13 matches found
cups
New cups packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2009-0146 https://vulners.com/cve/CVE-2009-0147...
[slackware-security] xine-lib
New xine-lib packages are available for Slackware 10.0 and -current to fix security issues. For more details, see: http://www.xinehq.de/index.php/security/XSA-2004-4 http://www.xinehq.de/index.php/security/XSA-2004-5 Here are the details from the Slackware 10.0 ChangeLog:...
cvs
New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may...
gdm security update
GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users. Upgraded gdm packages are available for Slackware 9.0, 9.1, and -current. These fix two vulnerabilities which could allow a local user to crash or freeze gdm, preventing access to the machine unti...
Sendmail vulnerabilities fixed
The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html Here...
inetd DoS patched
Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disabl...
nfs-utils off-by-one overflow fixed
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...
CUPS DoS vulnerability fixed
Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog: Thu May 29 00:52:54 PDT 2003 patches/packages/cups-1.1.19-i386-1.tgz: Upgraded to cups-1.1.19. A denial of service...
rsync update fixes security problems
New rsync packages are available to fix a security problem. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 25 14:25:51 PST 2002 patches/packages/rsync.tgz: Fixed a security hole by upgrading to rsync-2.4.8pre1. This is the relevant information from the rsync NEWS file: SECURITY...
mutt remote exploit patched
An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-1.2.5.1 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current. We urge all Slackware users to...
buffer overflow in sudo fixed
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow, which could be used by malicious users to compromise parts of the system. If you rely on Sudo and use one of the above versions of Slackware, it is recommended that you upgrade to t...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
A vulnerability involving an input validation error in the "site exec" command has recently been identified in the wu-ftpd program CERT Advisory CA-2000-13. More information about this problem can be found at this site: http://www.cert.org/advisories/CA-2000-13.html The wu-ftpd daemon is part of...