Jump to content
Sign in to follow this  
Bruno

Slackware Updates and Other News

Recommended Posts

V.T. Eric Layton

[slackware-security] pidgin (SSA:2011-178-01)New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,and -current to fix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/pidgin-2.9.0-i486-1_slack13.37.txz: Upgraded. Fixed a remote denial of service. A remote attacker could set a specially crafted GIF file as their buddy icon causing vulerable versions of pidgin to crash due to excessive memory use. For more information, see: http://pidgin.im/news/security/?id=52 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485 (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] bind (SSA:2011-189-01)New bind packages are available for Slackware 13.37, and -current tofix a security issue.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz: Upgraded. A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service. The issue exists in BIND 9.6.3 and newer. "Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *)+--------------------------+=====[slackware-security] mozilla-thunderbird (SSA:2011-189-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird30.html (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mozilla-firefox (SSA:2011-195-02)New mozilla-firefox packages are available for Slackware 13.0 and 13.1 tofix security issues.Here are the details from the Slackware 13.1 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-3.6.19-i686-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html (* Security fix *)+--------------------------+=====[slackware-security] seamonkey (SSA:2011-195-01)New seamonkey packages are available for Slackware 13.37, and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/seamonkey-2.2-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *)patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] libpng (SSA:2011-210-01)New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -currentto fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/libpng-1.4.8-i486-1_slack13.37.txz: Upgraded. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *)+--------------------------+[slackware-security] dhcpcd (SSA:2011-210-02)New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz: Upgraded. Sanitize the host name provided by the DHCP server to insure that it does not contain any shell metacharacters. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996 (* Security fix *)+--------------------------+[slackware-security] samba (SSA:2011-210-03)New samba packages are available for Slackware 13.1, 13.37, and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded. Fixed cross-site request forgery and cross-site scripting vulnerability in SWAT (the Samba Web Administration Tool). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] bind (SSA:2011-224-01)New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/bind-9.7.4-i486-1_slack13.37.txz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mozilla-firefox (SSA:2011-249-01) New mozilla-firefox packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-firefox-6.0.2-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln.../firefox36.html http://www.mozilla.org/security/known-vuln...es/firefox.html http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+[slackware-security] mozilla-thunderbird (SSA:2011-249-02)New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vuln...nderbird31.html http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+[slackware-security] seamonkey (SSA:2011-249-03)New seamonkey packages are available for Slackware 13.37 and -current tofix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/seamonkey-2.3.3-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)patches/packages/seamonkey-solibs-2.3.3-i486-1_slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2...fsa2011-34.html (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] httpd (SSA:2011-252-01)Not long ago, httpd package updates were issued to clamp down on a denial of service bug that's seen some action in the wild. New packages are availablefor Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.20-i486-1_slack13.37.txz: Upgraded. SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] httpd (SSA:2011-284-01)New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,13.37, and -current to fix security issues.Here are the details from the Slackware 13.37 ChangeLog:+--------------------------+patches/packages/httpd-2.2.21-i486-1_slack13.37.txz: Upgraded. Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348 Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20. PR 51748. [] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 (* Security fix *)+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] httpd (SSA:2012-041-01)

 

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues. The apr-util package has also been

updated to the latest version.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded.

Version bump for httpd upgrade.

patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded.

*) SECURITY: CVE-2011-3368 (cve.mitre.org)

Reject requests where the request-URI does not match the HTTP

specification, preventing unexpected expansion of target URLs in

some reverse proxy configurations. [Joe Orton]

*) SECURITY: CVE-2011-3607 (cve.mitre.org)

Fix integer overflow in ap_pregsub() which, when the mod_setenvif module

is enabled, could allow local users to gain privileges via a .htaccess

file. [stefan Fritsch, Greg Ames]

*) SECURITY: CVE-2011-4317 (cve.mitre.org)

Resolve additional cases of URL rewriting with ProxyPassMatch or

RewriteRule, where particular request-URIs could result in undesired

backend network exposure in some configurations.

