1893 matches found
SSA-2002-0626204548
The Slackware Linux Project: Slackware Security Advisories Slackware Security Advisories News Security Advisories /...
new apache/mod_ssl packages available
...
sudo upgrade fixes a potential vulnerability
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6....
cvs recompiled against updated zlib + /tmp fix
New cvs packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 17:54:12 PST 2002 patches/packages/cvs.tgz: Patched to link to the shared zlib on the system instead of statically linking to the included zlib...
rsync update fixes security problems
New rsync packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 15:09:26 PST 2002 patches/packages/rsync.tgz: Upgraded to rsync-2.5.3. This fixes two security problems: Make sure that supplementary groups...
zlib upgrade fixes vulnerability
New zlib packages are available to fix a security problem which may impact programs that link with zlib. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 13:32:40 PST 2002 patches/packages/zlib.tgz: Upgraded to zlib-1.1.4. This fixes a security...
OpenSSH security problem fixed
New openssh packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1. This fixes a security problem in the openssh package. All sites...
mod_php update fixes security problems
A new modphp PHP4 package is available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Sat Mar 2 22:45:25 PST 2002 patches/packages/modphp.tgz: Upgraded to PHP 4.1.2. This fixes several security problems in the POST handling code use...
rsync update fixes security problems
New rsync packages are available to fix a security problem. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 25 14:25:51 PST 2002 patches/packages/rsync.tgz: Fixed a security hole by upgrading to rsync-2.4.8pre1. This is the relevant information from the rsync NEWS file: SECURITY...
Security updates: at, sudo, xchat
New packages are now available to address security issues with the at scheduler program found in Slackware 8.0's bin.tgz package, sudo, and xchat. Here's the information from the Slackware 8.0 ChangeLog: Mon Jan 21 13:21:07 PST 2002 patches/packages/at.tgz: Fixed a buffer overflow. Security fix...
Pine update fixes insecure URL-handling
Pine 4.44 packages are now available to fix a problem with insecure URL handling. Here's the information from the Slackware 8.0 ChangeLog: Sat Jan 12 13:05:33 PST 2002 patches/packages/pine.tgz: Fix a security problem with pine by upgrading to pine4.44. More details from the Pine Announcement Lis...
glibc glob overflow patched
A buffer overflow has been found in the glob3 function in glibc. Fixed packages for Slackware 8.0 are now available. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 11 14:07:07 PST 2002 patches/packages/glibc.tgz, patches/packages/glibcso.tgz: Fixed a buffer overflow in the glob3...
mutt remote exploit patched
An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-1.2.5.1 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current. We urge all Slackware users to...
sendmail and procmail update
An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 a...
buffer overflow fix for NTP
The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release. The...
buffer overflow in sudo fixed
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow, which could be used by malicious users to compromise parts of the system. If you rely on Sudo and use one of the above versions of Slackware, it is recommended that you upgrade to t...
multiple vulnerabilities in bind 8.x
Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website: http://www.isc.org/products/BIND/ ... and in the CERT Advisory CA-2001-02 - Multipl...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
buffer overflow vulnerability in Pine
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. By upgrading to Pine 4.3...
Local /tmp vulnerability fixed in ppp-off
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug could allow a local user to corrupt system files. A fix has been made and an updated package is now available in the -current branch. The package described below will work for users of Slackware 7.0, 7.1, and -current...
root exploit with xlockmore fixed
A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock or disable xlock altogether...
Apache 1.3.14 available
Several security problems have been found in the Apache web server software. It is recommended that all users of Apache upgrade to the latest stable release to fix these problems. Apache is included in our N software series in the apache.tgz package. A new apache.tgz package including Apache 1.3....
wu-ftpd advisory update
UPDATE: This announcement was first mailed out on 28-Sep-2000. It was later determined that incorrect 16-bit sums and 128-bit MD5 message digests were included in the announcement. The announcement below is identical to the one from yesterday, but it includes the correct verification data. We...
wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
A vulnerability involving an input validation error in the "site exec" command has recently been identified in the wu-ftpd program CERT Advisory CA-2000-13. More information about this problem can be found at this site: http://www.cert.org/advisories/CA-2000-13.html The wu-ftpd daemon is part of...
klogd Kernel Logger vulnerability and fix
A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon. Please upgrade to the new sysklogd 1.4 package available on the Slackware FTP site. ========================================================================= sysklogd 1.4 AVAILABLE - a1/sysklogd.tgz...
: xchat input validation bug fixed
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current. The problem is described in detail at this site: http://www.securityfocus.com/bid/1601 Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the xchat.tgz package available in the Slackware -current...
: glibc 2.1.3 vulnerabilities patched
Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access. Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the new glibc packages in the -current branch...
Perl root exploit in Slackware 7.1 & -current
A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package. It is recommended that all users of Slackware 7.1 and -current upgrade to the perl.tgz package available in the Slackware -current branch. ==================================== perl...
wu-ftpd remote exploit patched
A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A new tcpip1.tgz package is now available in the Slackware 7.1 tree. We have also provided a seperate patch...
Kernel 2.2.16 and /usr/bin/Mail
...
Buffer Overflow in fdmount
...
Updated Lynx package for Slackware 7.0 & -current
...
aaa_base not vulnerable
...
libsafe added to -current
...
Emacs 20.6 updated updates
...
emacs & gpm fixes for Slackware 7.0 & -current
...
Security Patches for Slackware 7.0 Available
...
Security Fixes for Slackware 4.0 Available
...
CA-99-13: minimal fix for Slackware 3.5 through 4.0
...
CA-99-13: wu-ftpd upgrade available
...
INN buffer overflow
...
wu.ftpd buffer overflow
...
libtermcap buffer overflow
...