Thunderbird, Firefox, OpenSSL, libidn, and BIND updates for Slackware

Slackware 1269 Published by

The Slackware Linux Security Team just rolled out a major security update that patches critical vulnerabilities across five essential packages for both Slackware 15.0 and current development branches. Mozilla Thunderbird and Firefox now ship with updated ESR builds that close dozens of memory safety flaws, while OpenSSL received carefully backported fixes for heap overreads and use-after-free errors. The remaining updates tackle a dangerous out-of-bounds read in libidn alongside a DNS64 response corruption bug that previously allowed corrupted data to reach clients. You can grab the verified packages from official FTP mirrors right now and apply them quickly using standard upgrade commands to keep your systems protected.

mozilla-thunderbird (SSA:2026-168-04)
mozilla-firefox (SSA:2026-168-03)
openssl (SSA:2026-168-05)
libidn (SSA:2026-168-02)
bind (SSA:2026-168-01)




mozilla-thunderbird (SSA:2026-168-04)


mozilla-thunderbird (SSA:2026-168-04)

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/140.12.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/
https://www.cve.org/CVERecord?id=CVE-2026-12289
https://www.cve.org/CVERecord?id=CVE-2026-12290
https://www.cve.org/CVERecord?id=CVE-2026-12291
https://www.cve.org/CVERecord?id=CVE-2026-12292
https://www.cve.org/CVERecord?id=CVE-2026-12294
https://www.cve.org/CVERecord?id=CVE-2026-12295
https://www.cve.org/CVERecord?id=CVE-2026-12298
https://www.cve.org/CVERecord?id=CVE-2026-12296
https://www.cve.org/CVERecord?id=CVE-2026-12297
https://www.cve.org/CVERecord?id=CVE-2026-12299
https://www.cve.org/CVERecord?id=CVE-2026-12329
https://www.cve.org/CVERecord?id=CVE-2026-12302
https://www.cve.org/CVERecord?id=CVE-2026-12304
https://www.cve.org/CVERecord?id=CVE-2026-12305
https://www.cve.org/CVERecord?id=CVE-2026-12306
https://www.cve.org/CVERecord?id=CVE-2026-12307
https://www.cve.org/CVERecord?id=CVE-2026-12308
https://www.cve.org/CVERecord?id=CVE-2026-12309
https://www.cve.org/CVERecord?id=CVE-2026-12310
https://www.cve.org/CVERecord?id=CVE-2026-12311
https://www.cve.org/CVERecord?id=CVE-2026-12312
https://www.cve.org/CVERecord?id=CVE-2026-12313
https://www.cve.org/CVERecord?id=CVE-2026-12314
https://www.cve.org/CVERecord?id=CVE-2026-12315
https://www.cve.org/CVERecord?id=CVE-2026-12330
https://www.cve.org/CVERecord?id=CVE-2026-12324
https://www.cve.org/CVERecord?id=CVE-2026-12325
https://www.cve.org/CVERecord?id=CVE-2026-12327
https://www.cve.org/CVERecord?id=CVE-2026-12328
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.12.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.12.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.12.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
51bc5915be253647cb39276630a60a12 mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
639beeba12f6b6eb1517e088e36949e1 mozilla-thunderbird-140.12.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
d6725be0ff75f5bba020d56074ca403d xap/mozilla-thunderbird-140.12.0esr-i686-1.txz

Slackware x86_64 -current package:
f09ea6bec45ad46b5c0497f56b26393b xap/mozilla-thunderbird-140.12.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mozilla-firefox (SSA:2026-168-03)


mozilla-firefox (SSA:2026-168-03)

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-140.12.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/140.12.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2026-58
https://www.cve.org/CVERecord?id=CVE-2026-12289
https://www.cve.org/CVERecord?id=CVE-2026-12290
https://www.cve.org/CVERecord?id=CVE-2026-12291
https://www.cve.org/CVERecord?id=CVE-2026-12292
https://www.cve.org/CVERecord?id=CVE-2026-12294
https://www.cve.org/CVERecord?id=CVE-2026-12295
https://www.cve.org/CVERecord?id=CVE-2026-12298
https://www.cve.org/CVERecord?id=CVE-2026-12296
https://www.cve.org/CVERecord?id=CVE-2026-12297
https://www.cve.org/CVERecord?id=CVE-2026-12299
https://www.cve.org/CVERecord?id=CVE-2026-12329
https://www.cve.org/CVERecord?id=CVE-2026-12302
https://www.cve.org/CVERecord?id=CVE-2026-12304
https://www.cve.org/CVERecord?id=CVE-2026-12305
https://www.cve.org/CVERecord?id=CVE-2026-12306
https://www.cve.org/CVERecord?id=CVE-2026-12307
https://www.cve.org/CVERecord?id=CVE-2026-12308
https://www.cve.org/CVERecord?id=CVE-2026-12309
https://www.cve.org/CVERecord?id=CVE-2026-12310
https://www.cve.org/CVERecord?id=CVE-2026-12311
https://www.cve.org/CVERecord?id=CVE-2026-12312
https://www.cve.org/CVERecord?id=CVE-2026-12313
https://www.cve.org/CVERecord?id=CVE-2026-12314
https://www.cve.org/CVERecord?id=CVE-2026-12315
https://www.cve.org/CVERecord?id=CVE-2026-12330
https://www.cve.org/CVERecord?id=CVE-2026-12324
https://www.cve.org/CVERecord?id=CVE-2026-12325
https://www.cve.org/CVERecord?id=CVE-2026-12327
https://www.cve.org/CVERecord?id=CVE-2026-12328
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-140.12.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-140.12.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-140.12.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-140.12.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
9a7c2ffc7fc6598e51c0a8400d5a5a30 mozilla-firefox-140.12.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
1cb4d49e48dbde82e77cd1da31192592 mozilla-firefox-140.12.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
558c5c9a66ecc55ebdda6fe76cd67630 xap/mozilla-firefox-140.12.0esr-i686-1.txz

