Thunderbird, Firefox, Haveged updates for Slackware

Slackware 1261 Published by

The Slackware Linux Security Team has released urgent updates for Thunderbird, Firefox, and haveged to address multiple vulnerabilities in versions 15.0 and the current development branch. These patches resolve several critical flaws that could allow attackers to exploit browser weaknesses or gain unauthorized root access through a missing permission check in the entropy daemon.

mozilla-thunderbird (SSA:2026-139-03)
mozilla-firefox (SSA:2026-139-02)
haveged (SSA:2026-139-01)




mozilla-thunderbird (SSA:2026-139-03)


mozilla-thunderbird (SSA:2026-139-03)

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-140.11.0esr-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/140.11.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
https://www.cve.org/CVERecord?id=CVE-2026-8946
https://www.cve.org/CVERecord?id=CVE-2026-8388
https://www.cve.org/CVERecord?id=CVE-2026-8947
https://www.cve.org/CVERecord?id=CVE-2026-8391
https://www.cve.org/CVERecord?id=CVE-2026-8401
https://www.cve.org/CVERecord?id=CVE-2026-8949
https://www.cve.org/CVERecord?id=CVE-2026-8950
https://www.cve.org/CVERecord?id=CVE-2026-8953
https://www.cve.org/CVERecord?id=CVE-2026-8954
https://www.cve.org/CVERecord?id=CVE-2026-8955
https://www.cve.org/CVERecord?id=CVE-2026-8956
https://www.cve.org/CVERecord?id=CVE-2026-8957
https://www.cve.org/CVERecord?id=CVE-2026-8958
https://www.cve.org/CVERecord?id=CVE-2026-8959
https://www.cve.org/CVERecord?id=CVE-2026-8961
https://www.cve.org/CVERecord?id=CVE-2026-8962
https://www.cve.org/CVERecord?id=CVE-2026-8968
https://www.cve.org/CVERecord?id=CVE-2026-8970
https://www.cve.org/CVERecord?id=CVE-2026-8974
https://www.cve.org/CVERecord?id=CVE-2026-8975
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.11.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.11.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.11.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.11.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
0161dca4782fef882b107dd0723792e1 mozilla-thunderbird-140.11.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
f274af98019427b32a90f7400f16f230 mozilla-thunderbird-140.11.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
e750bf915472f0f55ba7574ec6818ca4 xap/mozilla-thunderbird-140.11.0esr-i686-1.txz

Slackware x86_64 -current package:
0a5eed54c26c695b379ccd692cede3b8 xap/mozilla-thunderbird-140.11.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-140.11.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mozilla-firefox (SSA:2026-139-02)


mozilla-firefox (SSA:2026-139-02)

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-140.11.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/140.11.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2026-48
https://www.cve.org/CVERecord?id=CVE-2026-8946
https://www.cve.org/CVERecord?id=CVE-2026-8388
https://www.cve.org/CVERecord?id=CVE-2026-8947
https://www.cve.org/CVERecord?id=CVE-2026-8391
https://www.cve.org/CVERecord?id=CVE-2026-8401
https://www.cve.org/CVERecord?id=CVE-2026-8949
https://www.cve.org/CVERecord?id=CVE-2026-8950
https://www.cve.org/CVERecord?id=CVE-2026-8953
https://www.cve.org/CVERecord?id=CVE-2026-8954
https://www.cve.org/CVERecord?id=CVE-2026-8955
https://www.cve.org/CVERecord?id=CVE-2026-8956
https://www.cve.org/CVERecord?id=CVE-2026-8957
https://www.cve.org/CVERecord?id=CVE-2026-8958
https://www.cve.org/CVERecord?id=CVE-2026-8959
https://www.cve.org/CVERecord?id=CVE-2026-8961
https://www.cve.org/CVERecord?id=CVE-2026-8962
https://www.cve.org/CVERecord?id=CVE-2026-8968
https://www.cve.org/CVERecord?id=CVE-2026-8970
https://www.cve.org/CVERecord?id=CVE-2026-8974
https://www.cve.org/CVERecord?id=CVE-2026-8975
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-140.11.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-140.11.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-140.11.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-140.11.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
00b192679db99c8fd6f69276a065c366 mozilla-firefox-140.11.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
a5f80a30d6d65a39154d0cbb3e421a48 mozilla-firefox-140.11.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
8fb4dbb54f3fa93a26183077c6864a15 xap/mozilla-firefox-140.11.0esr-i686-1.txz

Slackware x86_64 -current package:
d5fc0bdbd859761aa86ee73653327221 xap/mozilla-firefox-140.11.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-140.11.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



haveged (SSA:2026-139-01)


haveged (SSA:2026-139-01)

New haveged packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/haveged-1.9.21-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Missing exit out of permission check could lead to root exploit.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-41054
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/haveged-1.9.21-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/haveged-1.9.21-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/haveged-1.9.21-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/haveged-1.9.21-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
52b3d83fd7bb87f72c70ea684fda742a haveged-1.9.21-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
e194704a599fa910d1ae1302161399a0 haveged-1.9.21-x86_64-1_slack15.0.txz

Slackware -current package:
728cdda335ad68b7bdeca62356433d73 a/haveged-1.9.21-i686-1.txz

Slackware x86_64 -current package:
1a38ed250a1b4a8105ba15dbfdd7d58e a/haveged-1.9.21-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg haveged-1.9.21-i586-1_slack15.0.txz

Then, restart the daemon:
# sh /etc/rc.d/rc.haveged restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


PackageKit and OpenEXR updates for Rocky Linux

ImageMagick, OpenSSH, BuildAH, and more updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...