Mozilla Firefox and Thunderbird packages have been updated for Slackware 15.0 and -current to fix security issues, including a heap buffer overflow in libvpx. The new packages can be found on the official Slackware FTP servers or mirror sites near you, and the MD5 signatures are provided for verification. Additionally, a new lrzip package is available to address multiple potential security issues with crafted or corrupt archives. Users should upgrade the packages as root by running the "upgradepkg" command with the corresponding package name.

mozilla-firefox (SSA:2026-047-03)
mozilla-thunderbird (SSA:2026-047-04)
lrzip (SSA:2026-047-02)
libssh (SSA:2026-047-01)

mozilla-firefox (SSA:2026-047-03)

mozilla-firefox (SSA:2026-047-03)

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-140.7.1esr-i686-1_slack15.0.txz: Upgraded.
This update contains a security fix:
Heap buffer overflow in libvpx.
For more information, see:
https://www.mozilla.org/en-US/firefox/140.7.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2026-10/
https://www.cve.org/CVERecord?id=CVE-2026-2447
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-140.7.1esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-140.7.1esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-140.7.1esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-140.7.1esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
018fc1430949692045989e41d955b350 mozilla-firefox-140.7.1esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
5af41a5705846a3d8ee3967767924a1b mozilla-firefox-140.7.1esr-x86_64-1_slack15.0.txz

Slackware -current package:
e86b0d6b35b638b2c37ed1cc7828f308 xap/mozilla-firefox-140.7.1esr-i686-1.txz

Slackware x86_64 -current package:
6a5b40d6e697d747c3b6dc1d7ccf6848 xap/mozilla-firefox-140.7.1esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-140.7.1esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-thunderbird (SSA:2026-047-04)

mozilla-thunderbird (SSA:2026-047-04)

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-140.7.2esr-i686-1_slack15.0.txz: Upgraded.
This update contains a security fix:
Heap buffer overflow in libvpx.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/140.7.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
https://www.cve.org/CVERecord?id=CVE-2026-2447
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.7.2esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.7.2esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.7.2esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.7.2esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
d9e5e02ffc93e069f0da35af2416d791 mozilla-thunderbird-140.7.2esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
0973e09576099cd1ca7e60c4ab9af749 mozilla-thunderbird-140.7.2esr-x86_64-1_slack15.0.txz

Slackware -current package:
cc6c3bea9160ef3e27fe8e676b988527 xap/mozilla-thunderbird-140.7.2esr-i686-1.txz

Slackware x86_64 -current package:
d4f235f9fe83e7c4d2c8f1573538857c xap/mozilla-thunderbird-140.7.2esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-140.7.2esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

lrzip (SSA:2026-047-02)

lrzip (SSA:2026-047-02)

New lrzip packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/lrzip-0.660-i586-1_slack15.0.txz: Upgraded.
Address multiple potential security issues with crafted or corrupt archives.
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/lrzip-0.660-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/lrzip-0.660-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/lrzip-0.660-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/lrzip-0.660-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
7b7195853cd42008bbd327cc88a07cfa lrzip-0.660-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
50fd7554d133d65497d024504718589f lrzip-0.660-x86_64-1_slack15.0.txz

Slackware -current package:
c270926a910420338e7d75da75fda273 a/lrzip-0.660-i686-1.txz

Slackware x86_64 -current package:
e066a5ac143089cbccf361730706a5a9 a/lrzip-0.660-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg lrzip-0.660-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

libssh (SSA:2026-047-01)

libssh (SSA:2026-047-01)

New libssh packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libssh-0.11.4-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
SCP Protocol Path Traversal in ssh_scp_pull_request().
Possible Denial of Service when parsing unexpected configuration files.
Buffer underflow in ssh_get_hexa() on invalid input.
Specially crafted patterns could cause DoS.
OOB Read in sftp_parse_longname().
Read buffer overrun when handling SFTP extensions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-0964
https://www.cve.org/CVERecord?id=CVE-2026-0965
https://www.cve.org/CVERecord?id=CVE-2026-0966
https://www.cve.org/CVERecord?id=CVE-2026-0967
https://www.cve.org/CVERecord?id=CVE-2026-0968
https://www.cve.org/CVERecord?id=CVE-2025-14821
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libssh-0.11.4-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libssh-0.11.4-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh-0.12.0-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh-0.12.0-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
6e38d953e70fab3bbaf71ffb7767e7ca libssh-0.11.4-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
2612a06767b846a2570a5a21aa9dc952 libssh-0.11.4-x86_64-1_slack15.0.txz

Slackware -current package:
c01f2c0005c856bcaadba31b7987fd9d l/libssh-0.12.0-i686-1.txz

Slackware x86_64 -current package:
d3344ea8e62522bb03eead6e2d34f9a4 l/libssh-0.12.0-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libssh-0.11.4-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key