slackware Slackware Updates and Other News

[V.T. Eric Layton]

[slackware-security] mozilla-thunderbird (SSA:2010-317-01)New mozilla-thunderbird packages are available for Slackware 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.0.10-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+As noted in the Slackware 13.0 ChangeLog, this is a major update there:+--------------------------+patches/packages/mozilla-thunderbird-3.0.10-i686-1.txz: Upgraded. With Thunderbird 2.x unmaintained, it seems like a good idea to provide a upgrade to Thunderbird 3.x for security reasons. This will bring with it quite a bit of changed functionality, so be prepared... one hint is that it will now make local copies of remote mailboxes by default, so you will need to have enough disk space to handle that. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+Special Note: This update will install T-bird 3.0 on your Slack 13.0 system... BE AWARE. T-bird 3.0 is much different from 2.0. Many of your extensions and customizations will NOT work with the newer version.

[V.T. Eric Layton]

[slackware-security] xpdf (SSA:2010-324-01)New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/xpdf-3.02pl5-i486-1_slack13.1.txz: Upgraded. This update fixes security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 (* Security fix *)+--------------------------+=====[slackware-security] poppler (SSA:2010-324-02)New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/poppler-0.12.4-i486-2_slack13.1.txz: Rebuilt. This updated package includes patches based on xpdf 3.02pl5. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] openssl (SSA:2010-326-01)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8p-i486-1_slack13.1.txz: Rebuilt. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101116.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 (* Security fix *)patches/packages/openssl-solibs-0.9.8p-i486-1_slack13.1.txz: Rebuilt. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] cups (SSA:2010-333-01)New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/cups-1.4.5-i486-1_slack13.1.txz: Upgraded. Fixed memory corruption bugs that could lead to a denial of service or possibly execution of arbitrary code through a crafted IPP request. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] openssl (SSA:2010-340-01)New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8q-i486-1_slack13.1.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101202.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252 (* Security fix *)patches/packages/openssl-solibs-0.9.8q-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] mozilla-firefox (SSA:2010-343-01)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.13-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+=====[slackware-security] mozilla-thunderbird (SSA:2010-343-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.0.11-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] seamonkey (SSA:2010-344-01)New seamonkey packages are available for Slackware 12.2, 13.0, and 13.1 tofix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.11-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.11-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] bind (SSA:2010-350-01)New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues thatcould allow attackers to successfully query private DNS records, or cause adenial of service.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/bind-9.4_ESV_R4-i486-1_slack13.1.txz: Upgraded. This update fixes some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] php (SSA:2010-357-01)New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/php-5.2.16-i486-1_slack13.1.txz: Upgraded. This fixes many bugs, including some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150 (* Security fix *)+--------------------------+======[slackware-security] proftpd (SSA:2010-357-02)New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/proftpd-1.3.3d-i486-1_slack13.1.txz: Upgraded. This update fixes an unbounded copy operation in sql_prepare_where() that could be exploited to execute arbitrary code. However, this only affects servers that use the sql_mod module (which Slackware does not ship), and in addition the ability to exploit this depends on an SQL injection bug that was already fixed in proftpd-1.3.2rc2 (this according to upstream). So in theory, this fix should only be of academic interest. But in practice, better safe than sorry. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] pidgin (SSA:2010-361-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a denial of service security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.9-i486-1_slack13.1.txz: Upgraded. Fixed denial-of-service flaw in the MSN protocol. