators should apply the new SSA:2026-152-01 kernel update right away because it patches several dangerous flaws inside the rxrpc networking module. This release targets both the stable 15.0 branch and the rolling current version while fixing issues related to ticket validation and key handling that could compromise system integrity. Package downloads are available for various architecture combinations including generic SMP builds and standard x86_64 distributions. After installing the updated files you will need to regenerate your initrd image and double check bootloader configurations before rebooting your server or workstation.

kernel (SSA:2026-152-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team released updated Thunderbird packages to patch security vulnerabilities in both the stable 15.0 release and the current development branch. You can download the new files from official FTP mirrors or locate nearby servers through the main project website. Installing the update only requires running a single upgradepkg command while logged in as root.

mozilla-thunderbird (SSA:2026-146-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware just pushed out new kernel packages for version 15.0 and the current development branch to fix critical network security flaws. The patches target how shared fragment markers move through buffer transfer helpers and coalescing routines, which directly resolves CVE-2026-43503 alongside CVE-2026-46300.

kernel (SSA:2026-144-01)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team has rolled out urgent security patches for both the bind and rsync utilities to address several critical vulnerabilities. These updates tackle serious flaws ranging from local privilege escalation and memory disclosure to unbounded recursion loops and symlink race conditions. You can grab the new binary packages directly from official mirrors, with builds ready for i586 and x86_64 systems running either Slackware 15.0 or the rolling current branch.

bind (SSA:2026-141-01)
rsync (SSA:2026-141-02)

Slackware 1278 Published by Philipp Esselbach 0

The Slackware Linux Security Team has released urgent updates for Thunderbird, Firefox, and haveged to address multiple vulnerabilities in versions 15.0 and the current development branch. These patches resolve several critical flaws that could allow attackers to exploit browser weaknesses or gain unauthorized root access through a missing permission check in the entropy daemon.

mozilla-thunderbird (SSA:2026-139-03)
mozilla-firefox (SSA:2026-139-02)
haveged (SSA:2026-139-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware Linux has pushed out urgent security patches for the kernel alongside a separate update for dnsmasq, covering both the 15.0 stable release and the rolling current branch. That kernel fix tackles a specific ptrace vulnerability involving get_dumpable logic, while the dnsmasq refresh quietly resolves several distinct CVEs that could mess with DNS resolution services. Administrators need to run upgradepkg as root to install everything, though you must also regenerate initrd files on machines that actually use them. Just double check your bootloader settings before hitting restart so the system boots properly into the updated environment.

kernel (SSA:2026-135-02)
dnsmasq (SSA:2026-135-01)

Slackware 1278 Published by Philipp Esselbach 0

Slackware has released updated expat packages to address a critical security flaw in versions 15.0 and current development releases. The vulnerability stems from quadratic runtime complexity during attribute name collision checks, which attackers could exploit through moderately sized crafted XML files. Compressed XML payloads can make this denial of service threat even more efficient to execute. Administrators should download the patched binaries from official mirrors and apply them using standard upgrade procedures to secure their systems.

expat (SSA:2026-132-01)