1873 matches found
slackware-current security updates
This advisory summarizes recent security fixes in Slackware -current. Usually security advisories are not issued on problems that exist only within the test version of Slackware slackware-current, but since it's so close to being released as Slackware 10.2, and since there have been several...
mod_ssl
New modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If "SSLVerifyClient optional" was configured in the global section of the config file, it could improperly override "SSLVerifyClient require" in a per-location section. More details...
kcheckpass in kdebase
New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. For more details abo...
gaim
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash Gadu-Gadu memory alignment bug Sites that use GAIM should upgrade to the new version. More details about...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval...
PCRE library
New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary...
telnet client
New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server. More details abo...
fetchmail
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Connecting to a malicious or compromised POP3 server may overflow fetchmail's stack causing a crash or the execution of arbitrary code. For more information about this issue, see:...
gxine format string vulnerability
New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692 Here are the details from...
zlib
New zlib packages are available for Slackware 10.0, 10.1, and -current to fix an additional crash issue. zlib 1.1.x is not affected. Here are the details from the Slackware 10.1 ChangeLog: patches/packages/zlib-1.2.3-i486-1.tgz: Upgraded to zlib-1.2.3. This fixes an additional crash not fixed by...
kdenetwork
New kdenetwork packages are available for Slackware 10.0, 10.1, and -current to fix security issues. Overflows in libgadu used by kopete that can cause a denial of service or arbitrary code execution. More details about this vulnerability may be found here:...
Mozilla/Firefox
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMozilla New versions of the mozilla-plugins symlink...
emacs movemail POP utility
New emacs packages are available for Slackware 10.1 and -current to a security issue with the movemail utility for retrieving mail from a POP mail server. If used to connect to a malicious POP server, it is possible for the server to cause the execution of arbitrary code as the user running emacs...
dnsmasq
New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. More detail...
XV
New XV image viewer packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Format string and other issues could cause a crash or execution of arbitrary code if a specially crafted image is loaded with XV. Here are the details from the Slackware 10.1...
tcpdump DoS
New tcpdump packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A specially crafted BGP packet can cause tcpdump to go into an infinite loop, creating a denial of service where network monitoring is disabled. More details about this issue may be...
PHP packages updated again for 8.1, 9.0, 9.1
Sorry folks, I mistakenly used a build template that was too new to build the first round of PHP packages for Slackware 8.1, 9.0, and 9.1, which tried to place the module in /usr/libexec/apache older versions of Slackware use /usr/libexec instead, and tried to link to incorrect libraries and...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with the PEAR XMLRPC class that allows a remote attacker to run arbitrary PHP code. Sites that make use of this PHP library should upgrade to the new PHP package right away, or may instead...
zlib DoS
New zlib packages are available for Slackware 10.0, 10.1, and -current to fix a denial of service security issue. zlib 1.1.x is not affected. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
sudo
New Sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A race condition could allow a user with Sudo privileges to run arbitrary commands. For more details, see: http://www.courtesan.com/sudo/alerts/pathrace.html Here are the details from th...
java (jre, j2sdk)
Sun has released a couple of security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. These could allow applets to read or write to local files. For more details, Sun's advisories may be found here:...
gaim
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some minor security issues. Sites that use GAIM should upgrade to the new version. Here are the details from the Slackware 10.1 ChangeLog: patches/packages/gaim-1.3.1-i486-1.tgz: Upgraded to gaim-1.3.1 and...
(FALSE ALARM ON) ncftp
Hey folks, An advisory recently went out on NcFTP, but it appears that the issue in question was fixed long ago in version 3.1.5, released on 2002-10-13. I received an email at [email protected] from a well-meaning user informing me that 3.1.9 had a security issue that was going unpatched: I...
ncftp
New ncftp packages are available for Slackware 10.0, 10.1, and -current to fix security issues. More details about this issue may be found on the NcFTP site: http://www.ncftp.com/ncftp/doc/changelog.html3.1.5 Here are the details from the Slackware 10.1 ChangeLog:...
Mozilla/Firefox
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMozilla Also updated is Firefox in Slackware...
gaim
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix several security issues. Sites that use GAIM should upgrade to the new version. Here are the details from the Slackware 10.1 ChangeLog: patches/packages/gaim-1.3.0-i486-1.tgz: Upgraded to gaim-1.3.0. This fixe...
xine-lib
New xine-lib packages are available for Slackware 10.0, 10.1, and -current to fix security issues. The xine frontends have also been upgraded. For more details on the xine-lib security issues, see: http://xinehq.de/index.php/security/XSA-2004-8 Here are the details from the Slackware 10.1...
infozip
New infozip zip/unzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. - From the www.info-zip.org site: Zip 2.3 and presumably all previous versions have a buffer- overrun vulnerability relating to deep directory paths that could potentially le...
