V.T. Eric Layton Posted June 28, 2011 Posted June 28, 2011 [slackware-security] pidgin (SSA:2011-178-01)New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,and -current to fix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz: Upgraded. Fixed a remote denial of service. A remote attacker could set a specially crafted GIF file as their buddy icon causing vulerable versions of pidgin to crash due to excessive memory use. For more information, see: http://pidgin.im/news/security/?id=52 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485 (* Security fix *)+--------------------------+
V.T. Eric Layton Posted July 8, 2011 Posted July 8, 2011 [slackware-security] bind (SSA:2011-189-01)New bind packages are available for Slackware 13.37, and -current tofix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz: Upgraded. A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service. The issue exists in BIND 9.6.3 and newer. "Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *)+--------------------------+=====[slackware-security] mozilla-thunderbird (SSA:2011-189-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+
V.T. Eric Layton Posted July 15, 2011 Posted July 15, 2011 [slackware-security] mozilla-firefox (SSA:2011-195-02)New mozilla-firefox packages are available for Slackware 13.0 and 13.1 tofix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.19-i686-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+=====[slackware-security] seamonkey (SSA:2011-195-01)New seamonkey packages are available for Slackware 13.37, and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/seamonkey-2.2-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *)patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *)+--------------------------+
V.T. Eric Layton Posted July 30, 2011 Posted July 30, 2011 [slackware-security] libpng (SSA:2011-210-01)New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -currentto fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/libpng-1.4.8-i486-1_slack13.37.txz: Upgraded. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *)+--------------------------+[slackware-security] dhcpcd (SSA:2011-210-02)New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz: Upgraded. Sanitize the host name provided by the DHCP server to insure that it does not contain any shell metacharacters. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996 (* Security fix *)+--------------------------+[slackware-security] samba (SSA:2011-210-03)New samba packages are available for Slackware 13.1, 13.37, and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded. Fixed cross-site request forgery and cross-site scripting vulnerability in SWAT (the Samba Web Administration Tool). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 (* Security fix *)+--------------------------+
V.T. Eric Layton Posted August 13, 2011 Posted August 13, 2011 [slackware-security] bind (SSA:2011-224-01)New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/bind-9.7.4-i486-1_slack13.37.txz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *)+--------------------------+
V.T. Eric Layton Posted September 7, 2011 Posted September 7, 2011 [slackware-security] mozilla-firefox (SSA:2011-249-01) New mozilla-firefox packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-6.0.2-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html http://www.mozilla.org/security/known-vuln...es/firefox.html http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+[slackware-security] mozilla-thunderbird (SSA:2011-249-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird31.html http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+[slackware-security] seamonkey (SSA:2011-249-03)New seamonkey packages are available for Slackware 13.37 and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/seamonkey-2.3.3-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)patches/packages/seamonkey-solibs-2.3.3-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+
V.T. Eric Layton Posted September 9, 2011 Posted September 9, 2011 [slackware-security] httpd (SSA:2011-252-01)Not long ago, httpd package updates were issued to clamp down on a denial of service bug that's seen some action in the wild. New packages are availablefor Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.20-i486-1_slack13.37.txz: Upgraded. SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 (* Security fix *)+--------------------------+
V.T. Eric Layton Posted October 15, 2011 Posted October 15, 2011 [slackware-security] httpd (SSA:2011-284-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,13.37, and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.21-i486-1_slack13.37.txz: Upgraded. Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348 Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20. PR 51748. [] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 (* Security fix *)+--------------------------+
V.T. Eric Layton Posted February 10, 2012 Posted February 10, 2012 [slackware-security] httpd (SSA:2012-041-01) Â New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ] *) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] *) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Â [slackware-security] php (SSA:2012-041-02) Â New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded. Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830 (* Security fix *) +--------------------------+ Â [slackware-security] glibc (SSA:2012-041-03) Â New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is only now getting around to being patched. To exploit it, one must be able to write beneath /usr/share/zoneinfo, which is usually not possible for a normal user, but may be in the case where they are chroot()ed to a directory that they own. