My thoughts on Slackware, life and everything

Tag: cve (Page 5 of 21)

Chromium security update remedies actively used exploit

New chromium and chromium-ungoogled packages for Slackware!
The recent Google Chromium update aims to plug a security hole which is already exploited out there, allowing attackers to take control of your computer. See CVE-2022-0609.
Get my Chromium packages for version 98.0.4758.102 (regular as well as un-googled) and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ and https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

Eric

Security updates for glibc and chromium

Two reminders about security related package updates in my repositories.

Google released an update to its chromium sources last week and I built packages for Slackware (14.2 and -current). You may already have seen them appear if you follow the ChangeLog.txt for my repository.
Get Chromium 97.0.4692.99 now, because it addresses one critical vulnerability (CVE-2022-0289): https://slackware.nl/people/alien/slackbuilds/chromium/

The GNU C Library (glibc) package for Slackware was rebuilt and hence also my multilib packages for glibc needed an update, after two security vulnerabilities were fixed (CVE-2021-3998 and CVE-2021-3999).
The multilib glibc packages (release 2.33, build ‘5alien’) can be found at http://www.slackware.com/~alien/multilib/current/ .

 

Eric

Chromium 97 added to my repository; fixes a critical vulnerability

A couple of days ago Google released the sources for Chromium 97.0.4692.71. I am still waiting for an update to the chromium-ungoogled sources but I have already uploaded Slackware packages for chromium (targeting 14.2 and -current) to my repository.

This release addresses one ‘critical’ vulnerability (CVE-2022-0096, ‘Use after free in Storage‘) and brings a total of 37 security fixes. From a user perspective, I could not find particularly exciting new functionality in the release notes. The security fixes still make this a recommended upgrade.

You can get my chromium packages from slackware.nl or its mirrors.

Eric

Update 08-jan-2022: packages for chromium-ungoogled 97.0.4692.71 are now also available in my repository.

Another Chromium 96 update to patch a 0-day exploit

I have uploaded a set of new packages for Chromium 96.0.4664.110. The package updates for chromium-ungoogled will follow shortly, they are still compiling.

This update follows on the heels of the previous one, and addresses a couple of severe/critical bugs.
One of them (being labeled as CVE-2021-4102, ‘use-after-free issue in the V8 JavaScript engine‘) is a zero-day vulnerability which is already actively exploited in the wild, according to Google’s report.

This is an urgent request to upgrade your package.
You can get the chromium and chromium-ungoogled packages from slackware.nl or its mirrors.

Eric

Update (Thu Dec 16 08:13:10 UTC 2021): packages for chromium-ungoogled are updated now as well. The slackware.com server is down but you can download from slackware.nl or any mirror.

Update your Chromium to 93.0.4577.82

Today, I uploaded a set of Chromium 93.0.4577.82 packages for Slackware 14.2 and -current (32-bit as well as 64-bit).

According to yesterday’s official announcement on the Google blog, this release patches a number of vulnerabilites and two of them are zero-day vulnerabilities that are actively being exploited online.

The advice is to upgrade Chromium on your Slackware 14.2 and -current computers as soon as possible.

The ungoogled-chromium sources are lagging behind as usual, but I have hopes that a new source tarball will appear soon, now that we have a Chromium update which addresses multiple zero-days. Eloston, the project maintainer, seems AWOL but several contributors have a working patch set ready.

Stay safe! Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