Lucene search
+L
SlackwareRecent

1893 matches found

Slackware Linux
Slackware Linux
added 2004/02/12 12:19 p.m.49 views

XFree86 security update

New XFree86 base packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix overflows which could possibly be exploited to gain unauthorized root access. All sites running XFree86 should upgrade to the new package. More details about these issues may be found in the Common...

10CVSS7.1AI score0.24863EPSS
Exploits2
Slackware Linux
Slackware Linux
added 2004/02/12 12:19 p.m.30 views

mutt security update

Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt...

7.5CVSS6.7AI score0.05427EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2004/01/26 4:14 p.m.28 views

GAIM security update

GAIM is a GTK2-based Instant Messaging IM client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2004/01/14 10:23 p.m.16 views

INN security update

INN InterNetNews is used to run a news NNTP server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade. Here are the details from the Slackware 9.1...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2004/01/14 9:43 p.m.32 views

kdepim security update

New kdepim packages are available for Slackware 9.0 and 9.1 to fix a security issue with .VCF file handling. For Slackware -current, a complete upgrade to kde-3.1.5 is available. Here are the details from the Slackware 9.1 ChangeLog: Wed Jan 14 11:58:58 PST 2004...

7.5CVSS7AI score0.06151EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2004/01/08 8:4 p.m.46 views

Slackware 8.1 kernel security update

New kernels are available for Slackware 8.1 containing a backported fix from a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to gain root privileges. This fix was previously issued for Slackware 9.0, 9.1, and -current SSA:2004-006-01. Sites running...

7.2CVSS6.5AI score0.01233EPSS
Exploits3
Slackware Linux
Slackware Linux
added 2004/01/06 8:0 p.m.36 views

Kernel security update

New kernels are available for Slackware 9.0, 9.1 and -current. The 9.1 and -current kernels have been upgraded to 2.4.24, and a fix has been backported to the 2.4.21 kernels in Slackware 9.0 to fix a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to ga...

7.2CVSS6.5AI score0.01233EPSS
Exploits3
Slackware Linux
Slackware Linux
added 2003/12/12 8:39 p.m.24 views

[slackware-security] lftp security update

lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new...

6.8AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/12/11 9:52 p.m.10 views

[slackware-security] cvs security update

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the use of CVS as a server. A security problem which could allow an attacker to create directories and possibly...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/12/04 7:50 a.m.15 views

[slackware-security] rsync security update

Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroo...

7.5AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/12/02 11:21 a.m.41 views

minor advisory typo

The recently issued kernel advisory SSA:2003-336-01 reads: "More details about the Apache issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961" This should say "kernel", not "Apache". Sorry for any confusion. The...

7.2CVSS6.3AI score0.03322EPSS
Exploits2
Slackware Linux
Slackware Linux
added 2003/12/02 10:5 a.m.44 views

Kernel security update

New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's dobrk function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4...

7.2CVSS6AI score0.03322EPSS
Exploits2
Slackware Linux
Slackware Linux
added 2003/11/04 4:48 p.m.35 views

apache security update

Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to...

7.2CVSS6.9AI score0.1273EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/10/27 12:7 p.m.31 views

fetchmail security update

Fetchmail is a mail-retrieval and forwarding utility. Upgraded fetchmail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix a vulnerability where a specially crafted email could crash fetchmail, preventing the user from downloading or forwarding their email. More details...

5CVSS6.2AI score0.01943EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/10/27 12:7 p.m.30 views

gdm security update

GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users. Upgraded gdm packages are available for Slackware 9.0, 9.1, and -current. These fix two vulnerabilities which could allow a local user to crash or freeze gdm, preventing access to the machine unti...

2.1CVSS6.3AI score0.00414EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/30 10:48 p.m.15 views

OpenSSL security update

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out. We...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/23 11:7 p.m.38 views

WU-FTPD Security Advisory

Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature mostly used to compress files, or produce tar archives to execute arbitrary commands on the serve...

7.5CVSS6.9AI score0.06224EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/23 11:6 p.m.31 views

ProFTPD Security Advisory

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file. Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 23 14:43:10 PDT 2003...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/23 11:6 p.m.44 views

New OpenSSH packages

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code...

7.5CVSS6.6AI score0.08575EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/17 12:1 p.m.22 views

Sendmail vulnerabilities fixed

The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html Here...

7.5AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/17 10:0 a.m.18 views

OpenSSH updated again

Upgraded OpenSSH 3.7.1p1 packages are available for Slackware 8.1, 9.0 and -current. These fix additional buffer management errors that were not corrected in the recent 3.7p1 release. The possibility exists that these errors could allow a remote exploit, so we recommend all sites running OpenSSH...

7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/16 12:39 p.m.14 views

OpenSSH Security Advisory

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenS...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/10 11:4 p.m.25 views

security issues in pine

Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current. These fix two security problems found by iDEFENSE Labs which could lead to arbitrary code execution when a specially crafted email is processed by Pine. This problem is fixed in Pine 4.58. Sites which use the Pine mail...

7.7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/09/08 12:58 p.m.13 views

inetd DoS patched

Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disabl...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/08/25 8:39 p.m.28 views

unzip vulnerability patched

Upgraded infozip packages are available for Slackware 9.0 and -current. These fix a security issue where a specially crafted archive may overwrite files including system files anywhere on the filesystem upon extraction by a user with sufficient permissions. For more information, see:...

2.6CVSS6.3AI score0.22526EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2003/08/24 3:48 p.m.14 views

GDM security update

Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system. Here are the details from the Slackware 9.0 ChangeLog: Sun Aug 24 14:36:29 PDT 2003 patches/packages/gdm-2.4.1.6-i386-1.tgz: Upgraded to...

