Two security updates have been released for Slackware Linux. The first update fixes a vulnerability in the telnet package (SSA:2026-059-02), which can be exploited by an unauthenticated remote attacker to execute arbitrary code on the server running telnetd. This should only be used on isolated networks where security is not a concern. The second update addresses two security issues in the gvfs package (SSA:2026-059-01). These vulnerabilities have been patched, and users are advised to upgrade their packages as soon as possible.

telnet (SSA:2026-059-02)
gvfs (SSA:2026-059-01)

telnet (SSA:2026-059-02)

telnet (SSA:2026-059-02)

New telnet packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/telnet-0.17-i586-7_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The nextitem() function in telnetd/utility.c has no bounds checking in the SB
(suboption) case. The for(;;) loop scans past nfrontp into uncontrolled
memory. This can be exploited by an unauthenticated remote attacker to
execute arbitrary code on the server running telnetd.
Please note that while telnet itself is a useful utility for network testing,
telnetd is a legacy application which should generally not be used. If it is
used, it should be used only on isolated networks where there is no
expectation of security.
Thanks to r1w1s1.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2020-10188
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/telnet-0.17-i586-7_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/telnet-0.17-x86_64-7_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/telnet-0.17-i686-8.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/telnet-0.17-x86_64-8.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
10eb364f2d249ba78d42246d930b3508 telnet-0.17-i586-7_slack15.0.txz

Slackware x86_64 15.0 package:
ba5efc35508d71ba7b4a6ddddeb6437d telnet-0.17-x86_64-7_slack15.0.txz

Slackware -current package:
4ec614b7b2b62d09c7fcd3d06f0534ad n/telnet-0.17-i686-8.txz

Slackware x86_64 -current package:
919b8efee781d7ab4b5587d8e0457368 n/telnet-0.17-x86_64-8.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg telnet-0.17-i586-7_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

gvfs (SSA:2026-059-01)

gvfs (SSA:2026-059-01)

New gvfs packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/gvfs-1.48.1-i586-2_slack15.0.txz: Rebuilt.
This update fixes security issues:
ftp: Use control connection address for PASV data.
ftp: Reject paths containing CR/LF characters.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-28295
https://www.cve.org/CVERecord?id=CVE-2026-28296
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gvfs-1.48.1-i586-2_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gvfs-1.48.1-x86_64-2_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gvfs-1.58.2-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gvfs-1.58.2-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
41f2dcfe3d3cf1340d4849dc49cf8087 gvfs-1.48.1-i586-2_slack15.0.txz

Slackware x86_64 15.0 package:
e1b3f58a21c78220f6b6e21b8d1943bd gvfs-1.48.1-x86_64-2_slack15.0.txz

Slackware -current package:
86ea4645fc39319eaa7e83175eded68e l/gvfs-1.58.2-i686-1.txz

Slackware x86_64 -current package:
bf28cf5385da6abe28fd74b3784350cd l/gvfs-1.58.2-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gvfs-1.48.1-i586-2_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key