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 (* Security fix *) patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt. patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt. (* Security fix *) patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt. (* Security fix *) patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt. +--------------------------+ Â [slackware-security] proftpd (SSA:2012-041-04) Â New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz: Upgraded. This update fixes a use-after-free() memory corruption error, and possibly other unspecified issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 (* Security fix *) +--------------------------+ Â [slackware-security] vsftpd (SSA:2012-041-05) Â New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to work around a vulnerability in glibc. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz: Upgraded. Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option "chroot_local_user" must be set in /etc/vsftpd.conf. Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug Nevertheless: (* Security fix *) +--------------------------+ Â
V.T. Eric Layton Posted June 15, 2012 Posted June 15, 2012 [slackware-security] seamonkey (SSA:2012-166-04) Â New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-thunderbird (SSA:2012-166-03) Â New mozilla-thunderbird packages are available for Slackware 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-firefox (SSA:2012-166-02) Â New mozilla-firefox packages are available for Slackware 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) +--------------------------+ Â Â [slackware-security] bind (SSA:2012-166-01) Â New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted July 15, 2012 Posted July 15, 2012 [slackware-security] php (SSA:2012-195-01) Â New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/php-5.3.14-i486-1_slack13.37.txz: Upgraded. This release fixes a weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. (* Security fix *) +--------------------------+ [slackware-security] pidgin (SSA:2012-195-02) Â New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/pidgin-2.10.6-i486-1_slack13.37.txz: Upgraded. Fixes a security issue for users of MXit: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted July 18, 2012 Posted July 18, 2012 [slackware-security] libexif (SSA:2012-200-01) Â New libexif packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/libexif-0.6.21-i486-1_slack13.37.txz: Upgraded. This update fixes a number of remotely exploitable issues in libexif with effects ranging from information leakage to potential remote code execution. For more information, see: http://sourceforge.net/mailarchive/message.php?msg_id=29534027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845 (* Security fix *) +--------------------------+ Â Â [slackware-security] mozilla-firefox (SSA:2012-200-02) Â New mozilla-firefox packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-14.0.1-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) +--------------------------+ Â Â Â [slackware-security] seamonkey (SSA:2012-200-04) Â New seamonkey packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.11-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) patches/packages/seamonkey-solibs-2.11-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-thunderbird (SSA:2012-200-03) Â New mozilla-thunderbird packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-14.0-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted July 25, 2012 Posted July 25, 2012 [slackware-security] libpng (SSA:2012-206-01) Â New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted July 27, 2012 Posted July 27, 2012 [slackware-security] bind (SSA:2012-209-01) Â New bind packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/bind-9.7.6_P2-i486-1_slack13.37.txz: Upgraded. Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [RT #30025] ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [RT #29539 & #30233] Under heavy incoming TCP query loads named could experience a memory leak which could lead to significant reductions in query response or cause the server to be terminated on systems with "out of memory" killers. [RT #29539] A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [RT #29644] (* Security fix *) +--------------------------+
V.T. Eric Layton Posted August 16, 2012 Posted August 16, 2012 [slackware-security] t1lib (SSA:2012-228-01) Â New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/t1lib-5.1.2-i486-3_slack13.37.txz: Rebuilt. Patched various overflows, crashes, and pointer bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 (* Security fix *) +--------------------------+ Â [slackware-security] emacs (SSA:2012-228-02) Â New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/emacs-23.3-i486-2_slack13.37.txz: Rebuilt. Patched to fix a security flaw in the file-local variables code. When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. Bug discovered by Paul Ling. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted August 25, 2012 Posted August 25, 2012 [slackware-security] dhcp (SSA:2012-237-01) Â New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/dhcp-4.2.4_P1-i486-1_slack13.37.txz: Upgraded. This fixes memory leaks, denial of service vulnerabilities, and disallows packets with zero length client ids (not valid according to RFC 2132 section 9.14). For more information, see: https://kb.isc.org/article/AA-00736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted August 31, 2012 Posted August 31, 2012 [slackware-security] slocate (SSA:2012-244-05) Â New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ Patched to use lstat64 and -D_LARGEFILE64_SOURCE. Thanks to Mancha+. Patched to fix information leak of filenames in protected directories. