Bruno Posted September 18, 2009 Posted September 18, 2009 Updates Slackware 13.0Package seamonkey-1.1.17-i486-1 upgraded with new package seamonkey-1.1.18-i486-1.txz.Package seamonkey-solibs-1.1.17-i486-1 upgraded with new package seamonkey-solibs-1.1.18-i486-2.txz.Package mozilla-firefox-3.5.2-i686-1 upgraded with new package mozilla-firefox-3.5.3-i686-1.txz.Total 21051 kBB) BrunoNote: Swaret stopped working, so changed package-manager to: slackpkgCommand used: "# slackpkg update && slackpkg upgrade-all"
Bruno Posted September 20, 2009 Author Posted September 20, 2009 Updates Slackware 13.0Upgrading mesa-7.5-i486-1 package using mesa-7.5-i486-2.txzTotal: 3657 kBB) Bruno
Bruno Posted October 5, 2009 Author Posted October 5, 2009 Updates Slackware 13.0Upgrading php-5.2.10-i486-2 package using php-5.2.11-i486-1_slack13.0.txzUpgrading samba-3.2.13-i486-1 package using samba-3.2.15-i486-1_slack13.0.txzTotal: 19816 kB Bruno
Bruno Posted October 20, 2009 Author Posted October 20, 2009 Updates Slackware 13.0Upgrading gnutls-2.6.6-i486-1 package using ./gnutls-2.8.4-i486-1_slack13.0.txz Upgrading pidgin-2.5.9-i486-1 package using ./pidgin-2.6.3-i486-1_slack13.0.txzTotal: 7878 kB Bruno
Bruno Posted October 29, 2009 Author Posted October 29, 2009 Updates Slackware 13.0Upgrading poppler-0.10.7-i486-1 package using poppler-0.10.7-i486-2_slack13.0.txzUpgrading xpdf-3.02pl3-i486-1 package using xpdf-3.02pl4-i486-1_slack13.0.txzTotal: 2311 kB Bruno
Bruno Posted November 3, 2009 Author Posted November 3, 2009 Updates Slackware 13.0Upgrading mozilla-firefox-3.5.3-i686-1 package using mozilla-firefox-3.5.4-i686-1.txzTotal: 7881 kB Bruno
Bruno Posted November 9, 2009 Author Posted November 9, 2009 Updates Slackware 13.0Upgrading mozilla-firefox-3.5.4-i686-1 package using mozilla-firefox-3.5.5-i686-1.txzUpgrading seamonkey-1.1.18-i486-1 package using seamonkey-2.0-i486-1_slack13.0.txzUpgrading seamonkey-solibs-1.1.18-i486-2 package using seamonkey-solibs-2.0-i486-1_slack13.0.txzTotal: 20297 kB Bruno
Bruno Posted November 17, 2009 Author Posted November 17, 2009 Updates Slackware 13.0Upgrading openssl-0.9.8k-i486-2 package using openssl-0.9.8k-i486-3_slack13.0.txzUpgrading openssl-solibs-0.9.8k-i486-2 package using openssl-solibs-0.9.8k-i486-3_slack13.0.txzUpgrading seamonkey-2.0-i486-1_slack13.0 package using seamonkey-2.0-i486-3_slack13.0.txzUpgrading seamonkey-solibs-2.0-i486-1_slack13.0 package using seamonkey-solibs-2.0-i486-3_slack13.0.txzTotal: 16274 kB Bruno
V.T. Eric Layton Posted December 3, 2009 Posted December 3, 2009 Updates Slackware 13.0Wed Dec 2 20:51:55 UTC 2009patches/packages/bind-9.4.3_P4-i486-1_slack13.0.txz: Upgraded.BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses apotential cache poisoning vulnerability, in which data in the additionalsection of a response could be cached without proper DNSSEC validation.For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022http://www.kb.cert.org/vuls/id/418861(* Security fix *)~Eric
V.T. Eric Layton Posted December 9, 2009 Posted December 9, 2009 Updates Slackware 13.0Tue Dec 8 20:44:44 UTC 2009patches/packages/linux-2.6.29.6-3/: Added new kernels and kernel packages with a patch for CVE-2009-1298,a kernel bug where oversized IP packets cause a NULL pointer dereferenceand immediate hang.For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1298 http://lkml.org/lkml/2009/11/25/104 Be sure to reinstall LILO after upgrading the kernel packages. (* Security fix *)~Eric
V.T. Eric Layton Posted December 10, 2009 Posted December 10, 2009 Updates Slackware 13.0New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If aspoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPUand/or disk space exhaustion, resulting in a denial of service.patches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz: Upgraded. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *)~Eric
V.T. Eric Layton Posted December 12, 2009 Posted December 12, 2009 Updates Slackware 13.0[slackware-security] gimp (SSA:2009-345-01)New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current tofix security issues.More details about these issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/gimp-2.6.8-i486-1_slack13.0.txz: Upgraded. This fixes integer overflows in the image handling plugins that could lead to the execution of arbitrary code or an application crash if a malicious image is loaded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted December 19, 2009 Posted December 19, 2009 Updates Slackware 13.0[slackware-security] seamonkey (SSA:2009-352-01)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.More details about the issues may be found on the Mozilla web site: http://www.mozilla.org/security/known-vuln...eamonkey20.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.1-i486-1_slack13.0.txz: Upgraded. Upgraded to seamonkey-2.0.1 shared libraries.patches/packages/seamonkey-solibs-2.0.1-i486-1_slack13.0.txz: Upgraded. Upgraded to seamonkey-2.0.1. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted January 6, 2010 Posted January 6, 2010 Updates Slackware 13.0[slackware-security] mozilla-firefox (SSA:2009-351-01)New mozilla-firefox packages are available for Slackware 12.2, 13.0,and -current to fix security issues.The Firefox 3.0.16 package may also be used with Slackware 11.0 or newer.More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vuln.../firefox30.html http://www.mozilla.org/security/known-vuln.../firefox35.