Jump to content

Recommended Posts

Posted

Updates Slackware 13.0Package seamonkey-1.1.17-i486-1 upgraded with new package seamonkey-1.1.18-i486-1.txz.Package seamonkey-solibs-1.1.17-i486-1 upgraded with new package seamonkey-solibs-1.1.18-i486-2.txz.Package mozilla-firefox-3.5.2-i686-1 upgraded with new package mozilla-firefox-3.5.3-i686-1.txz.Total 21051 kBB) BrunoNote: Swaret stopped working, so changed package-manager to: slackpkgCommand used: "# slackpkg update && slackpkg upgrade-all"

  • Replies 213
  • Created
  • Last Reply

Top Posters In This Topic

  • V.T. Eric Layton

    206

  • Bruno

    8

Posted

Updates Slackware 13.0Upgrading mesa-7.5-i486-1 package using mesa-7.5-i486-2.txzTotal: 3657 kBB) Bruno

  • 2 weeks later...
Posted

Updates Slackware 13.0Upgrading php-5.2.10-i486-2 package using php-5.2.11-i486-1_slack13.0.txzUpgrading samba-3.2.13-i486-1 package using samba-3.2.15-i486-1_slack13.0.txzTotal: 19816 kB B) Bruno

  • 3 weeks later...
Posted

Updates Slackware 13.0Upgrading gnutls-2.6.6-i486-1 package using ./gnutls-2.8.4-i486-1_slack13.0.txz Upgrading pidgin-2.5.9-i486-1 package using ./pidgin-2.6.3-i486-1_slack13.0.txzTotal: 7878 kB B) Bruno

  • 2 weeks later...
Posted

Updates Slackware 13.0Upgrading poppler-0.10.7-i486-1 package using poppler-0.10.7-i486-2_slack13.0.txzUpgrading xpdf-3.02pl3-i486-1 package using xpdf-3.02pl4-i486-1_slack13.0.txzTotal: 2311 kB :thumbsup: Bruno

Posted

Updates Slackware 13.0Upgrading mozilla-firefox-3.5.3-i686-1 package using mozilla-firefox-3.5.4-i686-1.txzTotal: 7881 kB ;) Bruno

Posted

Updates Slackware 13.0Upgrading mozilla-firefox-3.5.4-i686-1 package using mozilla-firefox-3.5.5-i686-1.txzUpgrading seamonkey-1.1.18-i486-1 package using seamonkey-2.0-i486-1_slack13.0.txzUpgrading seamonkey-solibs-1.1.18-i486-2 package using seamonkey-solibs-2.0-i486-1_slack13.0.txzTotal: 20297 kB :) Bruno

  • 2 weeks later...
Posted

Updates Slackware 13.0Upgrading openssl-0.9.8k-i486-2 package using openssl-0.9.8k-i486-3_slack13.0.txzUpgrading openssl-solibs-0.9.8k-i486-2 package using openssl-solibs-0.9.8k-i486-3_slack13.0.txzUpgrading seamonkey-2.0-i486-1_slack13.0 package using seamonkey-2.0-i486-3_slack13.0.txzUpgrading seamonkey-solibs-2.0-i486-1_slack13.0 package using seamonkey-solibs-2.0-i486-3_slack13.0.txzTotal: 16274 kB B) Bruno

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0Wed Dec 2 20:51:55 UTC 2009patches/packages/bind-9.4.3_P4-i486-1_slack13.0.txz: Upgraded.BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses apotential cache poisoning vulnerability, in which data in the additionalsection of a response could be cached without proper DNSSEC validation.For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022http://www.kb.cert.org/vuls/id/418861(* Security fix *)~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0Tue Dec 8 20:44:44 UTC 2009patches/packages/linux-2.6.29.6-3/: Added new kernels and kernel packages with a patch for CVE-2009-1298,a kernel bug where oversized IP packets cause a NULL pointer dereferenceand immediate hang.For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1298 http://lkml.org/lkml/2009/11/25/104 Be sure to reinstall LILO after upgrading the kernel packages. (* Security fix *)~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If aspoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPUand/or disk space exhaustion, resulting in a denial of service.patches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz: Upgraded. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *)~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] gimp (SSA:2009-345-01)New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current tofix security issues.More details about these issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/gimp-2.6.8-i486-1_slack13.0.txz: Upgraded. This fixes integer overflows in the image handling plugins that could lead to the execution of arbitrary code or an application crash if a malicious image is loaded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909 (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] seamonkey (SSA:2009-352-01)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.More details about the issues may be found on the Mozilla web site: http://www.mozilla.org/security/known-vuln...eamonkey20.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.1-i486-1_slack13.0.txz: Upgraded. Upgraded to seamonkey-2.0.1 shared libraries.patches/packages/seamonkey-solibs-2.0.1-i486-1_slack13.0.txz: Upgraded. Upgraded to seamonkey-2.0.1. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)+--------------------------+~Eric

