My thoughts on Slackware, life and everything

Tag: 0day (Page 1 of 2)

Google fixes the 8th zero-day in Chromium in 2023

Chromium 120.0.6099.129 for which the source code was released two days ago repairs a zero-day vulnerability.

Zero-day means that the vulnerability is already actively exploited in the wild. Hopefully the last time this year, but it is already the 8th zero-day which was reported and fixed in Chromium. The new zero-day is labeled CVE-2023-7024.
It’s therefore highly recommended to upgrade your chromium and also ungoogled-chromium packages.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Chromium 117.0.5938.132 fixes zero-day exploit

Just yesterday I uploaded my  packages for chromium and chromium-ungoogled to 117.0.5938.92. Only to discover right before heading to bed that there’s a new security update available… Chromium 117.0.5938.132 fixes a zero-day vulnerability in libvpx (CVE-2023-5217) which is already actively exploited to install spyware on computers.

The chromium packages for 117.0.5938.132 are already available in my repository. The chromium-ungoogled packages are currently compiling and will become available in the evening (CET timezone) i.e. later today.
It’s highly recommended to upgrade to my latest chromium and chromium-ungoogled packages.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

New update for Chromium to address 0-day exploit

Chromium, regular and un-googled.

Earlier last week Google released 108.0.5359.71. On friday, I had finally built and uploaded Slackware packages for this, when they released a quick fix to plug an already actively exploited hole (CVE-2022-4262).
The intermediate release took me by surprise. Luckily someone alerted me to the security fix in the comments section of my previous post. I grabbed the new source tarballs and built 108.0.5359.94 in the course of the weekend.
And I have now uploaded new packages both for chromium and chromium-ungoogled. Target OS releases are Slackware 14.2 and higher (32bit and 64bit).

Quick reminder:
I will stop releasing Chromium packages for Slackware 14.2 after February 2nd, 2023. On that day, Slackware 15.0 is one year old and I expect that everybody who uses a graphical desktop on Slackware, will have upgraded from Slackware 14.2 to 15.0 during that year. If you did upgrade yet but still want to use my Chromium browser packages, you still have two months’ time to prepare and execute that upgrade.
Chromium packages for Slackware 15.0 and -current will of course keep coming.

Cheers, Eric

Updates for Chromium (-ungoogled also), LibreOffice, Java

Around the last weekend I worked on several package updates. In the meantime I had to battle home infrastructure breakdown, as well as the realization that I had inadvertantly opened up my SMTP server as an open relay and had to do some fast infrastructure redesign 🙁

Anyway:

Chromium, regular and ungoogled.

There was a new release at the end of last week. The Chromium 107.0.5304.121 release fixes a security issue for which an exploit already exists in the wild (CVE-2022-4135).
I provide packages for this release both for chromium and chromium-ungoogled. Target OS releases are Slackware 14.2 and higher (32bit and 64bit).

LibreOffice.

The latest release of LibreOffice ‘fresh’ is 7.4.3. This is an incremental bugfix release.
I provide packages for this release, targeting Slackware 15.0 and newer.
Note that my libreoffice package depends on openjdk11 (see below). If you are running slackware-current instead of 15.0, you will additionally need boost-compat and icu4c-compat packages to provide the libraries that are no longer present in -current.

Java.

Oracle released its quarterly update to the Java source code release affecting both JDK 8 and JDK 11.
Andrew Hughes provides an updated icedtea release to be able to compile OpenJDK 8 update 352 build 08. My openjdk package targets Slackware 14.2 and newer.
And for the OpenJDK 11.0.17_8 (aka the 11.0.17 General Availability release) update I provide an openjdk11 package which targets Slackware 15.0 and newer.

Have fun!

Eric

Chromium 105 update addresses zero-day exploit

Only a few days after Google released Chrome 105 (by means of the 105.0.5195.52 sourcecode) they have pushed an update to 105.0.5195.102.
This update fixes a single bug, but it is a critical one (CVE-2022-3075) for which a zero-day exploit is actively abused by malicious third parties. It’s highly recommended to upgrade your Chromium (regular as well as un-googled) browser to the latest version.

I have already uploaded packages for chromium (64bit and 32bit) and chromium-ungoogled (64bit) version 105.0.5195.102. They’ll work on Slackware 14.2 and newer. The 32bit chromium-ungoogled package will follow in a few hours, no thanks to compiler segfault during the nightly build of this package.

Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