1893 matches found
[slackware-security] proftpd
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to a fix security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/proftpd-1.3.3c-i486-1slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability...
[slackware-security] php
New php packages are available for Slackware 11.0 extra, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/php-5.2.14-i486-1slack13.1.txz: Upgraded. Fixed several security issues. For more information, see:...
kernel
New Linux kernel packages are available for Slackware 13.0 and -current to address a security issue. A kernel bug discovered by David Ford may allow remote attackers to crash the kernel by sending an oversized IP packet. While the impact on ordinary servers is still unclear the problem was notice...
[slackware-security] openssh
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-1483 Here are the details from...
[slackware-security] cups
New cups packages are available for Slackware 12.0, and -current to fix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here, but if you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet,...
[slackware-security] samba
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about these issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-4572 https://vulners.com/cve/CVE-2007-5398 Here...
[slackware-security] samba
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-2444 https://vulners.com/cve/CVE-2007-2446...
[slackware-security] gnupg
New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security ramifications of incorrect gpg usage. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-1263 Here are the details...
curl/wget
New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current, and new wget packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer overflow in NTLM handling which may present a security problem, though no public exploits are...
X.Org pixmap overflow
New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this vulnerability before...
php5 in Slackware 10.1
A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval function. The eval functio...
[slackware-security] kde
New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues. More details about this issues may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689...
metamail security update
Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Hrnhammar for discovering these problems...
minor advisory typo
The recently issued kernel advisory SSA:2003-336-01 reads: "More details about the Apache issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961" This should say "kernel", not "Apache". Sorry for any confusion. The...
[slackware-security] git
New git packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.39.4-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Recursive clones on case-insensitive filesystems that suppor...
[slackware-security] libarchive
New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-2slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the...
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.10.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
[slackware-security] gnutls
New gnutls packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.4-i586-1slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in the...
[slackware-security] vim
New vim packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.2127-i586-1slack15.0.txz: Upgraded. Fixed security issues. Thanks to marav for the heads-up. For more information, see:...
[slackware-security] curl
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.2.0-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: fopen race condition. For more...
[slackware-security] vim
New vim and vim-gvim packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-8.2.4649-i586-2slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to...
[slackware-security] pidgin
New pidgin packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/pidgin-2.14.9-i586-1slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofin...
[slackware-security] openvpn
New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openvpn-2.4.6-i586-1slack14.2.txz: Upgraded. This is a security update fixing a potential double-fre...
[slackware-security] dhcp
New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/dhcp-4.4.1-i586-1slack14.2.txz: Upgraded. This update fixes two security issues: Corrected an issue wher...
[slackware-security] mariadb
New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mariadb-10.0.34-i586-1slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...
[slackware-security] libsoup
New libsoup packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libsoup-2.52.2-i586-3slack14.2.txz: Rebuilt. Fixed a chunked decoding buffer overrun that could be exploited against either...
[slackware-security] bind
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.10.5P1-i586-1slack14.2.txz: Upgraded. Fixed denial of service security issue: Some RPZ...
[slackware-security] proftpd
New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.5e-i586-1slack14.2.txz: Upgraded. This release fixes a security issue: AllowChrootSymlink...
[slackware-security] curl
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.50.3-i586-1slack14.2.txz: Upgraded. Fixed heap overflows in four libcurl functions: curlescape,...
[slackware-security] bind
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/bind-9.9.8P4-i486-1slack14.1.txz: Upgraded. Fixed security issues: Fix resolver assertion failure due to...
[slackware-security] MPlayer
New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/MPlayer-1.220160125-i486-1slack14.1.txz: Upgraded. This is the latest MPlayer-1.2 branch, identical to the...
[slackware-security] openssl
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-1.0.1q-x8664-1slack14.1.txz: Upgraded. This update fixes the following security issues: BNmodexp ma...
[slackware-security] libpng
New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libpng-1.4.18-x8664-1slack14.1.txz: Upgraded. Fixed incorrect implementation of pngsetPLTE that uses pngptr...
[slackware-security] libpng
New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libpng-1.4.17-i486-1slack14.1.txz: Upgraded. Fixed buffer overflows in the pngsetPLTE, pnggetPLTE, pngsettIM...
[slackware-security] bind
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/bind-9.9.7P3-i486-1slack14.1.txz: Upgraded. This update fixes two denial-of-service vulnerabilities: +...
[slackware-security] freetype
New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/freetype-2.5.5-i486-1slack14.1.txz: Upgraded. This release fixes a security bug that could cause freetype...
[slackware-security] subversion
New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/subversion-1.7.16-i486-1slack14.1.txz: Upgraded. Fix denial of service bugs. For more information, see:...
[slackware-security] libtiff
New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/libtiff-3.9.7-i486-1slack14.0.txz: Upgraded. Patched overflows, crashes, and out of bounds writes...
subversion
New subversion packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/subversion-1.7.9-i486-1slack14.0.txz: Upgraded. This update fixes some denial of service bugs: moddavsvn...
openssl
New openssl packages are available for Slackware 14.0, and -current to fix a bug in openssl-1.0.1d. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/openssl-1.0.1e-i486-1slack14.0.txz: Upgraded. This release fixes a regression in openssl-1.0.1d, where the fix for...
[slackware-security] pidgin
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/pidgin-2.7.11-i486-1slack13.1.txz: Upgraded. Fixed denials of service caused by NULL pointer dereferences due...
[slackware-security] bind
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues that could allow attackers to successfully query private DNS records, or cause a denial of service. Here are the details from the Slackware 13.1...
[slackware-security] samba
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/samba-3.5.5-i486-1slack13.1.txz: Upgraded. This upgrade fixes a buffer overflow in th...
[slackware-security] gnutls
New gnutls packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. NOTE: The package for 12.0 has a different shared library soname, and the packages for 12.1 and -current have an API/ABI change. Only the Pidgin package in Slackware links with GnuTLS, and upgraded...
[slackware-security] libpng
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-1382 Additional information can ...
[slackware-security] samba
New samba packages are available for Slackware 10.0, 10.1, 10.2, and 11.0 to fix a denial-of-service security issue. More details about the issues fixed in Samba 3.0.24 may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-0452...
[slackware-security] x11
New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages. More details about the issues may be found here...
[slackware-security] openssh
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-0225 Here are the details from the Slackwar...
PCRE library
New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary...
telnet client
New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server. More details abo...