Alien Pastures

My thoughts on Slackware, life and everything

Tag: cve (Page 2 of 21)

Update available for Chromium 112 to address zero-day exploit

April 16, 2023 / / 15 Comments

Chromium, regular and un-googled.

Two days ago on friday, Google released an out-of-cycle stable update. This 112.0.5615.121 update addresses and fixes a zero-day exploit (CVE-2023-2033) which is already actively abused. Since it is a bug in the JavaScript engine, a hacker can craft a HTML page in such a way that your browser will run malicious code on your computer just by loading that web page.

The updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled are available in my repository and its mirrors (like my own US server and in a short while, the UK mirror). Be sure to upgrade at your earliest convenience.

I still get the occasional question “what is this un-googled chromium“? I wrote two articles about it on the blog a while ago: “How to un-google your Chromium browser experience” and “Sync and share your (Chromium and more) browser data among all your computers“. Check those out!

Cheers, Eric

Chromium (also ungoogled) now at version 112

April 8, 2023 / / 6 Comments

Last week the Chromium source code major version was upped to 112. According to the developer blog, this release addresses 16 security issues, none of them critical. Nevertheless, better safe than sorry, so the Slackware packages (15.0 and -current) for Chromium are now ready for downloading from my repository or any of its mirrors. Likewise chromium-ungoogled.

The regular as well as the Un-googled Chromium browser is now at version 112.0.5615.49.
Let’s see what version 113 brings next month – it should have enabled WebGPU by default on ChromeOS even though the Linux builds of Chrome seem to have to wait a bit longer. I wonder if it’s just compile options that I could try to exploit for my Chromium build. I am also curious to see where WebGPU is going to be used in 3D-rendered web applications.

Enjoy! Eric

New update for Chromium to address 0-day exploit

December 4, 2022 / / 45 Comments

Chromium, regular and un-googled.

Earlier last week Google released 108.0.5359.71. On friday, I had finally built and uploaded Slackware packages for this, when they released a quick fix to plug an already actively exploited hole (CVE-2022-4262).
The intermediate release took me by surprise. Luckily someone alerted me to the security fix in the comments section of my previous post. I grabbed the new source tarballs and built 108.0.5359.94 in the course of the weekend.
And I have now uploaded new packagesĀ both for chromium and chromium-ungoogled. Target OS releases are Slackware 14.2 and higher (32bit and 64bit).

Quick reminder:
I will stop releasing Chromium packages for Slackware 14.2 after February 2nd, 2023. On that day, Slackware 15.0 is one year old and I expect that everybody who uses a graphical desktop on Slackware, will have upgraded from Slackware 14.2 to 15.0 during that year. If you did upgrade yet but still want to use my Chromium browser packages, you still have two months’ time to prepare and execute that upgrade.
Chromium packages for Slackware 15.0 and -current will of course keep coming.

Cheers, Eric

Updates for Chromium (-ungoogled also), LibreOffice, Java

November 29, 2022 / / 16 Comments

Around the last weekend I worked on several package updates. In the meantime I had to battle home infrastructure breakdown, as well as the realization that I had inadvertantly opened up my SMTP server as an open relay and had to do some fast infrastructure redesign šŸ™

Anyway:

Chromium, regular and ungoogled.

There was a new release at the end of last week. The Chromium 107.0.5304.121 release fixes a security issue for which an exploit already exists in the wild (CVE-2022-4135).
I provide packages for this release both for chromium and chromium-ungoogled. Target OS releases are Slackware 14.2 and higher (32bit and 64bit).

LibreOffice.

The latest release of LibreOffice ‘fresh’ is 7.4.3. This is an incremental bugfix release.
I provide packages for this release, targeting Slackware 15.0 and newer.
Note that my libreoffice package depends on openjdk11 (see below). If you are running slackware-current instead of 15.0, you will additionally need boost-compat and icu4c-compat packages to provide the libraries that are no longer present in -current.

Java.

Oracle released its quarterly update to the Java source code release affecting both JDK 8 and JDK 11.
Andrew Hughes provides an updated icedtea release to be able to compile OpenJDK 8 update 352 build 08. My openjdk package targets Slackware 14.2 and newer.
And for the OpenJDK 11.0.17_8 (aka the 11.0.17 General Availability release) update I provide an openjdk11 package which targets Slackware 15.0 and newer.

Have fun!

Eric

Chromium 105.0.5195.125 packages available (also ungoogled)

September 22, 2022 / / 6 Comments

I was on vacation for a while, then after my return I mainly focused on getting the new Audacity packages successfully built. In the meantime, Google was not idling and released version 105.0.5195.125 of the Chromium sourcecode.
There’s 11 vulnerability fixes in this release, some of them rated high enough that it is again recommended to upgrade your browser as soon as possible.

I did not forget the un-googled variant of course for which the same recommendation is valid.

The 64bit packages for chromiumĀ and chromium-ungoogled (Slackware 14.2 and newer) can already be downloaded from my repository and its main mirrors. You’ll have to wait a bit for the 32bit packages, they are compiling at the moment. Thanks to Google developers who I assume mostly run 64bit Ubuntu, the 32bit compilation of Chromium sources quite frequently meets with issues that need time to resolve.

Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