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] mozilla-firefox (SSA:2009-351-01)New mozilla-firefox packages are available for Slackware 12.2, 13.0,and -current to fix security issues.The Firefox 3.0.16 package may also be used with Slackware 11.0 or newer.More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vuln.../firefox30.html http://www.mozilla.org/security/known-vuln.../firefox35.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.5.6-i686-1.txz: Upgraded. Upgraded to firefox-3.5.6. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox35.html (* Security fix *)+--------------------------+~Eric

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] httpd (SSA:2010-024-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/httpd-2.2.14-i486-1_slack13.0.txz: Upgraded. This fixes a couple of security bugs when using mod_proxy_ftp. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 (* Security fix *)+--------------------------+[slackware-security] php (SSA:2010-024-02)New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/php-5.2.12-i486-1_slack13.0.txz: Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *)+--------------------------+[slackware-security] pidgin (SSA:2010-024-03)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix a security issue.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.6.5-i486-1_slack13.0.txz : Upgraded. This fixes a directory traversal vulnerability in Pidgin's MSN protocol handling that may allow attackers to download arbitrary files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 (* Security fix *)+--------------------------+~Eric

  • 1 month later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] seamonkey (SSA:2010-060-01)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.3-i486-1_slack13.0.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.3-i486-1_slack13.0.txz: Upgraded.+--------------------------+[slackware-security] openssl (SSA:2010-060-02)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8m-i486-1_slack13.0.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *)patches/packages/openssl-solibs-0.9.8m-i486-1_slack13.0.txz: Upgraded.+--------------------------+[slackware-security] gzip (SSA:2010-060-03)New gzip packages are available for Slackware 13.0 (64-bit) and -current tofix a security issue.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001Here are the details from the Slackware64 13.0 ChangeLog:+--------------------------+patches/packages/gzip-1.4-x86_64-1_slack13.0.tgz: Upgraded. gzip -d could segfault and/or clobber the stack, possibly leading to arbitrary code execution. This affects x86_64 but not 32-bit systems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] httpd (SSA:2010-067-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations.mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR.mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems]More details about these issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/httpd-2.2.15-i486-1_slack13.0.txz: Upgraded. This update addresses a few security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] pidgin (SSA:2010-069-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix denial of service issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.6.6-i486-1_slack13.0.txz: Upgraded. This fixes a few denial-of-service flaws as well as other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 (* Security fix *)+--------------------------+~Eric

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] openssl (SSA:2010-090-01)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,and -current to fix security issues.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740A recompiled proftpd package is required if you run ProFTPD.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8n-i486-1_slack13.0.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 (* Security fix *)patches/packages/openssl-solibs-0.9.8n-i486-1_slack13.0.txz: Upgraded.+--------------------------+=====[slackware-security] mozilla-firefox (SSA:2010-090-02)New mozilla-firefox packages are available for Slackware 13.0 and -current tofix security issues.More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vuln.../firefox36.htmlHere are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.2-i686-1.txz: Upgraded. Upgraded to firefox-3.6.2. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+=====[slackware-security] seamonkey (SSA:2010-090-03)New seamonkey packages are available for Slackware 11.0, 12.0, and 12.1 tofix security issues.For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey11.htmlHere are the details from the Slackware 12.1 ChangeLog:+--------------------------+patches/packages/seamonkey-1.1.19-i486-1_slack12.1.tgz: Upgraded. Upgraded to seamonkey-1.1.19. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey11.html (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] mozilla-thunderbird (SSA:2010-095-01)New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,12.1, 12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird20.html (* Security fix *)+--------------------------+~EricUpdates Slackware 13.0[slackware-security] mozilla-firefox (SSA:2010-095-02)New mozilla-firefox packages are available for Slackware 12.2, 13.0,and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.3-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+~EricUpdates Slackware 13.0[slackware-security] seamonkey (SSA:2010-095-03)New seamonkey packages are available for Slackware 12.2, 13.0, and -current tofix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.4-i486-1_slack13.0.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.4-i486-1_slack13.0.txz: Upgraded.+--------------------------+~Eric

