[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.7.2esr-i686-1slack15.0.txz: Upgraded. This update contains a security fix: Heap buffer overflow ...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.7.1esr-i686-1slack15.0.txz: Upgraded. This update contains a security fix: Heap buffer overflow in libvp...

[slackware-security] lrzip

New lrzip packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/lrzip-0.660-i586-1slack15.0.txz: Upgraded. Address multiple potential security issues with crafted or corrupt archives. Security fix...

[slackware-security] libssh

New libssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.11.4-i586-1slack15.0.txz: Upgraded. This update fixes security issues: SCP Protocol Path Traversal in sshscppullrequest...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2026-047-04)

The version of mozilla-thunderbird installed on the remote host is prior to 140.7.2esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-047-04 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has...

Slackware: Security Advisory (SSA:2026-047-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2026-047-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2026-047-04)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

CVE-2026-23202

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...

CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

CVE-2026-23202 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of lock protection for the currxfer field in the tegra210-quad SPI driver. This...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.55-i586-1slack15.0.txz: Upgraded. Fixed a high severity security issue: Heap buffer overflow in pngsetquantize. Reported a...

[slackware-security] gnutls

New gnutls packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.12-i586-1slack15.0.txz: Upgraded. This update fixes security issues: libgnutls: Fix NULL pointer dereference in PSK binder...

CVE-2026-21347

CVE-2026-21347 affects Adobe Bridge. Affected versions: Bridge 15.1.3 and earlier, and 16.0.1 and earlier. The root cause is an Integer Overflow or Wraparound (CWE-190) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction —the victim...

GHSA-HXW8-4H9J-HQ2R File Browser has an Authentication Bypass in User Password Update

Security Advisory: Authentication Bypass in User Password Update Summary A case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change any user's password without providing the current password. By using Title Case field name...