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0227 (* Security fix *) +--------------------------+ Â Â [slackware-security] glibc (SSA:2012-244-01) Â New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/glibc-2.13-i486-6_slack13.37.txz: Rebuilt. Patched multiple integer overflows in the strtod, strtof, strtold, and strtod_l functions in stdlib in the GNU C Library allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480 (* Security fix *) patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz: Rebuilt. +--------------------------+ Â [slackware-security] mozilla-firefox (SSA:2012-244-02) Â New mozilla-firefox packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) +--------------------------+ Â Â [slackware-security] mozilla-thunderbird (SSA:2012-244-03) Â New mozilla-thunderbird packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+ Â [slackware-security] seamonkey (SSA:2012-244-04) Â New seamonkey packages are available for Slackware 13.37 and -current to fix security issues. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 14, 2012 Posted September 14, 2012 [slackware-security] patch (SSA:2012-257-02) Â New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded. This version of patch ignores destination filenames that are absolute or that contain a component of "..", unless such a filename is provided as an argument. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 (* Security fix *) +--------------------------+ Â [slackware-security] bind (SSA:2012-257-01) Â New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/bind-9.7.6_P3-i486-1_slack13.37.txz: Upgraded. This update fixes a security issue where named could crash on a specially crafted record. [RT #30416] (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 15, 2012 Posted September 15, 2012 [slackware-security] dhcp (SSA:2012-258-01) Â New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Â Â Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/dhcp-4.2.4_P2-i486-1_slack13.37.txz: Upgraded. An issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. [iSC-Bugs #30281] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted September 29, 2012 Posted September 29, 2012 Yes, it is that time again! After well over a year of planning, development, and testing, the Slackware Linux Project is proud to announce the latest stable release of the longest running distribution of the Linux operating system, Slackware version 14.0!  We are sure you'll enjoy the many improvements. We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect. Slackware is well known for its simplicity and the fact that we try to bring software to you in the condition that the authors intended.  Slackware 14.0 brings many updates and enhancements, among which you'll find two of the most advanced desktop environments available today: Xfce 4.10.0, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 4.8.5, a recent stable release of the 4.8.x series of the award-winning KDE desktop environment. These desktops utilize udev, udisks, and udisks2, and many of the specifications from freedesktop.org which allow the system administrator to grant use of various hardware devices according to users' group membership so that they will be able to use items such as USB flash sticks, USB cameras that appear like USB storage, portable hard drives, CD and DVD media, MP3 players, and more, all without requiring sudo, the mount or umount command. Just plug and play. Slackware's desktop should be suitable for any level of Linux experience.  Slackware uses the 3.2.29 kernel bringing you advanced performance features such as journaling filesystems, SCSI and ATA RAID volume support, SATA support, Software RAID, LVM (the Logical Volume Manager), and encrypted filesystems. Kernel support for X DRI (the Direct Rendering Interface) brings high-speed hardware accelerated 3D graphics to Linux.  There are two kinds of kernels in Slackware. First there are the huge kernels, which contain support for just about every driver in the Linux kernel. These are primarily intended to be used for installation, but there's no real reason that you couldn't continue to run them after you have installed. The other type of kernel is the generic kernel, in which nearly every driver is built as a module. To use a generic kernel you'll need to build an initrd to load your filesystem module and possibly your drive controller or other drivers needed at boot time, configure LILO to load the initrd at boot, and reinstall LILO. See the docs in /boot after installing for more information. Slackware's Linux kernels come in both SMP and non-SMP types now. The SMP kernel supports multiple processors, multi-core CPUs, HyperThreading, and about every other optimization available. In our own testing this kernel has proven to be fast, stable, and reliable. We recommend using the SMP kernel even on single processor machines if it will run on them. Note that on x86_64 (64-bit), all the kernels are SMP capable.   Here are some of the advanced features of Slackware 14.0:  - - Runs the 3.2.29 version of the Linux kernel from ftp.kernel.org. The 3.2.x series is well-tested, offers good performance, and will be getting long term support from kernel.org. For people interested in trying out newer kernels, we've provided sample configuration files for Linux 3.4.11, 3.5.4, and 3.6-rc4 under the /testing directory.  - - System binaries are linked with the GNU C Library, version 2.15. This version of glibc also has excellent compatibility with existing binaries.  - - X11 based on the X.Org Foundation's modular X Window System. This is X11R7.7, a new release, with many improvements in terms of performance and hardware support.  - - Installs gcc-4.7.1 as the default C, C++, Objective-C, Fortran-77/95/2003/2008, and Ada 95/2005/2012 compiler.  - - Support for NetworkManager for simple configuration of wired and wireless network connections, including mobile broadband, IPv6, VPN, and more. Roam seamlessly between known networks, and quickly set up new connections. We've retained full support for the traditional Slackware networking scripts and for the wicd network manager, offering choice and flexibility to all levels of users.  - - Support for fully encrypted network connections with OpenSSL, OpenSSH, OpenVPN, and GnuPG.  - - Apache (httpd) 2.4.3 web server with Dynamic Shared Object support, SSL, and PHP 5.4.7.  - - USB, IEEE 1394 (FireWire), and ACPI support, as well as legacy PCMCIA and Cardbus support. This makes Slackware a great operating system for your laptop.  - - The udev dynamic device management system for Linux 3.x. This locates and configures most hardware automatically as it is added (or removed) from the system, loading kernel modules as needed. It works along with the kernel's devtmpfs filesystem to create access nodes in the /dev directory.  - - New development tools, including Perl 5.16.1, Python 2.7.3, Ruby 1.9.3-p194, Subversion 1.7.6, git-1.7.12.1, mercurial-2.2.2, graphical tools like Qt designer and KDevelop, and much more.  - - Updated versions of the Slackware package management tools make it easy to add, remove, upgrade, and make your own Slackware packages. Package tracking makes it easy to upgrade from Slackware 13.37 to Slackware 14.0 (see UPGRADE.TXT and CHANGES_AND_HINTS.TXT). The slackpkg tool can also help update from an older version of Slackware to a newer one, and keep your Slackware system up to date. In addition, the slacktrack utility will help you build and maintain your own packages.  - - Web browsers galore! Includes KDE's Konqueror 4.8.5, SeaMonkey 2.12.1 (this is the replacement for the Mozilla Suite), Mozilla Firefox 15.0.1, as well as the Thunderbird 15.0.1 email and news client with advanced junk mail filtering. A script is also available in /extra to repackage Google Chrome as a native Slackware package.  - - The KDE Software Compilation 4.8.5, a complete desktop environment. This includes the Calligra productivity suite (previously known as KOffice), networking tools, GUI development with KDevelop, multimedia tools (including the Amarok music player and K3B disc burning software), the Konqueror web browser and file manager, dozens of games and utilities, international language support, and more.  - - A collection of GTK+ based applications including pidgin-2.10.6, gimp-2.8.2 (with many improvements including a single window mode), gkrellm-2.3.5, xchat-2.8.8, xsane-0.998, and pan-0.139.  - - A repository of extra software packages compiled and ready to run in the /extra directory.  - - Many more improved and upgraded packages than we can list here. For a complete list of core packages in Slackware 14.0, see this file:  ftp://ftp.slackware.com/pub/slackware/slackware-14.0/PACKAGES.TXT   Downloading Slackware 14.0: - ---------------------------  The full version of Slackware Linux 14.0 is available for download from the central Slackware FTP site hosted by our friends at osuosl.org:  ftp://ftp.slackware.com/pub/slackware/slackware-14.0/  If the sites are busy, see the list of official mirror sites here:  http://mirrors.slackware.com  We will be setting up BitTorrent downloads for the official ISO images. Stay tuned to http://slackware.com for the latest updates.  Instructions for burning the Slackware tree onto install discs may be found in the isolinux directory.   Purchasing Slackware on CD-ROM or DVD: - --------------------------------------  Or, please consider purchasing the Slackware Linux 14.0 six CD-ROM set or deluxe dual-sided DVD release directly from Slackware Linux, and you'll be helping to support the continued development of Slackware Linux!  The DVD release has the 32-bit x86 Slackware 14.0 release on one side, and the 64-bit x86_64 Slackware 14.0 release on the other. Both sides are bootable for easy installation, and includes everything from both releases of Slackware 14.0, including the complete source code trees.  The 6 CD-ROM release of Slackware 14.0 is the 32-bit x86 edition. It includes a bootable first CD-ROM for easy installation. The 6 CD-ROMs are labeled for easy reference.  The Slackware 14.0 x86 6 CD-ROM set is $49.95 plus shipping, or choose the Slackware 14.0 x86/x86_64 dual-sided DVD (also $49.95 plus shipping).  Slackware Linux is also available by subscription. When we release a new version of Slackware (which is normally once or twice a year) we ship it to you and bill your credit card for a reduced subscription price ($32.99 for the CD-ROM set, or $39.95 for the DVD) plus shipping.  For shipping options, see the Slackware store website. Before ordering express shipping, you may wish to check that we have the product in stock. We make releases to the net at the same time as disc production begins, so there is a lag between the online release and the shipping of media. But, even if you download now you can still buy the official media later. You'll feel good, be helping the project, and have a great decorative item perfect for any computer room shelf.   Ordering Information: - ---------------------  You can order online at the Slackware Linux store:  http://store.slackware.com  Other Slackware items like t-shirts, caps, pins, and stickers can also be found here. These will help you find and identify yourself to your fellow Slackware users. There are still some 1337 T-shirts left, and we'll also be unveiling a brand new T-shirt design soon for this new release.  Order inquiries (including questions about becoming a Slackware reseller) may be directed to this address: info@slackware.com  Have fun! :^) I hope you find Slackware to be useful, and thanks very much for your support of this project over the years.  - --- Patrick J. Volkerding  Visit us on the web at: http://slackware.com
V.T. Eric Layton Posted October 11, 2012 Posted October 11, 2012 [slackware-security] bind (SSA:2012-284-01) Â New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/bind-9.9.1_P4-i486-1_slack14.0.txz: Upgraded. This update fixes a security issue where a certain combination of records in the RBT could cause named to hang while populating the additional section of a response. [RT #31090] (* Security fix *) +--------------------------+