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.5.6-i686-1.txz: Upgraded. Upgraded to firefox-3.5.6. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox35.html (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted January 25, 2010 Posted January 25, 2010 Updates Slackware 13.0[slackware-security] httpd (SSA:2010-024-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/httpd-2.2.14-i486-1_slack13.0.txz: Upgraded. This fixes a couple of security bugs when using mod_proxy_ftp. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 (* Security fix *)+--------------------------+[slackware-security] php (SSA:2010-024-02)New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/php-5.2.12-i486-1_slack13.0.txz: Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *)+--------------------------+[slackware-security] pidgin (SSA:2010-024-03)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix a security issue.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.6.5-i486-1_slack13.0.txz : Upgraded. This fixes a directory traversal vulnerability in Pidgin's MSN protocol handling that may allow attackers to download arbitrary files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted March 2, 2010 Posted March 2, 2010 Updates Slackware 13.0[slackware-security] seamonkey (SSA:2010-060-01)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.3-i486-1_slack13.0.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.3-i486-1_slack13.0.txz: Upgraded.+--------------------------+[slackware-security] openssl (SSA:2010-060-02)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8m-i486-1_slack13.0.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *)patches/packages/openssl-solibs-0.9.8m-i486-1_slack13.0.txz: Upgraded.+--------------------------+[slackware-security] gzip (SSA:2010-060-03)New gzip packages are available for Slackware 13.0 (64-bit) and -current tofix a security issue.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001Here are the details from the Slackware64 13.0 ChangeLog:+--------------------------+patches/packages/gzip-1.4-x86_64-1_slack13.0.tgz: Upgraded. gzip -d could segfault and/or clobber the stack, possibly leading to arbitrary code execution. This affects x86_64 but not 32-bit systems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted March 9, 2010 Posted March 9, 2010 Updates Slackware 13.0[slackware-security] httpd (SSA:2010-067-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations.mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR.mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems]More details about these issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/httpd-2.2.15-i486-1_slack13.0.txz: Upgraded. This update addresses a few security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted March 11, 2010 Posted March 11, 2010 Updates Slackware 13.0[slackware-security] pidgin (SSA:2010-069-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix denial of service issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.6.6-i486-1_slack13.0.txz: Upgraded. This fixes a few denial-of-service flaws as well as other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted April 1, 2010 Posted April 1, 2010 Updates Slackware 13.0[slackware-security] openssl (SSA:2010-090-01)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740A recompiled proftpd package is required if you run ProFTPD.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8n-i486-1_slack13.0.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 (* Security fix *)patches/packages/openssl-solibs-0.9.8n-i486-1_slack13.0.txz: Upgraded.+--------------------------+=====[slackware-security] mozilla-firefox (SSA:2010-090-02)New mozilla-firefox packages are available for Slackware 13.0 and -current tofix security issues.More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vuln.../firefox36.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.2-i686-1.txz: Upgraded. Upgraded to firefox-3.6.2. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+=====[slackware-security] seamonkey (SSA:2010-090-03)New seamonkey packages are available for Slackware 11.0, 12.0, and 12.1 tofix security issues.For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey11.htmlHere are the details from the Slackware 12.1 ChangeLog:+--------------------------+patches/packages/seamonkey-1.1.19-i486-1_slack12.1.tgz: Upgraded. Upgraded to seamonkey-1.1.19. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey11.html (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted April 5, 2010 Posted April 5, 2010 Updates Slackware 13.0[slackware-security] mozilla-thunderbird (SSA:2010-095-01)New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,12.1, 12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird20.html (* Security fix *)+--------------------------+~EricUpdates Slackware 13.0[slackware-security] mozilla-firefox (SSA:2010-095-02)New mozilla-firefox packages are available for Slackware 12.2, 13.0,and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.3-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+~EricUpdates Slackware 13.0[slackware-security] seamonkey (SSA:2010-095-03)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.4-i486-1_slack13.0.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.4-i486-1_slack13.0.txz: Upgraded.+--------------------------+~Eric
