HTTPd, Proftpd, TigerVNC, Net-Tools, and Xorg-Server updates for Slackware

Slackware 1266 Published by

The Slackware Linux Security Team has released a comprehensive security advisory addressing multiple critical vulnerabilities across five core system packages. Administrators running Slackware 15.0 or the current development branch should immediately apply these patches to protect against resource exhaustion attacks, SQL injection flaws, and dangerous buffer overflow exploits in their web servers, FTP daemons, remote desktop clients, network utilities, and X window infrastructure.

httpd (SSA:2026-154-01)
proftpd (SSA:2026-154-03)
tigervnc (SSA:2026-154-05)
net-tools (SSA:2026-154-02)
xorg-server (SSA:2026-154-04)




httpd (SSA:2026-154-01)


httpd (SSA:2026-154-01)

New httpd packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.67-i586-2_slack15.0.txz: Rebuilt.
This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service
attack against HTTP/2.
For more information, see:
https://seclists.org/oss-sec/2026/q2/790
https://www.cve.org/CVERecord?id=CVE-2026-49975
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.67-i586-2_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.67-x86_64-2_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.67-i686-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.67-x86_64-2.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
fe1db72c286841174ff38534c6e6918d httpd-2.4.67-i586-2_slack15.0.txz

Slackware x86_64 15.0 package:
b14dd1a6d97a842eee7a5ecd7b8f0855 httpd-2.4.67-x86_64-2_slack15.0.txz

Slackware -current package:
eee9bd40cb210f87590334e724d2bde0 n/httpd-2.4.67-i686-2.txz

Slackware x86_64 -current package:
594fcc2edd5ca2f41a3aade3b7d467bb n/httpd-2.4.67-x86_64-2.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg httpd-2.4.67-i586-2_slack15.0.txz

Then, restart Apache httpd:

# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



proftpd (SSA:2026-154-03)


proftpd (SSA:2026-154-03)

New proftpd packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.9b-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Additional fixes for SQL injection, notably for handling `%{env:...}`
and `%{note:...}` variables.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-42167
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/proftpd-1.3.9b-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/proftpd-1.3.9b-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.9b-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.9b-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
c1fb9d4ddf43f8619964b363c010e157 proftpd-1.3.9b-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
414ccbd2e9faee806d141bf5c488cdc3 proftpd-1.3.9b-x86_64-1_slack15.0.txz

Slackware -current package:
432397c14bc54c0ffd6af3f1f54da8af n/proftpd-1.3.9b-i686-1.txz

Slackware x86_64 -current package:
264fbc075d665f23b1c93b652fdbec15 n/proftpd-1.3.9b-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg proftpd-1.3.9b-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



tigervnc (SSA:2026-154-05)


tigervnc (SSA:2026-154-05)

New tigervnc packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/tigervnc/tigervnc-1.16.2-i586-3_slack15.0.txz: Rebuilt.
Patched with fixes for the following xorg-server security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.16.2-i586-3_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.16.2-x86_64-3_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.16.2-i686-3.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.16.2-x86_64-3.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
eaf51937d37bdf8d1204ac5a74859506 tigervnc-1.16.2-i586-3_slack15.0.txz

Slackware x86_64 15.0 package:
34af31b00f6c9f3d094a35a337ffc7eb tigervnc-1.16.2-x86_64-3_slack15.0.txz

Slackware -current package:
81605676b5d7d65e596513d54cbd7733 tigervnc-1.16.2-i686-3.txz

Slackware x86_64 -current package:
6a74733c7d334054aa701fde5750fa6e tigervnc-1.16.2-x86_64-3.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg tigervnc-1.16.2-i586-3_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



net-tools (SSA:2026-154-02)


net-tools (SSA:2026-154-02)

New net-tools packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/net-tools-20181103_0eebece-i586-4_slack15.0.txz: Rebuilt.
This update fixes a security issue:
interface.c: Stack-based Buffer Overflow in get_name().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-46836
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/net-tools-20181103_0eebece-i586-4_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/net-tools-20181103_0eebece-x86_64-4_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/net-tools-20181103_0eebece-i686-4.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/net-tools-20181103_0eebece-x86_64-4.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
828dd667d8030e4ddc4706730dd48eda net-tools-20181103_0eebece-i586-4_slack15.0.txz

Slackware x86_64 15.0 package:
b2ed660e6785b0a5f00e745c46b6055e net-tools-20181103_0eebece-x86_64-4_slack15.0.txz

Slackware -current package:
aba145e3ade4832f9f7bdeb3b670a42d n/net-tools-20181103_0eebece-i686-4.txz

Slackware x86_64 -current package:
70893d47aabe9ebc1e8f2ed0cf46a19c n/net-tools-20181103_0eebece-x86_64-4.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg net-tools-20181103_0eebece-i586-4_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



xorg-server (SSA:2026-154-04)


xorg-server (SSA:2026-154-04)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-20_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.12-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.12-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
cbfac0caca2fc2edd2228b857c15e2e9 xorg-server-1.20.14-i586-20_slack15.0.txz
989c3361e90dfd378821ea34e7751260 xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz
06dd4ee0ce1689ee00e14b1766b31d5e xorg-server-xnest-1.20.14-i586-20_slack15.0.txz
2b1ed9bb753576011b1106d1d23b4321 xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz
7f0369f809d460fc7dc1f6ea670fa3a3 xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz

Slackware x86_64 15.0 package:
3549b9c524b4b2436be6e2e98a8bda08 xorg-server-1.20.14-x86_64-20_slack15.0.txz
46ee24c23d38fbb0553887380af8084b xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz
83664609d51c656ce0de22db26b39a6f xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz
033150aaba698c643a1e83603fc954ce xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz
7bb0e6fec7dd96f690a8a5da3d71fcc7 xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz

Slackware -current package:
e3593e978a2b547489ef619c7f43418e x/xorg-server-21.1.23-i686-1.txz
cd72be47541994bc4daa892ce24b0822 x/xorg-server-xephyr-21.1.23-i686-1.txz
aa77f9979ebfc4695dd065b819e34c94 x/xorg-server-xnest-21.1.23-i686-1.txz
bebb97459412a7756dec668d20175f40 x/xorg-server-xvfb-21.1.23-i686-1.txz
9b89c94db354f501cce09a88458996c4 x/xorg-server-xwayland-24.1.12-i686-1.txz

Slackware x86_64 -current package:
192a9167288aab1a1cd01b853195e22f x/xorg-server-21.1.23-x86_64-1.txz
1c4cace35ff4c181ced324d04072d1c9 x/xorg-server-xephyr-21.1.23-x86_64-1.txz
079fe68315de3bf3fe8ed4474b4f6ca1 x/xorg-server-xnest-21.1.23-x86_64-1.txz
e8370dae55b2d59f4e8b10e707c9ac2a x/xorg-server-xvfb-21.1.23-x86_64-1.txz
631bad1a1d891e2f48224ad25a40d00f x/xorg-server-xwayland-24.1.12-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xorg-server-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


Firefox, Samba, Kernel, and OpenShift updates for RHEL

Cloudflared, Apptainer, Memcached, and several Python libraries updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...