1873 matches found
[slackware-security] sox
New sox packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix buffer overflow security issues that could allow a malicious WAV file to execute arbitrary code. Here are the details from the Slackware 10.0 ChangeLog: Sat Aug 7 17:17:20 AKDT 2004...
[slackware-security] imagemagick
New imagemagick packages are available for Slackware 9.1, 10.0, and -current to fix security issues with PNG images. More details about the issues with PNG may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597...
[slackware-security] Mozilla
New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with...
Slackware 9.0, libpng correction
In the previous advisory for libpng SSA:2004-222-01, the URL provided for the Slackware 9.0 patch mistakenly pointed to the old unpatched package. Slackware 9.0 users should follow the URL below for the new package:...
libpng
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should...
alternate samba package for Slackware 10.0
It was pointed out that the new Samba packages for Slackware 10.0 and -current have a dependency on libattr.so that wasn't in the previous packages. Since it's not the intent to introduce new requirements in security patches especially for stable versions, an alternate version of the samba packag...
new mod_ssl packages
New modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix a security issue. A format string vulnerability in modproxy hook functions could allow an attacker to run code as the modssl user. Sites using modssl should upgrade be sure to back up your existing key files...
new samba packages
New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix security issues. More details about these issues may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600...
PHP
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues memorylimit handling and a problem in the striptags function. Sites using PHP should upgrade. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
kernel DoS
New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue. Without a patch to asm-i386/i387.h, a local user can crash the machine. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
cvs
New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away. More details about the issues may be found in the Common Vulnerabilities and...
PHP local security issue
New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path under /tmp could allow a local attacker to place shared libraries at this locatio...
mod_ssl
New modssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to modssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if modssl is...
cvs
New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may...
kdelibs
New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 Here are the details fr...
mc
New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc. Sites that use mc should upgrade to the new mc package. More details about this issue may be found in t...
apache
New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog which could create an exploit if the error log is read in a termina...
lha update in bin package
New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common...
libpng update
New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it. More details about this issue may be found in the Common Vulnerabilities and Exposures C...
xine-lib update
New xine-lib packages are available for Slackware 9.1 and -current to fix a security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream. More details about this issue may be found in this advisory:...
sysklogd update
New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue. Here are the details from the Slackware 9.1 ChangeLog: Sun May 2 17:16:41 PDT 2004...
rsync update
New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...
kernel security updates
New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages including alsa-driver, and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 and 2.6.x kernel modules. The most serio...
xine security update
New xine packages are available for Slackware 9.1 and -current to fix security issues. Here are the details from the Slackware 9.1 ChangeLog: Tue Apr 20 19:01:58 PDT 2004 patches/packages/xine-lib-1rc3c-i686-1.tgz: Upgraded to xine-lib-1-rc3c. This release fixes a security problem where opening a...
utempter security update
New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...
cvs security update
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and...
tcpdump denial of service
Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
OpenSSL security update
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL. We recommend sites that use OpenSSL upgrade to the fixed packages right away. More details about this issue may be found in the Commo...
metamail security update
Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Hrnhammar for discovering these problems...
Kernel security update
New kernels are available for Slackware 9.1 and -current to fix a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to gain root privileges. Please note that this is not the same issue as CAN-2003-0985 which was fixed in early January. The kernels in...
XFree86 security update
New XFree86 base packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix overflows which could possibly be exploited to gain unauthorized root access. All sites running XFree86 should upgrade to the new package. More details about these issues may be found in the Common...
mutt security update
Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt...
GAIM security update
GAIM is a GTK2-based Instant Messaging IM client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75...
INN security update
INN InterNetNews is used to run a news NNTP server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade. Here are the details from the Slackware 9.1...
kdepim security update
New kdepim packages are available for Slackware 9.0 and 9.1 to fix a security issue with .VCF file handling. For Slackware -current, a complete upgrade to kde-3.1.5 is available. Here are the details from the Slackware 9.1 ChangeLog: Wed Jan 14 11:58:58 PST 2004...
Slackware 8.1 kernel security update
New kernels are available for Slackware 8.1 containing a backported fix from a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to gain root privileges. This fix was previously issued for Slackware 9.0, 9.1, and -current SSA:2004-006-01. Sites running...
Kernel security update
New kernels are available for Slackware 9.0, 9.1 and -current. The 9.1 and -current kernels have been upgraded to 2.4.24, and a fix has been backported to the 2.4.21 kernels in Slackware 9.0 to fix a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to ga...
[slackware-security] lftp security update
lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new...
[slackware-security] cvs security update
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the use of CVS as a server. A security problem which could allow an attacker to create directories and possibly...
[slackware-security] rsync security update
Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroo...
minor advisory typo
The recently issued kernel advisory SSA:2003-336-01 reads: "More details about the Apache issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961" This should say "kernel", not "Apache". Sorry for any confusion. The...
Kernel security update
New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's dobrk function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4...
apache security update
Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to...
fetchmail security update
Fetchmail is a mail-retrieval and forwarding utility. Upgraded fetchmail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix a vulnerability where a specially crafted email could crash fetchmail, preventing the user from downloading or forwarding their email. More details...
gdm security update
GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users. Upgraded gdm packages are available for Slackware 9.0, 9.1, and -current. These fix two vulnerabilities which could allow a local user to crash or freeze gdm, preventing access to the machine unti...
OpenSSL security update
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out. We...
WU-FTPD Security Advisory
Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature mostly used to compress files, or produce tar archives to execute arbitrary commands on the serve...
ProFTPD Security Advisory
Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file. Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 23 14:43:10 PDT 2003...
New OpenSSH packages
Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code...
Sendmail vulnerabilities fixed
The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html Here...