[Joe Orton]

*) SECURITY: CVE-2012-0021 (cve.mitre.org)

mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format

string is in use and a client sends a nameless, valueless cookie, causing

a denial of service. The issue existed since version 2.2.17. PR 52256.

[Rainer Canavan ]

*) SECURITY: CVE-2012-0031 (cve.mitre.org)

Fix scoreboard issue which could allow an unprivileged child process

could cause the parent to crash at shutdown rather than terminate

cleanly. [Joe Orton]

*) SECURITY: CVE-2012-0053 (cve.mitre.org)

Fix an issue in error responses that could expose "httpOnly" cookies

when no custom ErrorDocument is specified for status code 400.

[Eric Covener]

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

(* Security fix *)

+--------------------------+

 

[slackware-security] php (SSA:2012-041-02)

 

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded.

Fixed arbitrary remote code execution vulnerability reported by Stefan

Esser, CVE-2012-0830. (Stas, Dmitry)

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

(* Security fix *)

+--------------------------+

 

[slackware-security] glibc (SSA:2012-041-03)

 

New glibc packages are available for Slackware 13.1, 13.37, and -current to

fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.

Patched an overflow in tzfile. This was evidently first reported in

2009, but is only now getting around to being patched. To exploit it,

one must be able to write beneath /usr/share/zoneinfo, which is usually

not possible for a normal user, but may be in the case where they are

chroot()ed to a directory that they own.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029

(* Security fix *)

patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.

patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.

(* Security fix *)

patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.

(* Security fix *)

patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.

+--------------------------+

 

[slackware-security] proftpd (SSA:2012-041-04)

 

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,

13.1, 13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz: Upgraded.

This update fixes a use-after-free() memory corruption error,

and possibly other unspecified issues.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130

(* Security fix *)

+--------------------------+

 

[slackware-security] vsftpd (SSA:2012-041-05)

 

New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,

13.1, 13.37, and -current to work around a vulnerability in glibc.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz: Upgraded.

Minor version bump, this also works around a hard to trigger heap overflow

in glibc (glibc zoneinfo caching vuln). For there to be any possibility

to trigger the glibc bug within vsftpd, the non-default option

"chroot_local_user" must be set in /etc/vsftpd.conf.

Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug

Nevertheless:

(* Security fix *)

+--------------------------+

 

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] seamonkey (SSA:2012-166-04)

 

New seamonkey packages are available for Slackware 13.37, and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-thunderbird (SSA:2012-166-03)

 

New mozilla-thunderbird packages are available for Slackware 13.37,

and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-firefox (SSA:2012-166-02)

 

New mozilla-firefox packages are available for Slackware 13.37, and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)

+--------------------------+

 

 

[slackware-security] bind (SSA:2012-166-01)

 

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,

11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This release fixes an issue that could crash BIND, leading to a denial of

service. It also fixes the so-called "ghost names attack" whereby a

remote attacker may trigger continued resolvability of revoked domain names.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] php (SSA:2012-195-01)

 

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/php-5.3.14-i486-1_slack13.37.txz: Upgraded.

This release fixes a weakness in the DES implementation of crypt

and a heap overflow issue in the phar extension.

(* Security fix *)

+--------------------------+

[slackware-security] pidgin (SSA:2012-195-02)

 

New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37,

and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/pidgin-2.10.6-i486-1_slack13.37.txz: Upgraded.

Fixes a security issue for users of MXit: Incorrect handing of inline

images in incoming instant messages can cause a buffer overflow and in

some cases can be exploited to execute arbitrary code.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] libexif (SSA:2012-200-01)

 

New libexif packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,

13.1, 13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/libexif-0.6.21-i486-1_slack13.37.txz: Upgraded.

This update fixes a number of remotely exploitable issues in libexif

with effects ranging from information leakage to potential remote

code execution.

