Subj : Slackware 15.0 Changelog update To : All From : Dan Clough Date : Thu Feb 01 2024 06:40:11 Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-51765 (* Security fix *) extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. +--------------------------+ Fri Jan 26 20:59:27 UTC 2024 patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded. pam_namespace.so: fixed a possible local denial-of-service vulnerability. For more information, see: https://seclists.org/oss-sec/2024/q1/31 https://www.cve.org/CVERecord?id=CVE-2024-22365 (* Security fix *) +--------------------------+ Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *) +--------------------------+ Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-02/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *) +--------------------------+ Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded. Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline = normalize" (default "no" for Postfix < 3.9), the Postfix SMTP server requires the standard End-of-DATA sequence ., and otherwise allows command or message content lines ending in the non-standard , processing them as if the client sent the standard . The alternative setting, "smtpd_forbid_bare_newline = reject" will reject any command or message that contains a bare , and is more likely to cause problems with legitimate clients. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". For more information, see: --- SBBSecho 3.20-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1) .