glibc (SSA:2025-140-01)
mozilla-thunderbird (SSA:2025-140-02)
glibc (SSA:2025-140-01)
glibc (SSA:2025-140-01)
New glibc packages are available for Slackware 15.0 to fix a security issue.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/aaa_glibc-solibs-2.33-i586-8_slack15.0.txz: Rebuilt.
patches/packages/glibc-2.33-i586-8_slack15.0.txz: Rebuilt.
This update fixes a security issue:
elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH.
A statically linked setuid binary that calls dlopen (including internal
dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)
may incorrectly search LD_LIBRARY_PATH to determine which library to load,
leading to the execution of library code that is attacker controlled.
The only viable vector for exploitation of this bug is local, if a static
setuid program exists, and that program calls dlopen, then it may search
LD_LIBRARY_PATH to locate the SONAME to load. No such program has been
discovered at the time of publishing this advisory, but the presence of
custom setuid programs, although strongly discouraged as a security
practice, cannot be discounted.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-4802
(* Security fix *)
patches/packages/glibc-i18n-2.33-i586-8_slack15.0.txz: Rebuilt.
patches/packages/glibc-profile-2.33-i586-8_slack15.0.txz: Rebuilt.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/aaa_glibc-solibs-2.33-i586-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-2.33-i586-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-i18n-2.33-i586-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-profile-2.33-i586-8_slack15.0.txz
Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/aaa_glibc-solibs-2.33-x86_64-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-2.33-x86_64-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-i18n-2.33-x86_64-8_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-profile-2.33-x86_64-8_slack15.0.txz
MD5 signatures:
+-------------+
Slackware 15.0 packages:
0d6fe8fe463ebaf50ad2f335635d801d aaa_glibc-solibs-2.33-i586-8_slack15.0.txz
4f5f063a67b275a8eab96ace5cadbc7d glibc-2.33-i586-8_slack15.0.txz
59316f8f6f5ecb043da509b615af8061 glibc-i18n-2.33-i586-8_slack15.0.txz
1afddcd24eee4f113e7562c530b73ec1 glibc-profile-2.33-i586-8_slack15.0.txz
Slackware x86_64 15.0 packages:
f0c598d8e66dd091365799e0ed018297 aaa_glibc-solibs-2.33-x86_64-8_slack15.0.txz
2e1bf009814661164c9553c15a9ea5f2 glibc-2.33-x86_64-8_slack15.0.txz
c71a388da759ac908b619c9ef773c8bf glibc-i18n-2.33-x86_64-8_slack15.0.txz
2b356a71d4e6766e9d4bee16c9ed7ac4 glibc-profile-2.33-x86_64-8_slack15.0.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg *glibc-*.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
mozilla-thunderbird (SSA:2025-140-02)
mozilla-thunderbird (SSA:2025-140-02)
New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-128.10.2esr-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.10.2esr/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird128.10.2
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-128.10.2esr-i686-1_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-128.10.2esr-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.10.2esr-i686-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.10.2esr-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 15.0 package:
74dafd3668c3a8859f3d5aa046f8ad92 mozilla-thunderbird-128.10.2esr-i686-1_slack15.0.txz
Slackware x86_64 15.0 package:
59c134bc3651f69185626d641ab1b10d mozilla-thunderbird-128.10.2esr-x86_64-1_slack15.0.txz
Slackware -current package:
a156ec4f759eaebb9eaa4e3e1bf69251 xap/mozilla-thunderbird-128.10.2esr-i686-1.txz
Slackware x86_64 -current package:
51ce89742e623041ee6bd7d3259f7e71 xap/mozilla-thunderbird-128.10.2esr-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-thunderbird-128.10.2esr-i686-1_slack15.0.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