For more information, see:

http://sourceforge.net/mailarchive/message.php?msg_id=29534027

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845

(* Security fix *)

+--------------------------+

 

 

[slackware-security] mozilla-firefox (SSA:2012-200-02)

 

New mozilla-firefox packages are available for Slackware 13.37 and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/mozilla-firefox-14.0.1-i486-1_slack13.37.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)

+--------------------------+

 

 

 

[slackware-security] seamonkey (SSA:2012-200-04)

 

New seamonkey packages are available for Slackware 13.37 and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/seamonkey-2.11-i486-1_slack13.37.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

patches/packages/seamonkey-solibs-2.11-i486-1_slack13.37.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-thunderbird (SSA:2012-200-03)

 

New mozilla-thunderbird packages are available for Slackware 13.37 and -current

to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/mozilla-thunderbird-14.0-i486-1_slack13.37.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] libpng (SSA:2012-206-01)

 

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,

10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix

security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded.

Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()

(fixes CVE-2011-3045).

Revised png_set_text_2() to avoid potential memory corruption (fixes

CVE-2011-3048).

Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] bind (SSA:2012-209-01)

 

New bind packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/bind-9.7.6_P2-i486-1_slack13.37.txz: Upgraded.

Prevents a named assert (crash) when validating caused by using

"Bad cache" data before it has been initialized. [RT #30025]

ISC_QUEUE handling for recursive clients was updated to address a

race condition that could cause a memory leak. This rarely occurred

with UDP clients, but could be a significant problem for a server

handling a steady rate of TCP queries. [RT #29539 & #30233]

Under heavy incoming TCP query loads named could experience a

memory leak which could lead to significant reductions in query

response or cause the server to be terminated on systems with

"out of memory" killers. [RT #29539]

A condition has been corrected where improper handling of zero-length

RDATA could cause undesirable behavior, including termination of

the named process. [RT #29644]

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] t1lib (SSA:2012-228-01)

 

New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/t1lib-5.1.2-i486-3_slack13.37.txz: Rebuilt.

Patched various overflows, crashes, and pointer bugs.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554

(* Security fix *)

+--------------------------+

 

[slackware-security] emacs (SSA:2012-228-02)

 

New emacs packages are available for Slackware 13.1, 13.37, and -current to

fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/emacs-23.3-i486-2_slack13.37.txz: Rebuilt.

Patched to fix a security flaw in the file-local variables code.

When the Emacs user option `enable-local-variables' is set to `:safe'

(the default value is t), Emacs should automatically refuse to evaluate

`eval' forms in file-local variable sections. Due to the bug, Emacs

instead automatically evaluates such `eval' forms. Thus, if the user

changes the value of `enable-local-variables' to `:safe', visiting a

malicious file can cause automatic execution of arbitrary Emacs Lisp

code with the permissions of the user. Bug discovered by Paul Ling.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] dhcp (SSA:2012-237-01)

 

New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/dhcp-4.2.4_P1-i486-1_slack13.37.txz: Upgraded.

This fixes memory leaks, denial of service vulnerabilities, and

disallows packets with zero length client ids (not valid according to

RFC 2132 section 9.14).

For more information, see:

https://kb.isc.org/article/AA-00736

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4539

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4868

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] slocate (SSA:2012-244-05)

 

New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

Patched to use lstat64 and -D_LARGEFILE64_SOURCE. Thanks to Mancha+.

Patched to fix information leak of filenames in protected directories.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0227

(* Security fix *)

+--------------------------+

 

 

[slackware-security] glibc (SSA:2012-244-01)

 

New glibc packages are available for Slackware 13.1, 13.37, and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/glibc-2.13-i486-6_slack13.37.txz: Rebuilt.