V.T. Eric Layton Posted October 12, 2012 Posted October 12, 2012 [slackware-security] mozilla-firefox (SSA:2012-285-01) Â New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-16.0.1-i486-1_slack14.0.txz: Upgraded. This update fixes a security vulnerability that could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-thunderbird (SSA:2012-285-02) Â New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-16.0.1-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted October 15, 2012 Posted October 15, 2012 [slackware-security] seamonkey (SSA:2012-288-01) Â New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.13.1-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) patches/packages/seamonkey-solibs-2.13.1-i486-1.txz: Upgraded. +--------------------------+
V.T. Eric Layton Posted October 31, 2012 Posted October 31, 2012 [slackware-security] mozilla-thunderbird (SSA:2012-304-01) Â New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-16.0.2-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+ Â [slackware-security] seamonkey (SSA:2012-304-02) Â New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/seamonkey-solibs-2.13.2-i486-1_slack14.0.txz: Upgraded. patches/packages/seamonkey-2.13.2-i486-1_slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted November 22, 2012 Posted November 22, 2012 [slackware-security] seamonkey (SSA:2012-326-01) Â New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/seamonkey-solibs-2.14-i486-1_slack14.0.txz: Upgraded. patches/packages/seamonkey-2.14-i486-1_slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.o.../seamonkey.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-firefox (SSA:2012-326-02) Â New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-17.0-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.o...es/firefox.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-thunderbird (SSA:2012-326-03) Â New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-17.0-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+
V.T. Eric Layton Posted December 7, 2012 Posted December 7, 2012 [slackware-security] ruby (SSA:2012-341-04) Â New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/ruby-1.9.3_p327-i486-1_slack14.0.txz: Upgraded. This release fixes a hash-flooding DoS vulnerability and many other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5371 (* Security fix *) +--------------------------+ Â Â [slackware-security] libxml2 (SSA:2012-341-03) Â New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt. Patched a heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier that could allow a remote attacker to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 (* Security fix *) +--------------------------+ Â Â [slackware-security] libssh (SSA:2012-341-02) Â New libssh packages are available for Slackware 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libssh-0.5.3-i486-1_slack14.0.txz: Upgraded. This release fixes several security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562 (* Security fix *) +--------------------------+ Â Â [slackware-security] bind (SSA:2012-341-01) Â New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz: Upgraded. IMPORTANT NOTE: This package updates BIND from 9.7.6_P4 to 9.8.4_P1 since the 9.7 series is no longer supported. It is possible that some changes may be required to your local configuration. This release addresses some denial-of-service and other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted January 10, 2013 Posted January 10, 2013 [slackware-security] mozilla-firefox (SSA:2013-009-01) Â New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-18.0-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) +--------------------------+ Â [slackware-security] mozilla-thunderbird (SSA:2013-009-02) Â New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-17.0.2-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+ Â Â [slackware-security] seamonkey (SSA:2013-009-03) Â New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.15-i486-1_slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) patches/packages/seamonkey-solibs-2.15-i486-1_slack14.0.txz: Upgraded. +--------------------------+
V.T. Eric Layton Posted January 16, 2013 Posted January 16, 2013 [slackware-security] freetype (SSA:2013-015-01) Â New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded. This release fixes several security bugs that could cause freetype to crash or run programs upon opening a specially crafted file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670 (* Security fix *) +--------------------------+
V.T. Eric Layton Posted January 23, 2013 Posted January 23, 2013 [slackware-security] mysql (SSA:2013-022-01) Â New mysql packages are available for 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security and other issues. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mysql-5.5.29-i486-1_slack14.0.txz: Upgraded. Upgraded to the latest upstream version to fix security issues and provide other bug fixes and improvements. Note that some of the changes may possibly introduce incompatibilities with the previous package. (* Security fix *) +--------------------------+
V.T. Eric Layton Posted February 9, 2013 Posted February 9, 2013 [slackware-security] curl (SSA:2013-038-01) Â New curl packages are available for Slackware 14.0, and -current to fix a security issue. Â Â Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/curl-7.29.0-i486-1_slack14.0.txz: Upgraded. When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack. This vulnerability can be exploited by someone who is in control of a server that a libcurl based program is accessing with POP3, SMTP or IMAP. For applications that accept user provided URLs, it is also thinkable that a malicious user would feed an application with a URL to a server hosting code targeting this flaw. Affected versions: curl 7.26.0 to and including 7.28.1 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249 (* Security fix *) +--------------------------+
Recommended Posts