Slackware x86_64 -current package:
faa12d5490361f40a0d44aedd9bf199a xap/mozilla-firefox-140.12.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-140.12.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



openssl (SSA:2026-168-05)


openssl (SSA:2026-168-05)

New openssl packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zh-i586-1_slack15.0.txz: Upgraded.
Apply patch to fix the following security issues:
Heap Buffer Over-read in ASN.1 Content Parsing.
Possible NULL Dereference in Password-Based CMS Decryption.
Heap Use-After-Free in the PKCS7_verify() Function.
Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion.
Out-of-Bounds Read in CMS Password-Based Decryption.
These CVEs were fixed by the 1.1.1zh release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
https://www.cve.org/CVERecord?id=CVE-2026-34180
https://www.cve.org/CVERecord?id=CVE-2026-42766
https://www.cve.org/CVERecord?id=CVE-2026-45447
https://www.cve.org/CVERecord?id=CVE-2026-7383
https://www.cve.org/CVERecord?id=CVE-2026-9076
(* Security fix *)
patches/packages/openssl-solibs-1.1.1zh-i586-1_slack15.0.txz: Upgraded.
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zh-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zh-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zh-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zh-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-3.5.7-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-3.5.7-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-3.5.7-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-3.5.7-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 packages:
4bacef1ac6875a75b880462748dcb04d openssl-1.1.1zh-i586-1_slack15.0.txz
5886fb3b3800391012a8aff7fbdac2de openssl-solibs-1.1.1zh-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
2a2109b035289903b46620b06ac4b5db openssl-1.1.1zh-x86_64-1_slack15.0.txz
47bca2f40e7efb3fec646a72990155e5 openssl-solibs-1.1.1zh-x86_64-1_slack15.0.txz

Slackware -current packages:
e60936abed76795cbf66bf883e7fbc55 a/openssl-solibs-3.5.7-i686-1.txz
59d276ff0bc9816c1a92f804daf0debb n/openssl-3.5.7-i686-1.txz

Slackware x86_64 -current packages:
b6ad454e84c6b96034cb79dbb8b166d6 a/openssl-solibs-3.5.7-x86_64-1.txz
3cd5ada338b376d73f9f379a4fcefbc4 n/openssl-3.5.7-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.1.1zh-i586-1_slack15.0.txz openssl-solibs-1.1.1zh-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



libidn (SSA:2026-168-02)


libidn (SSA:2026-168-02)

New libidn packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libidn-1.44-i586-1-slack15.0.txz: Rebuilt.
This update fixes security issues:
libidn: Fix read-out-of-bounds error in ToUnicode APIs.
examples: Fix strcpy buffer overflow.
For more information, see:
https://lists.gnu.org/archive/html/help-libidn/2026-05/msg00000.html
https://lists.gnu.org/archive/html/help-libidn/2025-06/msg00000.html
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libidn-1.44-i586-1-slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libidn-1.44-x86_64-1-slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libidn-1.44-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libidn-1.44-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
cebf86a9c5bd63bcc97933b6a81c975b libidn-1.44-i586-1-slack15.0.txz

Slackware x86_64 15.0 package:
b9438bfe435f323eb2752fc0a42bd39c libidn-1.44-x86_64-1-slack15.0.txz

Slackware -current package:
d0ffe04c5036d4592440cb1d17a30b9b l/libidn-1.44-i686-1.txz

Slackware x86_64 -current package:
7a0f4faa705823200e445097bcf8dd5f l/libidn-1.44-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libidn-1.44-i586-1-slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



bind (SSA:2026-168-01)


bind (SSA:2026-168-01)

New bind packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.18.50-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix DNS64 owner case after DNAME restart.
When BIND 9 is configured to use DNS64 and encounters a DNAME
redirect, it could end up using freed memory for the DNS response
owner name. This caused the response to contain corrupted data. This
fix ensures the correct owner name is used when constructing the
synthesized response after a DNAME redirect.
ISC thanks Qifan Zhang of Palo Alto Networks for reporting the issue.
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bind-9.18.50-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bind-9.18.50-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.20.24-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.20.24-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
c7f0bcfbb1ab8b202ad23a396d763891 bind-9.18.50-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
54c16ad56fc913d4ad8787ff02dfd94d bind-9.18.50-x86_64-1_slack15.0.txz

Slackware -current package:
551ebfd82fe2d9f67f7d8958d16af9fd n/bind-9.20.24-i686-1.txz

Slackware x86_64 -current package:
5ef707632561437d0c6b58c9c2ff2d07 n/bind-9.20.24-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.18.50-i586-1_slack15.0.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


OpenSSL, PostgreSQL, Redis and WebKit2GTK updates for Rocky Linux

LibVNCServer, Wireshark, Grafana, Traefik2, and Python Libraries updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...