Patched multiple integer overflows in the strtod, strtof, strtold, and

strtod_l functions in stdlib in the GNU C Library allow local users to

cause a denial of service (application crash) and possibly execute

arbitrary code via a long string, which triggers a stack-based buffer

overflow.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

(* Security fix *)

patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz: Rebuilt.

patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz: Rebuilt.

patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz: Rebuilt.

patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz: Rebuilt.

+--------------------------+

 

[slackware-security] mozilla-firefox (SSA:2012-244-02)

 

New mozilla-firefox packages are available for Slackware 13.37 and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)

+--------------------------+

 

 

[slackware-security] mozilla-thunderbird (SSA:2012-244-03)

 

New mozilla-thunderbird packages are available for Slackware 13.37 and -current

to fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

 

[slackware-security] seamonkey (SSA:2012-244-04)

 

New seamonkey packages are available for Slackware 13.37 and -current to

fix security issues.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] patch (SSA:2012-257-02)

 

New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded.

This version of patch ignores destination filenames that are absolute or

that contain a component of "..", unless such a filename is provided as

an argument.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651

(* Security fix *)

+--------------------------+

 

[slackware-security] bind (SSA:2012-257-01)

 

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/bind-9.7.6_P3-i486-1_slack13.37.txz: Upgraded.

This update fixes a security issue where named could crash on a specially

crafted record. [RT #30416]

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] dhcp (SSA:2012-258-01)

 

New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

and -current to fix a security issue.

 

 

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/dhcp-4.2.4_P2-i486-1_slack13.37.txz: Upgraded.

An issue with the use of lease times was found and fixed. Making certain

changes to the end time of an IPv6 lease could cause the server to abort.

Thanks to Glen Eustace of Massey University, New Zealand for finding this

issue. [iSC-Bugs #30281]

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Yes, it is that time again! After well over a year of planning,

development, and testing, the Slackware Linux Project is proud to

announce the latest stable release of the longest running distribution

of the Linux operating system, Slackware version 14.0!

 

We are sure you'll enjoy the many improvements. We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect. Slackware is well known for its simplicity and the fact that we try to bring software to you in the condition that the authors intended.

 

Slackware 14.0 brings many updates and enhancements, among which you'll find two of the most advanced desktop environments available today: Xfce 4.10.0, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 4.8.5, a recent stable release of the 4.8.x series of the award-winning KDE desktop environment. These desktops utilize udev, udisks, and udisks2, and many of the

specifications from freedesktop.org which allow the system administrator

to grant use of various hardware devices according to users' group

membership so that they will be able to use items such as USB flash

sticks, USB cameras that appear like USB storage, portable hard drives,

CD and DVD media, MP3 players, and more, all without requiring sudo, the

mount or umount command. Just plug and play. Slackware's desktop

should be suitable for any level of Linux experience.

 

Slackware uses the 3.2.29 kernel bringing you advanced performance features such as journaling filesystems, SCSI and ATA RAID volume support, SATA support, Software RAID, LVM (the Logical Volume Manager), and encrypted filesystems. Kernel support for X DRI (the Direct Rendering Interface) brings high-speed hardware accelerated 3D graphics to Linux.

 

There are two kinds of kernels in Slackware. First there are the huge kernels, which contain support for just about every driver in the Linux kernel. These are primarily intended to be used for installation, but there's no real reason that you couldn't continue to run them after you have installed. The other type of kernel is the generic kernel, in which nearly every driver is built as a module. To use a generic kernel you'll need to build an initrd to load your filesystem module and possibly your drive controller or other drivers needed at boot time, configure LILO to load the initrd at boot, and reinstall LILO. See the docs in /boot after installing for more information. Slackware's Linux kernels come in both SMP and non-SMP types now. The SMP kernel supports multiple processors, multi-core CPUs, HyperThreading, and about every other optimization available. In our own testing this kernel has proven to be fast, stable, and reliable. We recommend using the SMP kernel even on single processor machines if it will run on them. Note that on

x86_64 (64-bit), all the kernels are SMP capable.

