Tag: cve (Page 4 of 21)

Chromium 100 out-of-band security update addresses (again) a single vulnerability

April 6, 2022 / alienbob / 18 Comments

I have uploaded new chromium 100 packages for Slackware. The chromium-ungoogled 100 packages are currently being built and will follow shortly.
What’s with all these updates that follow rapidly on each others’ heels? Just like the recent Chromium 99 security update which addressed a single critical vulnerability, last monday Google announced on their official blog the immediate availability of Chromium 100.0.4896.75. This hotfix release plugs a single hole which Google deemed serious enough to warrant the update. See CVE-2022-1232. The difference with last week is that no known exploit of this vulnerability is reported yet.
Still, it’s highly recommended that you upgrade ASAP.

My Chromium 100.0.4896.75 packages can be downloaded from my own repository (or any mirror that has synced up), for instance:

Once I have finished compiling the un-googled version of chromium and uploaded the packages, I will mention it in the comments section below and you can download them from: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

Until I get tired of compiling for Slackware 14.2 (aka once I have migrated my last server to 15.0) these packages will work on Slackware 14.2 and newer. I provide 32bit as well as 64bit variants.

Eric

Chromium 100 available

April 1, 2022 / alienbob / 14 Comments

The Chromium version has reached a triple-digit number: I have uploaded new packages for Chromium 100 (Slackware 14.2 and newer, 32bit as well as 64bit). Specifically it is the release 100.0.4896.60 which was announced a few days ago. It fixes a number of vulnerabilities with the criticality label “high” which usually means it can crash your browser but not compromise your computer.

Google currently maintains a release schedule for Chromium where a new major version (98, 99, 100, …) is made available every month. This means that new features are not added with a big bang after being beta-tested for months, but the browser’s feature list will evolve over time.

For instance, this 100 release will be the last release where your UserAgent string mentions details about your OS; now it is still “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36“.

A return to Chromium 100 of a lost feature, is the ability to use the audio indicator in a browser tab to directly mute that tab. When website plays audio in a tab, the tab strip will mention that “audio is playing” when you hover your mouse over it, and it shows a speaker icon. Now, when you explicitly enable it with the flag “chrome://flags/#enable-tab-audio-muting” you can click that speaker icon to mute the sound immediately instead of having to right-click first and then select “mute this site”.

Get chromium packages here (NL mirror) or here (US mirror). The chromium-ungoogled packages are still waiting for the source code to be released. I expect that to happen any time and then I’ll build and upload those packages too.

Enjoy the weekend, Eric

Chromium 99 critical security fix, upgrade asap

March 17, 2022 / alienbob / 11 Comments

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

Chromium security update remedies actively used exploit

February 19, 2022 / alienbob / 3 Comments

New chromium and chromium-ungoogled packages for Slackware!
The recent Google Chromium update aims to plug a security hole which is already exploited out there, allowing attackers to take control of your computer. See CVE-2022-0609.
Get my Chromium packages for version 98.0.4758.102 (regular as well as un-googled) and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ and https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

Eric

Security updates for glibc and chromium

January 26, 2022 / alienbob / 5 Comments

Two reminders about security related package updates in my repositories.

Google released an update to its chromium sources last week and I built packages for Slackware (14.2 and -current). You may already have seen them appear if you follow the ChangeLog.txt for my repository.
Get Chromium 97.0.4692.99 now, because it addresses one critical vulnerability (CVE-2022-0289): https://slackware.nl/people/alien/slackbuilds/chromium/

The GNU C Library (glibc) package for Slackware was rebuilt and hence also my multilib packages for glibc needed an update, after two security vulnerabilities were fixed (CVE-2021-3998 and CVE-2021-3999).
The multilib glibc packages (release 2.33, build ‘5alien’) can be found at http://www.slackware.com/~alien/multilib/current/ .

Eric

May 2024
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Sat, 27 Apr 2024 19:51:08 GMT April 27, 2024
current/compat32-tools: to massconvert32.sh, added ap/cups-browsed l/libcupsfilters and l/libppd as new dependencies of cups-filters. current/slackware64-compat32: Refreshed the *compat32 packages.
Fri, 19 Apr 2024 19:34:45 GMT April 19, 2024
15.0/aaa_glibc-solibs-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/glibc-2.33_multilib-x86_64-6alien.txz: Rebuilt. Addresses CVE-2024-2961 (* Security fix *) 15.0/glibc-i18n-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/glibc-profile-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/slackware64-compat32: Refreshed the *compat32 packages. current/aaa_glibc-solibs-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/glibc-2.39_multilib-x86_64-2alien.txz: Rebuilt. Addresses CVE-2024-2961 (* Security fix *) current/glibc-i18n-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/glibc-profile-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/slackware64-compat32: Refreshed the *compat32 packages.

Thu, 2 May 2024 23:49:58 GMT May 2, 2024
a/btrfs-progs-6.8.1-x86_64-1.txz: Upgraded. a/kernel-firmware-20240502_28f75f1-noarch-1.txz: Upgraded. a/kernel-generic-6.6.30-x86_64-1.txz: Upgraded. a/kernel-huge-6.6.30-x86_64-1.txz: Upgraded. a/kernel-modules-6.6.30-x86_64-1.txz: Upgraded. ap/mariadb-10.11.7-x86_64-2.txz: Rebuilt. Try to preserve the timestamp on rc.mysqld.new. d/kernel-headers-6.6.30-x86-1.txz: Upgraded. d/llvm-18.1.5-x86_64-1.txz: Upgraded. d/rust-1.78.0-x86_64-1.txz: Upgraded. k/kernel-source-6.6.30-noarch-1.txz: Upgraded. l/SDL2-2.30.3-x86_64-1.txz: Upgraded. n/mobile-broadband-provider-info-20240502-noarch-1.txz: Upgraded. x/ibus-1.5.30-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.

SlackBuilds.org changes for Sat, 27 Apr 2024 02:29:53 GMT
academic/cadabra2: Updated for version 2.4.5.7. academic/nco: Updated for version 5.2.4. audio/lxmusic: Switch to gtk+3 by default. desktop/adapta-gtk-theme: Removed (project ended development). desktop/dunst: Updated for version 1.11.0 desktop/durden: Fix MD5SUM. desktop/dwmblocks: Update for 20240420 desktop/e16.theme.pack: Fix MD5SUM. desktop/gtklock-playerctl-module: Updated for version 3.0.0. desktop/gtklock-powerbar-module: Updated for version 3.0.0. desktop/gtklock-userinfo-module: Updated for version 3.0.0. desktop/gtklock: Updated for version […]

Tag: cve (Page 4 of 21)

Chromium 100 out-of-band security update addresses (again) a single vulnerability

Chromium 100 available

Chromium 99 critical security fix, upgrade asap

Chromium security update remedies actively used exploit

Security updates for glibc and chromium

About this blog

Sponsoring

Categories

Subscribe to Blog via Email

My Favourites

Online me

Slackware

Calendar

slackbuilds

multilib

Slackware64-current

SBo

Meta

Top Posts & Pages

Recent posts

Recent comments