SLFS Advisories
This page covers advisories, notably in relation with security and changes that may have broken earlier versions of the book.
This page is ordered like the Changelog of the book, with newest items first.
12.4 to 12.5
Broken changes
Packages removed from SLFS that are in BLFS may have gotten security updates. Read BLFS 12.4 Security Advisories and BLFS Consolidated Security Advisories for such packages.
slfs-brk-12.4-001: SDL3 (Date: November 18th, 2025)
SLFS used to provide instructions for installing SDL3 and sdl2-compat. This was done as a reference implementation of what it may look like when it'd inevitably land in BLFS. Eventually, other packages like the Dolphin emulator required SDL3, so it became a necessary part of SLFS. Now, BLFS has SDL3 and instructions for sdl2-compat. SLFS has thus removed the instructions for installing SDL3 and sdl2-compat. GLFS has followed suit with BLFS. Please go to BLFS or GLFS for updates to SDL3 and sdl2-compat.
Security Advisories
slfs-sa-12.4-001: OpenJDK-17 - Rating: High (Date: October 23rd, 2025)
In OpenJDK-17.0.17-ga, two security vulnerabilties were fixed that could allow for exploitation of APIs via multiple network protocols, leading to creation, modification, and deletion of data. This is especially an issue with Minecraft servers, as an affected JDK version will have elevated privileges because of calls to mods/modpacks. These vulnerabilities affect other major JDK versions. If you have multiple OpenJDK versions built, update all of them if there is an update present. These security vulnerabilities have been assigned CVE-2025-53057 and CVE-2025-53066.
To update to OpenJDK-17.0.17-ga, follow the OpenJDK installation page. SysVinit and Systemd instructions for the page do not differ. The Java page also has the new version.