 

 

Here are some of the advanced features of Slackware 14.0:

 

- - Runs the 3.2.29 version of the Linux kernel from ftp.kernel.org.

The 3.2.x series is well-tested, offers good performance, and will be

getting long term support from kernel.org. For people interested in

trying out newer kernels, we've provided sample configuration files

for Linux 3.4.11, 3.5.4, and 3.6-rc4 under the /testing directory.

 

- - System binaries are linked with the GNU C Library, version 2.15.

This version of glibc also has excellent compatibility with

existing binaries.

 

- - X11 based on the X.Org Foundation's modular X Window System.

This is X11R7.7, a new release, with many improvements in terms of

performance and hardware support.

 

- - Installs gcc-4.7.1 as the default C, C++, Objective-C,

Fortran-77/95/2003/2008, and Ada 95/2005/2012 compiler.

 

- - Support for NetworkManager for simple configuration of wired and

wireless network connections, including mobile broadband, IPv6, VPN,

and more. Roam seamlessly between known networks, and quickly set

up new connections. We've retained full support for the traditional

Slackware networking scripts and for the wicd network manager,

offering choice and flexibility to all levels of users.

 

- - Support for fully encrypted network connections with OpenSSL,

OpenSSH, OpenVPN, and GnuPG.

 

- - Apache (httpd) 2.4.3 web server with Dynamic Shared Object

support, SSL, and PHP 5.4.7.

 

- - USB, IEEE 1394 (FireWire), and ACPI support, as well as legacy PCMCIA

and Cardbus support. This makes Slackware a great operating system

for your laptop.

 

- - The udev dynamic device management system for Linux 3.x.

This locates and configures most hardware automatically as it

is added (or removed) from the system, loading kernel modules

as needed. It works along with the kernel's devtmpfs filesystem

to create access nodes in the /dev directory.

 

- - New development tools, including Perl 5.16.1, Python 2.7.3,

Ruby 1.9.3-p194, Subversion 1.7.6, git-1.7.12.1, mercurial-2.2.2,

graphical tools like Qt designer and KDevelop, and much more.

 

- - Updated versions of the Slackware package management tools make it

easy to add, remove, upgrade, and make your own Slackware packages.

Package tracking makes it easy to upgrade from Slackware 13.37 to

Slackware 14.0 (see UPGRADE.TXT and CHANGES_AND_HINTS.TXT).

The slackpkg tool can also help update from an older version of

Slackware to a newer one, and keep your Slackware system up to date.

In addition, the slacktrack utility will help you build and maintain

your own packages.

 

- - Web browsers galore! Includes KDE's Konqueror 4.8.5, SeaMonkey 2.12.1

(this is the replacement for the Mozilla Suite), Mozilla Firefox 15.0.1,

as well as the Thunderbird 15.0.1 email and news client with advanced

junk mail filtering. A script is also available in /extra to repackage

Google Chrome as a native Slackware package.

 

- - The KDE Software Compilation 4.8.5, a complete desktop environment.

This includes the Calligra productivity suite (previously known as

KOffice), networking tools, GUI development with KDevelop, multimedia

tools (including the Amarok music player and K3B disc burning software),

the Konqueror web browser and file manager, dozens of games and utilities,

international language support, and more.

 

- - A collection of GTK+ based applications including pidgin-2.10.6,

gimp-2.8.2 (with many improvements including a single window mode),

gkrellm-2.3.5, xchat-2.8.8, xsane-0.998, and pan-0.139.

 

- - A repository of extra software packages compiled and ready to run

in the /extra directory.

 

- - Many more improved and upgraded packages than we can list here. For

a complete list of core packages in Slackware 14.0, see this file:

 

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/PACKAGES.TXT

 

 

Downloading Slackware 14.0:

- ---------------------------

 

The full version of Slackware Linux 14.0 is available for download from the central Slackware FTP site hosted by our friends at osuosl.org:

 

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/

 

If the sites are busy, see the list of official mirror sites here:

 

http://mirrors.slackware.com

 

We will be setting up BitTorrent downloads for the official ISO images. Stay tuned to http://slackware.com for the latest updates.