6.6AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/08/01 5:5 p.m.16 views

KDE packages updated

New KDE packages are available for Slackware 9.0. These address a security issue where Konqueror may leak authentication credentials. Here are the details from the Slackware 9.0 ChangeLog: Fri Aug 1 15:15:51 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.3. Note that this update addresses a...

7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/07/15 2:43 p.m.17 views

nfs-utils packages replaced

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash. Here are the details from the Slackware 9.0 ChangeLog: Tue Jul 15 10:42:58 PDT 2003...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/07/14 6:10 p.m.44 views

nfs-utils off-by-one overflow fixed

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...

10CVSS6.9AI score0.15784EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2003/06/17 10:1 p.m.35 views

2.4.21 kernels available

Precompiled Linux 2.4.21 kernels and source packages are now available for Slackware 9.0 and -current. These provide an improved version of the ptrace fix that had been applied to 2.4.20 in Slackware 9.0 for example, command line options now appear correctly when root does 'ps ax', and fix a...

5CVSS6AI score0.04276EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/29 2:26 a.m.16 views

CUPS DoS vulnerability fixed

Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog: Thu May 29 00:52:54 PDT 2003 patches/packages/cups-1.1.19-i386-1.tgz: Upgraded to cups-1.1.19. A denial of service...

6.8AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/22 11:14 a.m.14 views

REVISED quotacheck security fix in rc.M

NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows: An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:33 p.m.18 views

quotacheck security fix in rc.M

An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this: echo "Checking filesystem quotas: /sbin/quotacheck -avugM" /sbin/quotacheck -avugM The 'M' option is wrong. This causes the...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:32 p.m.14 views

mod_ssl RSA blinding fixes

An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a "double fix". Wit...

6.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:32 p.m.12 views

GnuPG key validation fix

A key validation bug which results in all user IDs on a given key being treated with the validity of the most-valid user ID on that key has been fixed with the release of GnuPG 1.2.2. We recommend sites using GnuPG upgrade to this new package. For detailed information about the problem, see this...

6.7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:31 p.m.13 views

glibc XDR overflow fix

An integer overflow in the xdrmemgetbytes function found in the glibc library has been fixed. This could allow a remote attacker to execute arbitrary code by exploiting RPC service that use xdrmemgetbytes. None of the default RPC services provided by Slackware appear to use this function, but...

7.5AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:30 p.m.16 views

BitchX security fixes

New BitchX packages are available to fix security problems found by Timo Sirainen. BitchX is an IRC Internet Relay Chat client. Under certain circumstances, a malicious IRC server could cause BitchX to crash, or possibly to run arbitrary code as the user running BitchX. All sites running BitchX a...

7.5AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/05/21 8:24 p.m.14 views

EPIC4 security fixes

New EPIC4 packages are available to fix security problems found by Timo Sirainen. EPIC4 is an IRC Internet Relay Chat client. Under certain circumstances, a malicious IRC server could cause EPIC4 to crash, or possibly to run arbitrary code as the user running EPIC4. All sites running EPIC4 are...

7.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/04/17 3:51 p.m.28 views

Updated KDE packages available

New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents. Here are the details from the Slackware 9.0 ChangeLog: Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.1a. Also included in this directory are a...

7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/04/07 3:50 p.m.172 views

Samba security problem fixed

The samba packages in Slackware 8.1 and 9.0 have been upgraded to Samba 2.2.8a to fix a security problem. All sites running samba should upgrade. Here are the details from the Slackware 9.0 ChangeLog: Mon Apr 7 14:26:53 PDT 2003 patches/packages/samba-2.2.8a-i386-1.tgz: Upgraded to samba-2.2.8a...

10CVSS6.3AI score0.84502EPSS
Exploits23
Slackware Linux
Slackware Linux
added 2003/03/29 3:56 p.m.15 views

Mutt buffer overflow in IMAP support

The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you...

7.7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/03/29 3:40 p.m.34 views

Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix. All sites running sendmail should upgrade. More information on the problem can be found here:...

7.4AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/03/15 2:55 p.m.18 views

Samba buffer overflow fixed

The samba packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running samba should upgrade. Here are the details from the Slackware 8.1 ChangeLog: Sat Mar 15 13:49:04 PST 2003 patches/packages/samba-2.2.8-i386-1.tgz: Upgraded to Samba 2.2.8. From the Samb...

7AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/03/03 11:50 a.m.13 views

Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade. More information on the problem can be found here: http://www.sendmail.org/8.12.8.html Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3...

7.4AI score
Exploits0
Slackware Linux
Slackware Linux
added 2003/01/21 2:26 p.m.44 views

New CVS packages available

New cvs packages are available to fix a security vulnerability. Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jan 21 13:12:20 PST 2003 patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5. This release fixes a major security vulnerability in the...

7.5CVSS6.3AI score0.2387EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2003/01/19 12:44 p.m.16 views

New DHCP packages available

...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2002/11/21 5:41 a.m.14 views

SSA-2002-1121054101

...

0.8AI score
Exploits0
Slackware Linux
Slackware Linux
added 2002/11/20 9:41 p.m.16 views

New Samba package available

...

7.1AI score
Exploits0
Slackware Linux
Slackware Linux
added 2002/07/31 8:11 p.m.29 views

SSA-2002-0731201128

The Slackware Linux Project: Slackware Security Advisories Slackware Security Advisories News Security Advisories /...

8.3AI score
Exploits0
Slackware Linux
Slackware Linux
added 2002/07/31 1:11 p.m.70 views

Security updates for Slackware 8.1

Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, modssl, openssh, openssl, and php. Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jul 30 19:45:52 PDT 2002 patches/packages/apache-1.3.26-i386-2.tgz...

6.2CVSS7AI score0.36039EPSS
Exploits1
Total number of security vulnerabilities1893