Slackware 15.0 Security Updates Address Critical Vulnerabilities
Severity: High (Score: 74.0)
Sources: Linuxsecurity
Published: · Updated:
Keywords: slackware, buffer, here, details, changelog, patches, packages
Severity indicators: urgent, buffer overflow
Summary
Slackware 15.0 released urgent updates for two significant vulnerabilities on June 3, 2026. The first addresses a stack-based buffer overflow in the net-tools package (CVE-2026-154) affecting network interface handling. The second update resolves a denial-of-service vulnerability (CVE-2026-49975) in the httpd package, specifically targeting HTTP/2, which could lead to resource exhaustion. Both vulnerabilities necessitate immediate attention from system administrators to mitigate potential exploitation. Users are advised to upgrade their packages promptly to ensure system security. The updates are available for both x86 and x86_64 architectures. Key Points: • Urgent updates released for Slackware 15.0 addressing critical vulnerabilities. • CVE-2026-154 involves a stack-based buffer overflow in net-tools. • CVE-2026-49975 relates to a denial-of-service vulnerability in httpd affecting HTTP/2.
Detailed Analysis
**Impact** Slackware 15.0 users are affected by critical vulnerabilities in net-tools and httpd packages. The flaws could lead to stack-based buffer overflow and denial-of-service (DoS) attacks, potentially disrupting network operations and web services. Organizations relying on Slackware 15.0 in sectors such as IT infrastructure and web hosting may experience service outages or compromise of system stability. No specific geographic or sectoral impact data is provided. **Technical Details** The net-tools vulnerability involves a stack-based buffer overflow in the get_name() function within interface.c, allowing potential memory corruption. The httpd package addresses CVE-2026-49975, a resource exhaustion DoS attack known as the "HTTP/2 Bomb" targeting HTTP/2 protocol handling. Both issues affect Slackware 15.0 and -current branches, impacting x86 and x86_64 architectures. No malware, attacker infrastructure, or additional IOCs are detailed. **Recommended Response** Apply the updated packages for net-tools (net-tools-20181103_0eebece) and httpd (httpd-2.4.67) immediately using the provided upgradepkg commands. For httpd, restart the Apache service after patching to activate fixes. Monitor network and web server logs for unusual resource usage or crashes indicative of exploitation attempts. No further detection or blocking indicators are available from the sources.
Source articles (2)
- Slackware 15.0 httpd Important DoS Fix for CVE-2026-49975 2026-154 — Linuxsecurity · 2026-06-03
Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.67-i586-2_slack15.0.txz: Rebuilt. This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service attack aga… - Slackware 15.0 Net-tools Urgent Buffer Overflow Resolution 2026-154 — Linuxsecurity · 2026-06-03
Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-20181103_0eebece-i586-4_slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer O…
Timeline
- 2026-06-03 — Slackware 15.0 updates released: Updates for net-tools and httpd packages were released to fix critical vulnerabilities affecting Slackware 15.0.
- 2026-06-03 — CVE-2026-154 disclosed: A stack-based buffer overflow vulnerability in net-tools was identified, requiring immediate patching.
- 2026-06-03 — CVE-2026-49975 disclosed: A denial-of-service vulnerability in httpd was reported, allowing for resource exhaustion attacks via HTTP/2.
CVEs
Related entities
- DDoS (Attack Type)
- CWE-120 - Classic Buffer Overflow (Cwe)
- ftp.slackware.com (Domain)
- T1499 - Endpoint Denial of Service (Mitre Attack)
- Apache (Platform)
- Slackware Linux (Platform)