 

Instructions for burning the Slackware tree onto install discs may be found in the isolinux directory.

 

 

Purchasing Slackware on CD-ROM or DVD:

- --------------------------------------

 

Or, please consider purchasing the Slackware Linux 14.0 six CD-ROM set or deluxe dual-sided DVD release directly from Slackware Linux, and you'll be helping to support the continued development of Slackware Linux!

 

The DVD release has the 32-bit x86 Slackware 14.0 release on one side, and the 64-bit x86_64 Slackware 14.0 release on the other. Both sides are bootable for easy installation, and includes everything from both releases of Slackware 14.0, including the complete source code trees.

 

The 6 CD-ROM release of Slackware 14.0 is the 32-bit x86 edition. It includes a bootable first CD-ROM for easy installation. The 6 CD-ROMs are labeled for easy reference.

 

The Slackware 14.0 x86 6 CD-ROM set is $49.95 plus shipping, or choose the Slackware 14.0 x86/x86_64 dual-sided DVD (also $49.95 plus shipping).

 

Slackware Linux is also available by subscription. When we release a new version of Slackware (which is normally once or twice a year) we ship it to you and bill your credit card for a reduced subscription price ($32.99 for the CD-ROM set, or $39.95 for the DVD) plus shipping.

 

For shipping options, see the Slackware store website. Before ordering express shipping, you may wish to check that we have the product in stock. We make releases to the net at the same time as disc production begins, so there is a lag between the online release and the shipping of media. But, even if you download now you can still buy the official media later. You'll feel good, be helping the project, and have a great decorative item perfect for any computer room shelf.

 

 

Ordering Information:

- ---------------------

 

You can order online at the Slackware Linux store:

 

http://store.slackware.com

 

Other Slackware items like t-shirts, caps, pins, and stickers can also be found here. These will help you find and identify yourself to your fellow Slackware users. There are still some 1337 T-shirts left,

and we'll also be unveiling a brand new T-shirt design soon for this new

release.

 

Order inquiries (including questions about becoming a Slackware reseller) may be directed to this address: info@slackware.com

 

Have fun! :^) I hope you find Slackware to be useful, and thanks

very much for your support of this project over the years.

 

- ---

Patrick J. Volkerding

 

Visit us on the web at: http://slackware.com

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] bind (SSA:2012-284-01)

 

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

14.0, and -current to fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/bind-9.9.1_P4-i486-1_slack14.0.txz: Upgraded.

This update fixes a security issue where a certain combination of records

in the RBT could cause named to hang while populating the additional

section of a response. [RT #31090]

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mozilla-firefox (SSA:2012-285-01)

 

New mozilla-firefox packages are available for Slackware 13.37, 14.0,

and -current to fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-firefox-16.0.1-i486-1_slack14.0.txz: Upgraded.

This update fixes a security vulnerability that could allow a malicious

site to potentially determine which websites users have visited and have

access to the URL or URL parameters.

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-thunderbird (SSA:2012-285-02)

 

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-thunderbird-16.0.1-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] seamonkey (SSA:2012-288-01)

 

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to

fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/seamonkey-2.13.1-i486-1.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

patches/packages/seamonkey-solibs-2.13.1-i486-1.txz: Upgraded.

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mozilla-thunderbird (SSA:2012-304-01)

 

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-thunderbird-16.0.2-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

 

[slackware-security] seamonkey (SSA:2012-304-02)

 

New seamonkey packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/seamonkey-solibs-2.13.2-i486-1_slack14.0.txz: Upgraded.

patches/packages/seamonkey-2.13.2-i486-1_slack14.0.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] seamonkey (SSA:2012-326-01)

 

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to

fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/seamonkey-solibs-2.14-i486-1_slack14.0.txz: Upgraded.

patches/packages/seamonkey-2.14-i486-1_slack14.0.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.o.../seamonkey.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-firefox (SSA:2012-326-02)

 

New mozilla-firefox packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-firefox-17.0-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.o...es/firefox.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-thunderbird (SSA:2012-326-03)

 

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-thunderbird-17.0-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] ruby (SSA:2012-341-04)

 

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current

to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/ruby-1.9.3_p327-i486-1_slack14.0.txz: Upgraded.

