Slackware 1126 Published by

Slackware Linux has received security updates for xorg-server, tigervnc, mozilla-thunderbird, and mozilla-firefox:

xorg-server (SSA:2024-304-04)
tigervnc (SSA:2024-304-01)
mozilla-thunderbird (SSA:2024-304-03)
mozilla-firefox (SSA:2024-304-02)




xorg-server (SSA:2024-304-04)


xorg-server (SSA:2024-304-04)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz: Rebuilt.
This update fixes a security issue:
By providing a modified bitmap, a heap-based buffer overflow may occur.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
https://www.cve.org/CVERecord?id=CVE-2024-9632
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz: Rebuilt.
This update fixes a security issue:
By providing a modified bitmap, a heap-based buffer overflow may occur.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
https://www.cve.org/CVERecord?id=CVE-2024-9632
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.4-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.4-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
eebd5cd981a537e02a09d813ced19ede xorg-server-1.20.14-i586-14_slack15.0.txz
ddd8ecbb735d3e347702d5008094efb1 xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz
76f253a5a048a23110b447f5ae292f3e xorg-server-xnest-1.20.14-i586-14_slack15.0.txz
ce54ae9c7368ecc60be96c50e93c26a3 xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz
c0e7639ea5b69966c2df52efc658b55c xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz

Slackware x86_64 15.0 package:
efa602268277e4b7838f04c52352e5d2 xorg-server-1.20.14-x86_64-14_slack15.0.txz
2290325db04ba991244e1db34b6039e5 xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz
9dfe708add6b47877fa76bfc7ecdbbb0 xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txz
f9a9222328fe88bf81f446ef8a77c066 xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz
99523a7eca2c145d269b65cbad18bf75 xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txz

Slackware -current package:
8d6aa07b319d2aef7eabb667000828fc x/xorg-server-21.1.14-i686-1.txz
c92414cd5b46a14cefe2207fa66b311d x/xorg-server-xephyr-21.1.14-i686-1.txz
67a0bcf3041c78cbd6a4971502fb6261 x/xorg-server-xnest-21.1.14-i686-1.txz
16dc00c9cb9bf872fc287319ade2abe4 x/xorg-server-xvfb-21.1.14-i686-1.txz
1622be5d7be614fd784519869a665e76 x/xorg-server-xwayland-24.1.4-i686-1.txz

Slackware x86_64 -current package:
7e36599b3810e2066afef71c5c6c7511 x/xorg-server-21.1.14-x86_64-1.txz
4347494b4a665a3d3b2901fe6340d28f x/xorg-server-xephyr-21.1.14-x86_64-1.txz
2490efadbfb293db40891f48068e1ce8 x/xorg-server-xnest-21.1.14-x86_64-1.txz
175fde9e0f27767bf96659b1ac3c0230 x/xorg-server-xvfb-21.1.14-x86_64-1.txz
91929af00bfe32aa554b2c06754cb792 x/xorg-server-xwayland-24.1.4-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xorg-server-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



tigervnc (SSA:2024-304-01)


tigervnc (SSA:2024-304-01)

New tigervnc packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/tigervnc/tigervnc-1.12.0-i586-7_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including a patch for a
security issue:
By providing a modified bitmap, a heap-based buffer overflow may occur.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
https://www.cve.org/CVERecord?id=CVE-2024-9632
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.12.0-i586-7_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.12.0-x86_64-7_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.14.1-i686-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.14.1-x86_64-2.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
be3a49072d40d88679fe7e99a7558c42 tigervnc-1.12.0-i586-7_slack15.0.txz

Slackware x86_64 15.0 package:
497891bf3f14426d6456314d8fb0bff0 tigervnc-1.12.0-x86_64-7_slack15.0.txz

Slackware -current package:
0dbde067502e39c711e3ccd372c369a4 tigervnc-1.14.1-i686-2.txz

Slackware x86_64 -current package:
0375267af2e5bdc5c11acb9b9693f258 tigervnc-1.14.1-x86_64-2.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg tigervnc-1.12.0-i586-7_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mozilla-thunderbird (SSA:2024-304-03)


mozilla-thunderbird (SSA:2024-304-03)

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
https://www.cve.org/CVERecord?id=CVE-2024-10458
https://www.cve.org/CVERecord?id=CVE-2024-10459
https://www.cve.org/CVERecord?id=CVE-2024-10460
https://www.cve.org/CVERecord?id=CVE-2024-10461
https://www.cve.org/CVERecord?id=CVE-2024-10462
https://www.cve.org/CVERecord?id=CVE-2024-10463
https://www.cve.org/CVERecord?id=CVE-2024-10464
https://www.cve.org/CVERecord?id=CVE-2024-10465
https://www.cve.org/CVERecord?id=CVE-2024-10466
https://www.cve.org/CVERecord?id=CVE-2024-10467
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.4.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
8202f1f4a0aa23bde158c8f1d8d15a63 mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
389ffb2ecb9bca6b5c6207667e655eb0 mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
d46ad813909083e0d31a5ee7f53f9356 xap/mozilla-thunderbird-128.4.0esr-i686-1.txz

Slackware x86_64 -current package:
6d22276ef05d2e25e48d04088e2f4e98 xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



mozilla-firefox (SSA:2024-304-02)


mozilla-firefox (SSA:2024-304-02)

New mozilla-firefox packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.4.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-56/
https://www.cve.org/CVERecord?id=CVE-2024-10458
https://www.cve.org/CVERecord?id=CVE-2024-10459
https://www.cve.org/CVERecord?id=CVE-2024-10460
https://www.cve.org/CVERecord?id=CVE-2024-10461
https://www.cve.org/CVERecord?id=CVE-2024-10462
https://www.cve.org/CVERecord?id=CVE-2024-10463
https://www.cve.org/CVERecord?id=CVE-2024-10464
https://www.cve.org/CVERecord?id=CVE-2024-10465
https://www.cve.org/CVERecord?id=CVE-2024-10466
https://www.cve.org/CVERecord?id=CVE-2024-10467
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-128.4.0esr-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.4.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.4.0esr-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
1383dcc633cb74b1167429a7cd2891b2 mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
91ebb71315bb3d82fe22f8cda6797957 mozilla-firefox-128.4.0esr-x86_64-1_slack15.0.txz

Slackware -current package:
54b2409055d53beb2d5ac5ae0b2f5f53 xap/mozilla-firefox-128.4.0esr-i686-1.txz

Slackware x86_64 -current package:
f0a0567ca70fb99ab2fd8dfd61d98d82 xap/mozilla-firefox-128.4.0esr-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key