The Slackware Linux Security Team has rolled out urgent security patches for both the bind and rsync utilities to address several critical vulnerabilities. These updates tackle serious flaws ranging from local privilege escalation and memory disclosure to unbounded recursion loops and symlink race conditions. You can grab the new binary packages directly from official mirrors, with builds ready for i586 and x86_64 systems running either Slackware 15.0 or the rolling current branch.

bind (SSA:2026-141-01)
rsync (SSA:2026-141-02)

bind (SSA:2026-141-01)

bind (SSA:2026-141-01)

New bind packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.18.49-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix outgoing zone transfers' quota issue.
Limit resolver server list size.
Fix GSS-API resource leak.
Avoid unbounded recursion loop.
Disable recursion, UPDATE, and NOTIFY for non-IN views.
For more information, see:
https://kb.isc.org/docs/CVE-2026-3592
https://kb.isc.org/docs/CVE-2026-3039
https://kb.isc.org/docs/CVE-2026-5947
https://kb.isc.org/docs/CVE-2026-5950
https://kb.isc.org/docs/CVE-2026-5946
https://www.cve.org/CVERecord?id=CVE-2026-3592
https://www.cve.org/CVERecord?id=CVE-2026-3039
https://www.cve.org/CVERecord?id=CVE-2026-5947
https://www.cve.org/CVERecord?id=CVE-2026-5950
https://www.cve.org/CVERecord?id=CVE-2026-5946
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bind-9.18.49-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bind-9.18.49-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.20.23-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.20.23-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
b4d30885919c3fbc89a80c3cd416ac84 bind-9.18.49-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
0939e816b1254b7cc7e8dd504cfedd90 bind-9.18.49-x86_64-1_slack15.0.txz

Slackware -current package:
06611b701bad066cc8f4229fb64c9d3c n/bind-9.20.23-i686-1.txz

Slackware x86_64 -current package:
44eeed2d1936283648675fc6126dbad3 n/bind-9.20.23-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.18.49-i586-1_slack15.0.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

rsync (SSA:2026-141-02)

rsync (SSA:2026-141-02)

New rsync packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/rsync-3.4.3-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
TOCTOU symlink race condition allowing local privilege escalation in daemon
mode without chroot.
Hostname/ACL bypass on an rsync daemon configured with `daemon chroot = /X`
in rsyncd.conf when the chroot tree lacks DNS resolution support.
Integer overflow in the compressed-token decoder enabling remote memory
disclosure to an authenticated daemon peer.
Symlink races on path-based system calls in "use chroot = no" daemon mode.
Out-of-bounds read in the receiver's recv_files() enabling remote
denial-of-service of any client pulling from a malicious server.
Off-by-one out-of-bounds stack write in the rsync client's HTTP CONNECT proxy
handler (`establish_proxy_connection()` in `socket.c`).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-29518
https://www.cve.org/CVERecord?id=CVE-2026-43617
https://www.cve.org/CVERecord?id=CVE-2026-43618
https://www.cve.org/CVERecord?id=CVE-2026-43619
https://www.cve.org/CVERecord?id=CVE-2026-43620
https://www.cve.org/CVERecord?id=CVE-2026-45232
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/rsync-3.4.3-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/rsync-3.4.3-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-3.4.3-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/rsync-3.4.3-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
89c174591e23e2bd164e3ac9b152b21e rsync-3.4.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
c6db038250d687970e1f039efb040e45 rsync-3.4.3-x86_64-1_slack15.0.txz

Slackware -current package:
648608b442b5ea5d03e60d4276e78755 n/rsync-3.4.3-i686-1.txz

Slackware x86_64 -current package:
542590e7c3365b568d47b3e4c3de9773 n/rsync-3.4.3-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg rsync-3.4.3-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key