This release fixes a hash-flooding DoS vulnerability and many other bugs.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5371

(* Security fix *)

+--------------------------+

 

 

[slackware-security] libxml2 (SSA:2012-341-03)

 

New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

14.0, and -current to fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt.

Patched a heap-based buffer underflow in the xmlParseAttValueComplex

function in parser.c in libxml2 2.9.0 and earlier that could allow a

remote attacker to cause a denial of service or possibly execute

arbitrary code via crafted entities in an XML document.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

(* Security fix *)

+--------------------------+

 

 

[slackware-security] libssh (SSA:2012-341-02)

 

New libssh packages are available for Slackware 14.0, and -current to

fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/libssh-0.5.3-i486-1_slack14.0.txz: Upgraded.

This release fixes several security bugs.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4560

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4561

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562

(* Security fix *)

+--------------------------+

 

 

[slackware-security] bind (SSA:2012-341-01)

 

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

14.0, and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz: Upgraded.

IMPORTANT NOTE: This package updates BIND from 9.7.6_P4 to

9.8.4_P1 since the 9.7 series is no longer supported. It is

possible that some changes may be required to your local

configuration.

This release addresses some denial-of-service and other bugs.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mozilla-firefox (SSA:2013-009-01)

 

New mozilla-firefox packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-firefox-18.0-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)

+--------------------------+

 

[slackware-security] mozilla-thunderbird (SSA:2013-009-02)

 

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mozilla-thunderbird-17.0.2-i486-1_slack14.0.txz: Upgraded.

This release contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

+--------------------------+

 

 

[slackware-security] seamonkey (SSA:2013-009-03)

 

New seamonkey packages are available for Slackware 13.37, 14.0, and -current to

fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/seamonkey-2.15-i486-1_slack14.0.txz: Upgraded.

This update contains security fixes and improvements.

For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

patches/packages/seamonkey-solibs-2.15-i486-1_slack14.0.txz: Upgraded.

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] freetype (SSA:2013-015-01)

 

New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1,

13.37, 14.0, and -current to fix security issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded.

This release fixes several security bugs that could cause freetype to

crash or run programs upon opening a specially crafted file.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] mysql (SSA:2013-022-01)

 

New mysql packages are available for 12.1, 12.2, 13.0, 13.1, 13.37, 14.0,

and -current to fix security and other issues.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/mysql-5.5.29-i486-1_slack14.0.txz: Upgraded.

Upgraded to the latest upstream version to fix security issues and provide

other bug fixes and improvements. Note that some of the changes may

possibly introduce incompatibilities with the previous package.

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
V.T. Eric Layton

[slackware-security] curl (SSA:2013-038-01)

 

New curl packages are available for Slackware 14.0, and -current to

fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/curl-7.29.0-i486-1_slack14.0.txz: Upgraded.

When negotiating SASL DIGEST-MD5 authentication, the function

Curl_sasl_create_digest_md5_message() uses the data provided from the

server without doing the proper length checks and that data is then

appended to a local fixed-size buffer on the stack. This vulnerability

can be exploited by someone who is in control of a server that a libcurl

based program is accessing with POP3, SMTP or IMAP. For applications

that accept user provided URLs, it is also thinkable that a malicious

user would feed an application with a URL to a server hosting code

targeting this flaw.

Affected versions: curl 7.26.0 to and including 7.28.1

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249

(* Security fix *)

+--------------------------+

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...