A new patch package has been released for Slackware 15.0 to address multiple security vulnerabilities. The package, identified as patch-2.8-i586-1_slack15.0.txz, updates the previously installed version of patch and resolves several critical issues, including CVE-2019-13638, CVE-2019-13636, CVE-2019-20633, CVE-2018-20969, CVE-2018-6951, and CVE-2018-6952. Notably, CVE-2018-1000156, one of the most significant vulnerabilities, was patched seven years ago, but this latest update includes additional CVEs that were discreetly rectified with the earlier release of patch-2.8 earlier this year.
The update is detailed in the Slackware 15.0 ChangeLog, which acknowledges the contributions of the community, specifically thanking an individual for the alert regarding these vulnerabilities. For users looking for more information on the vulnerabilities, links have been provided to the respective CVE records.
The new packages can be accessed through the OSU Open Source Lab, which offers FTP and rsync hosting for the Slackware project. Users can find mirrors via the "Get Slack" section on the Slackware website. The updated packages for both i586 and x86_64 architectures are available for download, along with their corresponding MD5 signatures for verification.
To implement the update, users are advised to run the upgrade command as the root user. The announcement is signed off by the Slackware Linux Security Team, providing a link to their GPG key for users who wish to verify the authenticity of the updates.
Extension:
As cybersecurity threats evolve, it's crucial for users to regularly update their systems to mitigate risks associated with known vulnerabilities. Slackware's proactive approach in addressing these security issues exemplifies the importance of staying vigilant in maintaining system integrity. Users are encouraged not only to update their packages but also to follow best practices in system security, such as enabling firewalls, utilizing strong passwords, and regularly auditing system configurations. Additionally, users should remain informed about future updates and vulnerabilities by subscribing to security advisories and engaging with the Slackware community for support and resources
The update is detailed in the Slackware 15.0 ChangeLog, which acknowledges the contributions of the community, specifically thanking an individual for the alert regarding these vulnerabilities. For users looking for more information on the vulnerabilities, links have been provided to the respective CVE records.
The new packages can be accessed through the OSU Open Source Lab, which offers FTP and rsync hosting for the Slackware project. Users can find mirrors via the "Get Slack" section on the Slackware website. The updated packages for both i586 and x86_64 architectures are available for download, along with their corresponding MD5 signatures for verification.
To implement the update, users are advised to run the upgrade command as the root user. The announcement is signed off by the Slackware Linux Security Team, providing a link to their GPG key for users who wish to verify the authenticity of the updates.
Extension:
As cybersecurity threats evolve, it's crucial for users to regularly update their systems to mitigate risks associated with known vulnerabilities. Slackware's proactive approach in addressing these security issues exemplifies the importance of staying vigilant in maintaining system integrity. Users are encouraged not only to update their packages but also to follow best practices in system security, such as enabling firewalls, utilizing strong passwords, and regularly auditing system configurations. Additionally, users should remain informed about future updates and vulnerabilities by subscribing to security advisories and engaging with the Slackware community for support and resources
Patch update for Slackware
A new patch package is available for Slackware 15.0 to fix several security issues. The package, patch-2.8-i586-1_slack15.0.txz, upgrades the existing patch version and fixes vulnerabilities including CVE-2019-13638, CVE-2019-13636, CVE-2019-20633, CVE-2018-20969, CVE-2018-6951, and CVE-2018-6952.
patch (SSA:2025-256-01)
