cairo

2007-12-03T21:04:38
ID SSA-2007-337-01
Type slackware
Reporter Slackware Linux Project
Modified 2007-12-03T21:04:38

Description

New cairo packages are available for Slackware 11.0, 12.0, and -current to fix security issues.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503

Here are the details from the Slackware 12.0 ChangeLog:

patches/packages/cairo-1.4.12-i486-1_slack12.0.tgz: Upgraded to cairo-1.4.12. This fixes a possible security risk when decoding PNG files that may have been maliciously tampered with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 ( Security fix )

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/cairo-1.4.12-i486-1_slack11.0.tgz

Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cairo-1.4.12-i486-1_slack12.0.tgz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/cairo-1.4.12-i486-1.tgz

MD5 signatures:

Slackware 11.0 package: d3185d684496dde3a0031be467844405 cairo-1.4.12-i486-1_slack11.0.tgz

Slackware 12.0 package: 2d27eb33c8518cd4b4a59464c074acbe cairo-1.4.12-i486-1_slack12.0.tgz

Slackware -current package: 31e905277640285624fae188da4e8318 cairo-1.4.12-i486-1.tgz

Installation instructions:

Upgrade the packages as root: > upgradepkg cairo-1.4.12-i486-1_slack12.0.tgz