Slackware 1272 Published by

The Slackware Linux Security Team distributed updated packages for Slackware 15.0 to patch security flaws in php82 and mutt. The php82 version 8.2.32 update resolves CVE-2026-14355, a memory corruption bug in the zend_mm_heap triggered by openssl_encrypt calls using AES-WRAP-PAD. The mutt version 2.4.1 release eliminates an unsigned integer overflow in imap_cmd_step that allows a malicious IMAP server to shrink a buffer allocation and write data past the end of memory. Administrators need to run upgradepkg as root to apply these fixes, and they must restart the Apache httpd service to complete the php82 installation.

Slackware 15.0 php82 (SSA:2026-186-02)
mutt (SSA:2026-186-01)




Slackware 15.0 php82 (SSA:2026-186-02)


Slackware 15.0 php82 (SSA:2026-186-02)

New php82 packages are available for Slackware 15.0 to fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/php82/php82-8.2.32-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
OpenSSL: Fixed memory corruption (zend_mm_heap corrupted) in
openssl_encrypt with AES-WRAP-PAD.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.32
https://www.cve.org/CVERecord?id=CVE-2026-14355
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php82/php82-8.2.32-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php82/php82-8.2.32-x86_64-1_slack15.0.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
6e948264ef1adc2aac308e4fa0383568 php82-8.2.32-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
1d99e9a7f7d95ad8423ac85d52351506 php82-8.2.32-x86_64-1_slack15.0.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg php82-8.2.32-i586-1_slack15.0.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mutt (SSA:2026-186-01)


mutt (SSA:2026-186-01)

New mutt packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mutt-2.4.1-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Prevent unsigned int overflow in imap_cmd_step buffer growth.
The idata->blen field is unsigned int (32-bit) while the companion
variable len is size_t (64-bit on LP64). When a malicious IMAP server
sends a response line longer than UINT_MAX bytes without newline, the
expression wraps to a small value, causing safe_realloc() to shrink the
buffer while len retains its original huge value. The subsequent
mutt_socket_readln() then writes far past the shrunken allocation.
Fix by changing idata->blen from unsigned int to size_t, matching the
type of len and preventing the overflow on all platforms.
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mutt-2.4.1-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mutt-2.4.1-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mutt-2.4.1-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/mutt-2.4.1-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
f11f2ee43019a8d4dfe091b9847edb26 mutt-2.4.1-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
4ec2b1a46429b01ba5cd0802ade731f2 mutt-2.4.1-x86_64-1_slack15.0.txz

Slackware -current package:
2118fea459aa2b9f2189234c4d915606 n/mutt-2.4.1-i686-1.txz

Slackware x86_64 -current package:
e6718228d75941323740361ca6a90114 n/mutt-2.4.1-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mutt-2.4.1-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key