Mozilla/Firefox
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMozilla Also updated is Firefox in Slackware...
gaim
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix several security issues. Sites that use GAIM should upgrade to the new version. Here are the details from the Slackware 10.1 ChangeLog: patches/packages/gaim-1.2.1-i486-1.tgz: Upgraded to gaim-1.2.1. According...
Python SimpleXMLRPCServer module
New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue in the SimpleXMLRPCServer library module. Here are the details from the Slackware 10.1 ChangeLog: patches/packages/python-2.4.1-i486-1.tgz: Upgraded to python-2.4.1. From the python.org...
CVS
New CVS packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 Here are the details from t...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. More details about the issues may be found in the PHP ChangeLogs on the PHP web site: http://php.net Here are the details from the Slackware 10.1 ChangeLog:...
Mozilla/Firefox/Thunderbird
New Mozilla packages are available for Slackware 9.1, 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMozilla Also updated are Firefox and Thunderbi...
[slackware-security] libtiff
New libtiff packages are available for Slackware 8.1, 9.0, 9.1, 10.1, and -current to fix security issues that could lead to application crashes, or possibly execution of arbitrary code. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
[slackware-security] apache+mod_ssl
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue. Apache has been upgraded to version 1.3.33 which fixes a buffer overflow which may allow local users to execute arbitrary code as the apache user. The modssl package has also been upgraded t...
[slackware-security] apache, mod_ssl, php
New apache and modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in modproxy. modssl was upgraded from version modssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 whic...
[slackware-security] gaim
New gaim packages are available for Slackware 9.0, 9.1, 10.0 and -current to fix a buffer overflow in the MSN protocol. Sites that use GAIM should upgrade to the new version. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
[slackware-security] rsync
New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
[slackware-security] zlib DoS
New zlib packages are available for Slackware 10.0 and -current to fix a possible denial of service security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-797 Here are the details...
[slackware-security] getmail
New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. More details about this issue may be found in the Common Vulnerabilities and Exposur...
[slackware-security] xine-lib
New xine-lib packages are available for Slackware 10.0 and -current to fix security issues. For more details, see: http://www.xinehq.de/index.php/security/XSA-2004-4 http://www.xinehq.de/index.php/security/XSA-2004-5 Here are the details from the Slackware 10.0 ChangeLog:...
[slackware-security] Mozilla
New Mozilla 1.7.3 packages are available for Slackware 10.0 and -current to fix security issues. Here are the details from the Slackware 10.0 ChangeLog: patches/packages/mozilla-1.7.3-i486-1.tgz: Upgraded to mozilla-1.7.3. The Mozilla page says this fixes some "minor security holes". It also brea...
[slackware-security] GTK+ image loading flaws
New GTK+ version 2 packages are available for Slackware 10.0 and -current to fix issues in the image loader routines that can crash applications. Here are the details from the Slackware 10.0 ChangeLog: l/gtk+2-2.4.10-i486-1.tgz: Upgraded to gtk+-2.4.10. This fixes security issues in the image...
[slackware-security] CUPS DoS
New CUPS packages are available for Slackware 9.1, 10.0, and -current to fix a denial of service issue where a malformed packet can crash the CUPS server. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
[slackware-security] samba DoS
New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba...
[slackware-security] kde
New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues. More details about this issues may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689...
[slackware-security] gaim updated again
A couple of bugs were found in the gaim 0.82 release, and gaim-0.82.1 was released to fix them. In addition, gaim-encryption-2.29 did not work with gaim-0.82 due to changes in the header files, so the gaim-encryption plugin has also been updated to gaim-encryption-2.30. Here are the details from...
[slackware-security] gaim
New gaim packages are available for Slackware 9.1, 10.0 and -current to fix several security issues. Sites that use GAIM should upgrade to the new version. Here are the details from the Slackware 10.0 ChangeLog: Thu Aug 26 17:14:09 PDT 2004 patches/packages/gaim-0.82-i486-1.tgz: Upgraded to...
[slackware-security] Qt
New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause...