1873 matches found
OpenSSH updated again
Upgraded OpenSSH 3.7.1p1 packages are available for Slackware 8.1, 9.0 and -current. These fix additional buffer management errors that were not corrected in the recent 3.7p1 release. The possibility exists that these errors could allow a remote exploit, so we recommend all sites running OpenSSH...
OpenSSH Security Advisory
Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenS...
security issues in pine
Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current. These fix two security problems found by iDEFENSE Labs which could lead to arbitrary code execution when a specially crafted email is processed by Pine. This problem is fixed in Pine 4.58. Sites which use the Pine mail...
inetd DoS patched
Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disabl...
unzip vulnerability patched
Upgraded infozip packages are available for Slackware 9.0 and -current. These fix a security issue where a specially crafted archive may overwrite files including system files anywhere on the filesystem upon extraction by a user with sufficient permissions. For more information, see:...
GDM security update
Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system. Here are the details from the Slackware 9.0 ChangeLog: Sun Aug 24 14:36:29 PDT 2003 patches/packages/gdm-2.4.1.6-i386-1.tgz: Upgraded to...
KDE packages updated
New KDE packages are available for Slackware 9.0. These address a security issue where Konqueror may leak authentication credentials. Here are the details from the Slackware 9.0 ChangeLog: Fri Aug 1 15:15:51 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.3. Note that this update addresses a...
nfs-utils packages replaced
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash. Here are the details from the Slackware 9.0 ChangeLog: Tue Jul 15 10:42:58 PDT 2003...
nfs-utils off-by-one overflow fixed
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...
2.4.21 kernels available
Precompiled Linux 2.4.21 kernels and source packages are now available for Slackware 9.0 and -current. These provide an improved version of the ptrace fix that had been applied to 2.4.20 in Slackware 9.0 for example, command line options now appear correctly when root does 'ps ax', and fix a...
CUPS DoS vulnerability fixed
Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog: Thu May 29 00:52:54 PDT 2003 patches/packages/cups-1.1.19-i386-1.tgz: Upgraded to cups-1.1.19. A denial of service...
REVISED quotacheck security fix in rc.M
NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows: An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in...
quotacheck security fix in rc.M
An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this: echo "Checking filesystem quotas: /sbin/quotacheck -avugM" /sbin/quotacheck -avugM The 'M' option is wrong. This causes the...
mod_ssl RSA blinding fixes
An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a "double fix". Wit...
GnuPG key validation fix
A key validation bug which results in all user IDs on a given key being treated with the validity of the most-valid user ID on that key has been fixed with the release of GnuPG 1.2.2. We recommend sites using GnuPG upgrade to this new package. For detailed information about the problem, see this...
glibc XDR overflow fix
An integer overflow in the xdrmemgetbytes function found in the glibc library has been fixed. This could allow a remote attacker to execute arbitrary code by exploiting RPC service that use xdrmemgetbytes. None of the default RPC services provided by Slackware appear to use this function, but...
BitchX security fixes
New BitchX packages are available to fix security problems found by Timo Sirainen. BitchX is an IRC Internet Relay Chat client. Under certain circumstances, a malicious IRC server could cause BitchX to crash, or possibly to run arbitrary code as the user running BitchX. All sites running BitchX a...
EPIC4 security fixes
New EPIC4 packages are available to fix security problems found by Timo Sirainen. EPIC4 is an IRC Internet Relay Chat client. Under certain circumstances, a malicious IRC server could cause EPIC4 to crash, or possibly to run arbitrary code as the user running EPIC4. All sites running EPIC4 are...
Updated KDE packages available
New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents. Here are the details from the Slackware 9.0 ChangeLog: Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.1a. Also included in this directory are a...
Samba security problem fixed
The samba packages in Slackware 8.1 and 9.0 have been upgraded to Samba 2.2.8a to fix a security problem. All sites running samba should upgrade. Here are the details from the Slackware 9.0 ChangeLog: Mon Apr 7 14:26:53 PDT 2003 patches/packages/samba-2.2.8a-i386-1.tgz: Upgraded to samba-2.2.8a...
Mutt buffer overflow in IMAP support
The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you...
Sendmail buffer overflow fixed (NEW)
The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix. All sites running sendmail should upgrade. More information on the problem can be found here:...
Samba buffer overflow fixed
The samba packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running samba should upgrade. Here are the details from the Slackware 8.1 ChangeLog: Sat Mar 15 13:49:04 PST 2003 patches/packages/samba-2.2.8-i386-1.tgz: Upgraded to Samba 2.2.8. From the Samb...
Sendmail buffer overflow fixed
The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade. More information on the problem can be found here: http://www.sendmail.org/8.12.8.html Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3...
New CVS packages available
New cvs packages are available to fix a security vulnerability. Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jan 21 13:12:20 PST 2003 patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5. This release fixes a major security vulnerability in the...
New DHCP packages available
...
SSA-2002-1121054101
...
New Samba package available
...
SSA-2002-0731201128
The Slackware Linux Project: Slackware Security Advisories Slackware Security Advisories News Security Advisories /...
Security updates for Slackware 8.1
Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, modssl, openssh, openssl, and php. Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jul 30 19:45:52 PDT 2002 patches/packages/apache-1.3.26-i386-2.tgz...
SSA-2002-0626204548
The Slackware Linux Project: Slackware Security Advisories Slackware Security Advisories News Security Advisories /...
new apache/mod_ssl packages available
...
sudo upgrade fixes a potential vulnerability
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6....
cvs recompiled against updated zlib + /tmp fix
New cvs packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 17:54:12 PST 2002 patches/packages/cvs.tgz: Patched to link to the shared zlib on the system instead of statically linking to the included zlib...
rsync update fixes security problems
New rsync packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 15:09:26 PST 2002 patches/packages/rsync.tgz: Upgraded to rsync-2.5.3. This fixes two security problems: Make sure that supplementary groups...
zlib upgrade fixes vulnerability
New zlib packages are available to fix a security problem which may impact programs that link with zlib. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 13:32:40 PST 2002 patches/packages/zlib.tgz: Upgraded to zlib-1.1.4. This fixes a security...
OpenSSH security problem fixed
New openssh packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1. This fixes a security problem in the openssh package. All sites...
mod_php update fixes security problems
A new modphp PHP4 package is available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Sat Mar 2 22:45:25 PST 2002 patches/packages/modphp.tgz: Upgraded to PHP 4.1.2. This fixes several security problems in the POST handling code use...
rsync update fixes security problems
New rsync packages are available to fix a security problem. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 25 14:25:51 PST 2002 patches/packages/rsync.tgz: Fixed a security hole by upgrading to rsync-2.4.8pre1. This is the relevant information from the rsync NEWS file: SECURITY...
Security updates: at, sudo, xchat
New packages are now available to address security issues with the at scheduler program found in Slackware 8.0's bin.tgz package, sudo, and xchat. Here's the information from the Slackware 8.0 ChangeLog: Mon Jan 21 13:21:07 PST 2002 patches/packages/at.tgz: Fixed a buffer overflow. Security fix...
Pine update fixes insecure URL-handling
Pine 4.44 packages are now available to fix a problem with insecure URL handling. Here's the information from the Slackware 8.0 ChangeLog: Sat Jan 12 13:05:33 PST 2002 patches/packages/pine.tgz: Fix a security problem with pine by upgrading to pine4.44. More details from the Pine Announcement Lis...
glibc glob overflow patched
A buffer overflow has been found in the glob3 function in glibc. Fixed packages for Slackware 8.0 are now available. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 11 14:07:07 PST 2002 patches/packages/glibc.tgz, patches/packages/glibcso.tgz: Fixed a buffer overflow in the glob3...
mutt remote exploit patched
An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-1.2.5.1 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current. We urge all Slackware users to...
sendmail and procmail update
An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 a...
buffer overflow fix for NTP
The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release. The...
buffer overflow in sudo fixed
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow, which could be used by malicious users to compromise parts of the system. If you rely on Sudo and use one of the above versions of Slackware, it is recommended that you upgrade to t...
multiple vulnerabilities in bind 8.x
Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website: http://www.isc.org/products/BIND/ ... and in the CERT Advisory CA-2001-02 - Multipl...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
buffer overflow vulnerability in Pine
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. By upgrading to Pine 4.3...
Local /tmp vulnerability fixed in ppp-off
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug could allow a local user to corrupt system files. A fix has been made and an updated package is now available in the -current branch. The package described below will work for users of Slackware 7.0, 7.1, and -current...