1873 matches found
[slackware-security] gimp
New gimp packages are available for Slackware 10.2 and -current to fix a possible security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-3404 Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] x11
New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages. More details about the issues may be found here...
[slackware-security] mutt
New mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-3242 Here are the details from the...
[slackware-security] Samba 2.0.23 repackaged
New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current. In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the...
[slackware-security] Samba DoS
New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related but in my own and also the Samba's team member who made their WHATSNEW.txt entry, "minor" denial of service issue. More details about this issue may be found in the Common Vulnerabilities and...
[slackware-security] arts
New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that...
[slackware-security] gnupg DoS
New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow. More details about this issue may be found in the Common Vulnerabiliti...
SSA-2006-0628032502
New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...
kdebase kdm local file reading vulnerability
New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...
[slackware-security] sendmail
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this...
[slackware-security] firefox/thunderbird/seamonkey
New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new Seamonkey package is available for Slackware -current to fix similar issues. More details about the issues may be found here:...
[slackware-security] mysql
New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages,...
[slackware-security] zoo archiver overflow
New bin packages are available for Slackware 10.2 and -current to fix a security issue with the zoo archive program. A non-security- related upgrade to the newest version of "eject" was also done. Here are the details from the Slackware 10.2 ChangeLog: patches/packages/bin-10.2-i486-210.2.tgz:...
[slackware-security] tetex PDF security
New tetex packages are available for Slackware 10.2 and -current to fix a possible security issue. teTeX-3.0 incorporates some code from the xpdf program which has been shown to have various overflows that could result in program crashes or possibly the execution of arbitrary code as the teTeX...
[slackware-security] Apache httpd redux
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current using an Include within a file...
[slackware-security] mysql
New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware -current also suffered fro...
[slackware-security] Apache httpd
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-3352 In addition, new modssl packages for...
[slackware-security] firefox
New Firefox packages are available for Slackware 10.2 and -current to fix a security issue. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfirefox1.5.0.3 Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] xorg server overflow
New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user typically this is "root". More...
[slackware-security] thunderbird
New Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlthunderbird Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] mozilla security/EOL
New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlmozilla Also note that this release marks the EOL End Of Life for the...
[slackware-security] firefox
New Firefox packages are available for Slackware 10.2 and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfirefox1.5.0.2 Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] sendmail
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Sendmail's advisory concerning this issue may be found here: http://www.sendmail.com/company/advisory/index.shtml This issue will appear in the Common Vulnerabilities and...
[slackware-security] gnupg
New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-0455 https://vulners.com/cve/CVE-2006-0049 Here are...
[slackware-security] Slackware 10.1 kdegraphics
A new kdegraphics package is available for Slackware 10.1 to fix a security issue. A portion of the recent security patch was missing in the version that was applied to kdegraphics-3.3.2 in Slackware 10.1. Other versions of Slackware are not affected by this specific missing patch issue. More...
[slackware-security] kdelibs
New kdelibs packages are available for Slackware 10.0, 10.1, and 10.2 to fix a security issue with kjs. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-0019 Additional information may be found on the KDE website...
[slackware-security] xpdf
New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-3191 https://vulners.com/cve/CVE-2005-3192...
[slackware-security] sudo
New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-0151 Here are the details from the Slackware...
[slackware-security] php
New php packages are available for Slackware 10.2 and -current to fix minor security issues. More details about these issues may be found on the PHP website: http://www.php.net/release442.php Here are the details from the Slackware 10.2 ChangeLog: patches/packages/php-4.4.2-i486-1.tgz: Upgraded t...
[slackware-security] openssh
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-0225 Here are the details from the Slackwar...
[slackware-security] kdegraphics
New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf. More details about these issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-3191 https://vulners.com/cve/CVE-2005-3192...
[slackware-security] imagemagick
New imagemagick packages are available for Slackware 10.2 and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-4601 https://vulners.com/cve/CVE-2006-0082 Here are the details from...
[slackware-security] firefox
New Firefox packages are available for Slackware 10.2 and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfirefox1.5.0.1 Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] fetchmail
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-3088 https://vulners.com/cve/CVE-2005-4348...
[slackware-security] elm mailer
New Elm packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A buffer overflow in the parsing of the Expires header could allow arbitrary code to be executed as the user running Elm. Here are the details from the Slackware 10.2 ChangeLog:...
[slackware-security] PHP
New PHP packages are available for Slackware 10.2 and -current to fix minor security issues relating to the overwriting of the GLOBALS array. It has been reported here that this new version of PHP also breaks squirrelmail and probably some other things. Given the vague nature of the security...
[slackware-security] KOffice/KWord
New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code. More details about this issue may be found in the Common Vulnerabilities and...
imapd
New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix an alleged security issue. See the details below for more information. Also, new Pine packages are provided since these are built together... why not? Might as well upgrade that too, while I'm fixi...
apache
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. Added...
lynx
New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. An overflow could result in the execution of arbitrary code when using Lynx to connect to a malicious NNTP server. More details about this issue may be found in the Common...
curl/wget
New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current, and new wget packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer overflow in NTLM handling which may present a security problem, though no public exploits are...
OpenSSL
New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a "man in the middle" may force a client and server to fall back to the less-secure SSL 2.0 protocol. More details about this iss...
xine-lib
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide by uploading or running a server specially...
[repost] [slackware-security] Thunderbird email client
New Thunderbird packages are available for Slackware 10.2 and -current to fix a security issue: MFSA 2005-59 Command-line handling on Linux allows shell execution More details about this issue may be found on the Mozilla web site:...
Thunderbird email client
New Thunderbird packages are available for Slackware 10.2 and -current to fix a security issue: MFSA 2005-59 Command-line handling on Linux allows shell execution More details about this issue may be found on the Mozilla web site:...
X.Org pixmap overflow
New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this vulnerability before...
Mozilla/Firefox
New Mozilla and Firefox packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues: MFSA 2005-59 Command-line handling on Linux allows shell execution MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes MFSA 2005-57 IDN heap overrun using...
util-linux umount privilege escalation
New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges. For more details,...
dhcpcd DoS
New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and results in a denial of...
php5 in Slackware 10.1
A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval function. The eval functio...