[slackware-security] apr-util (SSA:2011-041-01)New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,12.2, 13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/apr-1.3.12-i486-1_slack13.1.txz: Upgraded.patches/packages/apr-util-1.3.10-i486-1_slack13.1.txz: Upgraded. Fixes a memory leak and DoS in apr_brigade_split_line(). For more information, see:
http://cve.mitre.org...e=CVE-2010-1623 (* Security fix *)+--------------------------+======[slackware-security] expat (SSA:2011-041-02)New expat packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/expat-2.0.1-i486-2_slack13.1.txz: Upgraded. Fixed various crash and hang bugs. For more information, see:
http://cve.mitre.org...e=CVE-2009-2625 http://cve.mitre.org...e=CVE-2009-3560 http://cve.mitre.org...e=CVE-2009-3720 (* Security fix *)+--------------------------+======[slackware-security] httpd (SSA:2011-041-03)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/httpd-2.2.17-i486-1_slack13.1.txz: Upgraded. This fixes some denial of service bugs in the bundled libraries. On Slackware we do not use the bundled expat or apr-util, so the issues are also fixed in those external libraries. For more information, see:
http://cve.mitre.org...e=CVE-2009-3560 http://cve.mitre.org...e=CVE-2009-3720 http://cve.mitre.org...e=CVE-2010-1623 (* Security fix *)+--------------------------+======[slackware-security] openssl (SSA:2011-041-04)New openssl packages are available for 11.0, 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8r-i486-1_slack13.1.txz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.o...dv_20110208.txt http://cve.mitre.org...e=CVE-2011-0014 (* Security fix *) Patched certwatch to work with recent versions of "file". Thanks to Ulrich Sch?fer and Jan Rafaj.patches/packages/openssl-solibs-0.9.8r-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+======[slackware-security] sudo (SSA:2011-041-05)New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/sudo-1.7.4p6-i486-1_slack13.1.txz: Upgraded. Fix Runas group password checking. For more information, see the included CHANGES and NEWS files, and:
http://cve.mitre.org...e=CVE-2011-0010 (* Security fix *)+--------------------------+