V.T. Eric Layton Posted April 21, 2010 Posted April 21, 2010 Updates Slackware 13.0[slackware-security] sudo (SSA:2010-110-01)New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/sudo-1.7.2p6-i486-1_slack13.0.txz: Upgraded. This update fixes security issues that may give a user with permission to run sudoedit the ability to run arbitrary commands. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163 http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html (* Security fix *)+--------------------------+=====[slackware-security] kdebase-workspace (SSA:2010-110-02)New kdebase-workspace packages are available for Slackware 13.0 and -current tofix a security issue with KDM.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/kdebase-workspace-4.2.4-i486-2_slack13.0.txz: Rebuilt. Patched a security issue with KDM. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0436 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted April 26, 2010 Posted April 26, 2010 Updates Slackware 13.0[slackware-security] irssi (SSA:2010-116-01)New irssi packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1,12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/irssi-0.8.15-i486-1_slack13.0.txz: Upgraded. From the NEWS file: - Check if an SSL certificate matches the hostname of the server we are connecting to. - Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted May 18, 2010 Posted May 18, 2010 Updates Slackware 13.0[slackware-security] fetchmail (SSA:2010-136-01)New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/fetchmail-6.3.17-i486-1_slack13.0.txz: Upgraded. A crafted header or POP3 UIDL list could cause a memory leak and crash leading to a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted May 19, 2010 Posted May 19, 2010 Updates Slackware 13.0[slackware-security] pidgin (SSA:2010-138-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix a security issue.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.0-i486-1_slack13.0.txz: Upgraded. Upgraded to pidgin-2.7.0 and pidgin-encryption-3.1. The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624 (* Security fix *)+--------------------------+~Eric
V.T. Eric Layton Posted October 10, 2010 Posted October 10, 2010 NOTICE I'm would like to apologize for the lack of update posting in this area over the past few months. I will attempt to start posting the updates again soon. In the meantime, you can click HERE for all of the 2010 Slackware security updates.Thank you for your patience and understanding.~Eric
V.T. Eric Layton Posted October 23, 2010 Posted October 23, 2010 [slackware-security] mozilla-thunderbird (SSA:2010-295-03)New mozilla-thunderbird packages are available for Slackware 13.1 and -currentto fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.0.9-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+======[slackware-security] mozilla-firefox (SSA:2010-295-02)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.11-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+======[slackware-security] glibc (SSA:2010-295-01)New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt. Patched "dynamic linker expands $ORIGIN in setuid library search path". This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 http://seclists.org/fulldisclosure/2010/Oct/257 (* Security fix *)patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt.+--------------------------+
V.T. Eric Layton Posted October 27, 2010 Posted October 27, 2010 [slackware-security] seamonkey (SSA:2010-300-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.9-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.9-i486-1_slack13.1.txz: Upgraded.+--------------------------+
V.T. Eric Layton Posted October 29, 2010 Posted October 29, 2010 [slackware-security] glibc (SSA:2010-301-01)New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *)patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt.patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt.patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *)patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n.+--------------------------+=====[slackware-security] mozilla-firefox (SSA:2010-301-02)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.12-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+
V.T. Eric Layton Posted November 1, 2010 Posted November 1, 2010 [slackware-security] seamonkey (SSA:2010-305-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.10-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.10-i486-1_slack13.1.txz: Upgraded.+--------------------------+
V.T. Eric Layton Posted November 2, 2010 Posted November 2, 2010 [slackware-security] pidgin (SSA:2010-305-02)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.5-i486-1_slack13.1.txz: Upgraded. This update addresses some denial of service bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711 (* Security fix *)+--------------------------+=====[slackware-security] proftpd (SSA:2010-305-03)New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to a fix security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/proftpd-1.3.3c-i486-1_slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867 (* Security fix *)+--------------------------+
Recommended Posts