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] php (SSA:2011-010-01)New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/php-5.2.17-i486-1_slack13.1.txz: Upgraded. This update fixes an infinite loop with conversions from string to double that may result in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] apr-util (SSA:2011-041-01)New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,12.2, 13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/apr-1.3.12-i486-1_slack13.1.txz: Upgraded.patches/packages/apr-util-1.3.10-i486-1_slack13.1.txz: Upgraded. Fixes a memory leak and DoS in apr_brigade_split_line(). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 (* Security fix *)+--------------------------+======[slackware-security] expat (SSA:2011-041-02)New expat packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/expat-2.0.1-i486-2_slack13.1.txz: Upgraded. Fixed various crash and hang bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 (* Security fix *)+--------------------------+======[slackware-security] httpd (SSA:2011-041-03)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/httpd-2.2.17-i486-1_slack13.1.txz: Upgraded. This fixes some denial of service bugs in the bundled libraries. On Slackware we do not use the bundled expat or apr-util, so the issues are also fixed in those external libraries. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 (* Security fix *)+--------------------------+======[slackware-security] openssl (SSA:2011-041-04)New openssl packages are available for 11.0, 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/openssl-0.9.8r-i486-1_slack13.1.txz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20110208.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014 (* Security fix *) Patched certwatch to work with recent versions of "file". Thanks to Ulrich Sch?fer and Jan Rafaj.patches/packages/openssl-solibs-0.9.8r-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+======[slackware-security] sudo (SSA:2011-041-05)New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/sudo-1.7.4p6-i486-1_slack13.1.txz: Upgraded. Fix Runas group password checking. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] pidgin (SSA:2011-055-01)New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/pidgin-2.7.10-i486-1_slack13.1.txz: Upgraded. Fixed potential information disclosure issue in libpurple. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] mozilla-firefox (SSA:2011-060-01)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.14-i686-1.txz: Upgraded. Firefox 3.6.14 is a regular security and stability update to Firefox 3.6.x. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] mozilla-firefox (SSA:2011-068-02)New mozilla-firefox packages are available for Slackware 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.15-i686-1.txz: Upgraded. Firefox 3.6.15 is a security and stability update to Firefox 3.6.x. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] seamonkey (SSA:2011-068-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.12-i486-1_slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.12-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] subversion (SSA:2011-070-01)New subversion packages are available for Slackware 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/subversion-1.6.16-i486-1_slack13.1.txz: Upgraded. Fixed a remotely triggerable NULL-pointer dereference in mod_dav_svn. For more information, see: http://subversion.apache.org/security/CVE-...15-advisory.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] seamonkey (SSA:2011-086-01)New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.13-i486-1_slack13.1.txz: Upgraded. This release fixes a security vulnerability by blacklisting several invalid HTTPS certificates. For more information, see: http://www.mozilla.org/security/announce/2...fsa2011-11.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.13-i486-1_slack13.1.txz: Upgraded.+--------------------------+=====[slackware-security] mozilla-firefox (SSA:2011-086-02)New mozilla-firefox packages are available for Slackware 13.0 and 13.1to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.16-i686-1.txz: Upgraded. This release fixes a security vulnerability by blacklisting several invalid HTTPS certificates. For more information, see: http://www.mozilla.org/security/announce/2...fsa2011-11.html (* Security fix *)+--------------------------+=====[slackware-security] shadow (SSA:2011-086-03)New shadow packages are available for Slackware 13.1 and -current tofix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/shadow-4.1.4.3-i486-1_slack13.1.txz: Rebuilt. This release fixes a security issue where local users may be able to add themselves to NIS groups through chfn and chsh. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721 (* Security fix *) Thanks to Gary Langshaw for collecting important additional patches from svn.+--------------------------+

