LibPNG and HTTPd updates for Slackware

Slackware 1213 Published by

Security updates are available for libpng and httpd packages on Slackware 15.0 and -current. The libpng update fixes a high-severity security issue related to an out-of-bounds read, while the httpd update addresses multiple security issues, including bugs and vulnerabilities that could allow bypasses or data leaks. The updated packages can be downloaded from the Slackware FTP site or other mirror sites listed on the project's website. To install the updates, run the upgradepkg command as root and then restart Apache httpd.

libpng (SSA:2025-338-02)
httpd (SSA:2025-338-01)




libpng (SSA:2025-338-02)


libpng (SSA:2025-338-02)

New libpng packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libpng-1.6.52-i586-1_slack15.0.txz: Upgraded.
This update fixes a high severity security issue:
Out-of-bounds read in `png_image_read_composite`.
(Reported by flyfish101 [flyfish101@users.noreply.github.com].)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-66293
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libpng-1.6.52-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libpng-1.6.52-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.52-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.52-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
b00df602f8ed65aabb916e2f86cd288e libpng-1.6.52-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
c92349c6018caa17ea90c049ed74c49b libpng-1.6.52-x86_64-1_slack15.0.txz

Slackware -current package:
4be4871eda12282ff81e475bb99e89be l/libpng-1.6.52-i686-1.txz

Slackware x86_64 -current package:
52809e7b1d1433b7ea70673b3e48f2de l/libpng-1.6.52-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.6.52-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



httpd (SSA:2025-338-01)


httpd (SSA:2025-338-01)

New httpd packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.66-i586-1_slack15.0.txz: Upgraded.
This release fixes bugs and the following security issues:
mod_userdir+suexec bypass via AllowOverride FileInfo.
CGI environment variable override.
NTLM Leakage on Windows through UNC SSRF.
Server Side Includes adds query string to #exec cmd=...
mod_md (ACME), unintended retry intervals.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.66
https://www.cve.org/CVERecord?id=CVE-2025-66200
https://www.cve.org/CVERecord?id=CVE-2025-65082
https://www.cve.org/CVERecord?id=CVE-2025-59775
https://www.cve.org/CVERecord?id=CVE-2025-58098
https://www.cve.org/CVERecord?id=CVE-2025-55753
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.66-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.66-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.66-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.66-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
20e1b1b8816f80a516397fee255a16f8 httpd-2.4.66-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
c51ceeac514d409cb6befe6d94af2a1a httpd-2.4.66-x86_64-1_slack15.0.txz

Slackware -current package:
64868bc16927fb0431ab2dc8f968d9e6 n/httpd-2.4.66-i686-1.txz

Slackware x86_64 -current package:
4948bd06e3629f4b498eb727afde2356 n/httpd-2.4.66-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg httpd-2.4.66-i586-1_slack15.0.txz

Then, restart Apache httpd:

# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


Systemd security update for AlmaLinux 9

Chromium, MozJS, ChromeDriver, Kernel, Python-Mistralclient updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...