My thoughts on Slackware, life and everything

Tag: security (Page 1 of 3)

Chromium 99 critical security fix, upgrade asap

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

Alien Pastures switched to HTTPS

The “Alien Pastures” blog has been moved into a Virtual Machine (hence the short downtime yesterday) after its previous host hardware was replaced with a much beefier machine. This was a nice opportunity to configure the VM with a SSL certificate issued by LetsEncrypt (again, thanks Robby Workman).

So, from now on, the blog is served with a HTTPS URL by default. I hope you understand, this is a process seen on many other web sites too.

Cheers, Eric

Security updates: multilib and flash

blueSW-64pxMultilib

A mountain of security fixes landed in Slackware this week. Many of these updated packages have a multilib equivalent, so today I have updated my multilib repository for Slackware releases 13.37 and newer.

New to multilib or don’t know what it is all about? Read the multilib article found in the Slackware Documentation Project. Download the new multilib packages here:

Flash

At the same time, I have uploaded the latest package versions for the Flash Player plugin for Mozilla and Chromium browsers.
They are accompanied by Flash player  security bulletin APSB16-36.

The updated plugin for the Chromium browser (chromium-pepperflash-plugin) has the version number 23.0.0.205 while the plugin for Mozilla browsers (flashplayer-plugin) is now at version 11.2.202.643 (both 64bit and 32bit versions).

Slackware packages for these Flash plugins are available for download & install in the following locations:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg upgrade flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Have fun! Eric

July ’15 Security fixes for Adobe’s Flash web plugins (extra critical)

adobe_flash_8s600x600_2The recent hack of the “Hacking Team” -a company that makes money from creating spyware for repressive governments –  has uncovered evidence that they have been exploiting a yet unknown security hole which is present in all Adobe Flash players since version 7.  Obviously based on the  information obtained from the public dump of Hacking Team’s 400 GB Intranet data, there’s a Zero-Day exploit out there in the wild that is actively targeting computers (thanks mancha for the link). Adobe have released patched Flash player plugins today that fix this security hole and you are all urgently advised to update your flash player packages.

For your information: The updated Slackware package for chromium-pepperflash-plugin has version 18.0.0.204. The updated flashplayer-plugin has version 11.2.202.481. The Chromium plugin was taken from the Google Chrome 43.0.2357.132 RPM which was released yesterday. New packages for my own chromium package based on the sources of that same version are underway, expect those tomorrow.

Download locations for the Flash plugins:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Eric

More june ’15 security fixes for Adobe’s Flash web plugins

adobe_flash_8s600x600_2Here are new packages for the flashplayer-plugin and chromium-pepperflash-plugin. It’s “patch tuesday” and therefore the chances were fairly high that there would be a new Flash security bulletin… indeed, check out Adobe Flash security bulletin: apsb15-14.

For your information: The updated Slackware package for chromium-pepperflash-plugin has version 18.0.0.194. The updated flashplayer-plugin has version 11.2.202.468. The Chromium plugin was taken from the Google Chrome 43.0.2357.130 RPM, and of course new packages for my own chromium package based on sources of that same version are underway – the 32-bit package is being compiled at the moment.

Download locations for the Flash plugins:

Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