Slackware 1132 Published by

The following security updates have been released for Slackware Linux:

glibc (SSA:2024-205-02)
mozilla-thunderbird (SSA:2024-205-03)
bind (SSA:2024-205-01)




glibc (SSA:2024-205-02)


glibc (SSA:2024-205-02)

New glibc packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/aaa_glibc-solibs-2.33-i586-7_slack15.0.txz: Rebuilt.
patches/packages/glibc-2.33-i586-7_slack15.0.txz: Rebuilt.
This update fixes security issues:
nscd: Stack-based buffer overflow in netgroup cache.
nscd: Null pointer crash after notfound response.
nscd: netgroup cache may terminate daemon on memory allocation failure.
nscd: netgroup cache assumes NSS callback uses in-buffer strings.
These vulnerabilities were only present in the nscd binary.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-33599
https://www.cve.org/CVERecord?id=CVE-2024-33600
https://www.cve.org/CVERecord?id=CVE-2024-33601
https://www.cve.org/CVERecord?id=CVE-2024-33602
(* Security fix *)
patches/packages/glibc-i18n-2.33-i586-7_slack15.0.txz: Rebuilt.
patches/packages/glibc-profile-2.33-i586-7_slack15.0.txz: Rebuilt.
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/aaa_glibc-solibs-2.33-i586-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-2.33-i586-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-i18n-2.33-i586-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-profile-2.33-i586-7_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-2.33-x86_64-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/aaa_glibc-solibs-2.40-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.40-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.40-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.40-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/aaa_glibc-solibs-2.40-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.40-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.40-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.40-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 packages:
66f7ee59e3665668d791b8c4e5de48ed aaa_glibc-solibs-2.33-i586-7_slack15.0.txz
4d45eb6472c1ebb81c60eb8b3d6bf1a1 glibc-2.33-i586-7_slack15.0.txz
7a0678e346991c74368cd2f00c36bc2a glibc-i18n-2.33-i586-7_slack15.0.txz
1d69d0c0e313aa8858dde9ded66da53d glibc-profile-2.33-i586-7_slack15.0.txz

Slackware x86_64 15.0 packages:
8988733b34ff060b8d21645fbcdc7865 aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz
73bacfb1b9dad7413a3f28f3569a5e31 glibc-2.33-x86_64-7_slack15.0.txz
b94067e08eefe91cc6653f2d2b227c93 glibc-i18n-2.33-x86_64-7_slack15.0.txz
d3233661b844b3ff85f526e2144d29f9 glibc-profile-2.33-x86_64-7_slack15.0.txz

Slackware -current packages:
5e75b97b86d815f783d154c45684ee9d a/aaa_glibc-solibs-2.40-i686-1.txz
4289505bfb9560119a23d8f59878eb5e l/glibc-2.40-i686-1.txz
f74f6235a46e94c480f91a0055d032ed l/glibc-i18n-2.40-i686-1.txz
1e8f0a3f3b5896bfbab3c555cb0ca373 l/glibc-profile-2.40-i686-1.txz

Slackware x86_64 -current packages:
9723996a8d43c5c002efcd107e3f30bc a/aaa_glibc-solibs-2.40-x86_64-1.txz
c239b1893aa82ddfe7c8f03a993bfc32 l/glibc-2.40-x86_64-1.txz
49426d6a57eae1177a51595fa7907ed5 l/glibc-i18n-2.40-x86_64-1.txz
3c23430267ab63eb71a1917b6acf942b l/glibc-profile-2.40-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg *glibc-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mozilla-thunderbird (SSA:2024-205-03)


mozilla-thunderbird (SSA:2024-205-03)

New mozilla-thunderbird packages are available for Slackware 15.0 to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
https://www.cve.org/CVERecord?id=CVE-2024-6600
https://www.cve.org/CVERecord?id=CVE-2024-6601
https://www.cve.org/CVERecord?id=CVE-2024-6602
https://www.cve.org/CVERecord?id=CVE-2024-6603
https://www.cve.org/CVERecord?id=CVE-2024-6604
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
5a94fb8c8ef1abe421365be729502d02 mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
1922a1ac45a5e3bb495ac45640b27f8b mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



bind (SSA:2024-205-01)


bind (SSA:2024-205-01)

New bind packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.18.28-i586-1_slack15.0.txz: Upgraded.
Please note that we have moved to the 9.18 branch, as 9.16 is EOL.
This update fixes security issues:
Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
qctx-zversion was not being cleared when it should have been leading to
an assertion failure if it needed to be reused.
An excessively large number of rrtypes per owner can slow down database query
processing, so a limit has been placed on the number of rrtypes that can be
stored per owner (node) in a cache or zone database. This is configured with
the new "max-rrtypes-per-name" option, and defaults to 100.
Excessively large rdatasets can slow down database query processing, so a
limit has been placed on the number of records that can be stored per
rdataset in a cache or zone database. This is configured with the new
"max-records-per-type" option, and defaults to 100.
Malicious DNS client that sends many queries over TCP but never reads
responses can cause server to respond slowly or not respond at all for other
clients.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-1975
https://www.cve.org/CVERecord?id=CVE-2024-4076
https://www.cve.org/CVERecord?id=CVE-2024-1737
https://www.cve.org/CVERecord?id=CVE-2024-0760
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bind-9.18.28-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.18.28-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.18.28-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
954f9cca537e723f6c4bfdbb469b4f95 bind-9.18.28-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
35f81a16cb25fe6d13254d823ca400e3 bind-9.18.28-x86_64-1_slack15.0.txz

Slackware -current package:
bfdca4639f7dda0753bacd2aa1bbb613 n/bind-9.18.28-i686-1.txz

Slackware x86_64 -current package:
f8e130f5a00b026e43f92aacda745b6c n/bind-9.18.28-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.18.28-i586-1_slack15.0.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key