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] sudo (SSA:2010-110-01)New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/sudo-1.7.2p6-i486-1_slack13.0.txz: Upgraded. This update fixes security issues that may give a user with permission to run sudoedit the ability to run arbitrary commands. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163 http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html (* Security fix *)+--------------------------+=====[slackware-security] kdebase-workspace (SSA:2010-110-02)New kdebase-workspace packages are available for Slackware 13.0 and -current tofix a security issue with KDM.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/kdebase-workspace-4.2.4-i486-2_slack13.0.txz: Rebuilt. Patched a security issue with KDM. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0436 (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] irssi (SSA:2010-116-01)New irssi packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1,12.2, 13.0, and -current to fix security issues.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/irssi-0.8.15-i486-1_slack13.0.txz: Upgraded. From the NEWS file: - Check if an SSL certificate matches the hostname of the server we are connecting to. - Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156 (* Security fix *)+--------------------------+~Eric

  • 3 weeks later...
V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] fetchmail (SSA:2010-136-01)New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/fetchmail-6.3.17-i486-1_slack13.0.txz: Upgraded. A crafted header or POP3 UIDL list could cause a memory leak and crash leading to a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167 (* Security fix *)+--------------------------+~Eric

V.T. Eric Layton
Posted

Updates Slackware 13.0[slackware-security] pidgin (SSA:2010-138-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,and -current to fix a security issue.Here are the details from the Slackware 13.0 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.0-i486-1_slack13.0.txz: Upgraded. Upgraded to pidgin-2.7.0 and pidgin-encryption-3.1. The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624 (* Security fix *)+--------------------------+~Eric

  • 4 months later...
V.T. Eric Layton
Posted

NOTICE

I'm would like to apologize for the lack of update posting in this area over the past few months. I will attempt to start posting the updates again soon. In the meantime, you can click HERE for all of the 2010 Slackware security updates.Thank you for your patience and understanding.~Eric

  • 2 weeks later...
V.T. Eric Layton
Posted

[slackware-security] mozilla-thunderbird (SSA:2010-295-03)New mozilla-thunderbird packages are available for Slackware 13.1 and -currentto fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.0.9-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+======[slackware-security] mozilla-firefox (SSA:2010-295-02)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.11-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+======[slackware-security] glibc (SSA:2010-295-01)New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt. Patched "dynamic linker expands $ORIGIN in setuid library search path". This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 http://seclists.org/fulldisclosure/2010/Oct/257 (* Security fix *)patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt.patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt.+--------------------------+

V.T. Eric Layton
Posted

[slackware-security] seamonkey (SSA:2010-300-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.9-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.9-i486-1_slack13.1.txz: Upgraded.+--------------------------+

V.T. Eric Layton
Posted

[slackware-security] glibc (SSA:2010-301-01)New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *)patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt.patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt.patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *)patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n.+--------------------------+=====[slackware-security] mozilla-firefox (SSA:2010-301-02)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.12-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+

V.T. Eric Layton
Posted

[slackware-security] seamonkey (SSA:2010-305-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.10-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.10-i486-1_slack13.1.txz: Upgraded.+--------------------------+

V.T. Eric Layton
Posted

[slackware-security] pidgin (SSA:2010-305-02)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.5-i486-1_slack13.1.txz: Upgraded. This update addresses some denial of service bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711 (* Security fix *)+--------------------------+=====[slackware-security] proftpd (SSA:2010-305-03)New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to a fix security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/proftpd-1.3.3c-i486-1_slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867 (* Security fix *)+--------------------------+


×
×
  • Create New...