Slackware64-14.2 ChangeLog (2021-07-21)
Wed Jul 21 18:16:58 UTC 2021
Packages
Upgraded
- patches/packages/curl-7.78.0-x86_64-1_slack14.2.txz
This update fixes security issues:
CURLOPT_SSLCERT mixup with Secure Transport
TELNET stack contents disclosure again
Bad connection reuse due to flawed path name checks
Metalink download sends credentials
Wrong content via metalink not discarded
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922
(* Security fix *)
Wed Jul 21 05:30:44 UTC 2021
Packages
Upgraded
- patches/packages/linux-4.4.276/*
These updates fix various bugs and security issues, including the recently
announced local privilege escalation vulnerability in the filesystem layer
(CVE-2021-33909).
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
Fixed in 4.4.262:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232
Fixed in 4.4.263:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28972
Fixed in 4.4.264:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688
Fixed in 4.4.265:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483
Fixed in 4.4.266:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
Fixed in 4.4.267:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
Fixed in 4.4.269:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916
Fixed in 4.4.270:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
Fixed in 4.4.271:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399
Fixed in 4.4.272:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587
Fixed in 4.4.274:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
Fixed in 4.4.276:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909
(* Security fix *)