[V.T. Eric Layton]

[slackware-security] dhcp (SSA:2011-097-01)New dhcp packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0,12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/dhcp-4.1_ESV_R2-i486-1_slack13.1.txz: Upgraded. In dhclient, check the data for some string options for reasonableness before passing it along to the script that interfaces with the OS. This prevents some possible attacks by a hostile DHCP server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] shadow (SSA:2011-101-01)New shadow packages are available for Slackware 13.1, and -current to fix asecurity issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/shadow-4.1.4.3-i486-2_slack13.1.txz: Rebuilt. Corrected a packaging error where incorrect permissions on /usr/sbin/lastlog and /usr/sbin/faillog allow any user to set login failure limits on any other user (including root), potentially leading to a denial of service. Thanks to pyllyukko for discovering and reporting this vulnerability. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] kdelibs (SSA:2011-101-02)A new kdelibs package is available for Slackware 13.1 to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/kdelibs-4.4.3-i486-2_slack13.1.txz: Rebuilt. Patched CVE-2011-1168. For more information, see: http://www.kde.org/info/security/advisory-20110411-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1168 (* Security fix *)+--------------------------+=====[slackware-security] libtiff (SSA:2011-098-01)New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/libtiff-3.9.4-i486-2_slack13.1.txz: Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 (* Security fix *)+--------------------------+======[slackware-security] xrdb (SSA:2011-096-01)New xrdb packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/xrdb-1.0.9-i486-1_slack13.1.txz: Upgraded. This fixes a security issue where improperly sanitized input could lead to privilege escalation or arbitrary command execution as root. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] acl (SSA:2011-108-01)New acl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/acl-2.2.50-i486-1_slack13.1.txz: Upgraded. Fix the --physical option in setfacl and getfacl to prevent symlink attacks. Thanks to Martijn Dekker for the notification. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] polkit (SSA:2011-109-01)New polkit packages are available for Slackware 13.1 and -current tofix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/polkit-1_14bdfd8-i486-2_slack13.1.txz: Rebuilt. Patched to fix a race condition that could allow a local user to execute arbitrary code as root. Thanks to Neel Mehta of Google. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1485 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] rdesktop (SSA:2011-110-01)New rdesktop packages are available for Slackware 11.0, 12.0, 12.1, 12.2,13.0, 13.1, and -current to fix a security issue.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/rdesktop-1.6.0-i486-2_slack13.1.txz: Rebuilt. Patched a traversal vulnerability (disallow /.. requests). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595 (* Security fix *)+--------------------------+

[V.T. Eric Layton]

Yes, it's that time again! After many months of development and careful testing, we are proud to announce the release of Slackware version 13.37! We are sure you'll enjoy the many improvements. We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect. Slackware is well known for its simplicity and the fact that we try to bring software to you in the condition that the authors intended. Slackware 13.37 brings many updates and enhancements...

http://slackware.com/announce/13.37.php

[V.T. Eric Layton]

[slackware-security] mozilla-firefox (SSA:2011-122-01)New mozilla-firefox packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-4.0.1-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+======[slackware-security] mozilla-thunderbird (SSA:2011-122-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+======[slackware-security] seamonkey (SSA:2011-122-03)New seamonkey packages are available for Slackware 12.2, 13.0, and 13.1 tofix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/seamonkey-2.0.14-i486-1_slack13.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...eamonkey20.html (* Security fix *)patches/packages/seamonkey-solibs-2.0.14-i486-1_slack13.1.txz: Upgraded. (* Security fix *)+--------------------------+

[V.T. Eric Layton]

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] apr/apr-util (SSA:2011-133-01)New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/apr-1.4.4-i486-1_slack13.37.txz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *)patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz: Upgraded.+--------------------------+======[slackware-security] httpd (SSA:2011-133-02)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,13.37, and -current. These have been compiled against the new versions ofapr and apr-util, which were upgraded to fix a security issue that affectsApache httpd. It is recommended that all three updates be applied.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.18-i486-1_slack13.37.txz: Upgraded. This is a bug fix release, but since the upgrades to apr/apr-util require at least an httpd recompile we opted to upgrade to the newest httpd.+--------------------------+

[V.T. Eric Layton]

[slackware-security] apr/apr-util (SSA:2011-145-01)New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,12.2, 13.0, 13.1, 13.37, and -current to fix a security issue in apr anda crash bug in apr-util.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/apr-1.4.5-i486-1_slack13.37.txz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 (* Security fix *)patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().+--------------------------+=====[slackware-security] httpd (SSA:2011-145-02)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,13.37, and -current to fix accidental ABI breakage caused by httpd-2.2.18.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.19-i486-1_slack13.37.txz: Upgraded. Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). Apache httpd-2.2.18 is considered abandoned. All users must upgrade.+--------------------------+

[V.T. Eric Layton]

[slackware-security] fetchmail (SSA:2011-171-01)New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -currentto fix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/fetchmail-6.3.20-i486-1_slack13.37.txz: Upgraded. This release fixes a denial of service in STARTTLS protocol phases. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt (* Security fix *)+--------------------------+

[V.T. Eric Layton]

[slackware-security] mozilla-firefox (SSA:2011-174-01)New mozilla-firefox packages are available for Slackware 13.0, 13.1,13.37, and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-5.0-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...es/firefox.html (* Security fix *)+--------------------------+