New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix security issues.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
Updated PHP packages are available for Slackware Linux 8.1 - 10.0:
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
iLUG-Cal has posted a review on Slackware Linux 10
OSNews has posted a review on Slackware Linux 10
Slackware Linux 10.0 has been released:
The first Slackware release of 2004, Slackware Linux 10.0 continues the more than ten-year Slackware tradition of simplicity, stability, and security.
Among the many program updates and distribution enhancements, you'll find two of the most advanced desktop environments available today: GNOME 2.6.1 (including a collection of pre-compiled GNOME applications), and KDE 3.2.3, the latest version of the award-winning K Desktop Environment. Slackware uses the 2.4.26 kernel bringing you advanced performance features such as the ReiserFS journaling filesystem, SCSI and ATA RAID volume support, and kernel support for X DRI (the Direct Rendering Interface) that brings high-speed hardware accelerated 3D graphics to Linux. Additional kernels allow installing Slackware using any of the journaling filesystems available for Linux, including ext3, ReiserFS, IBM's JFS, and SGI's XFS. For those Slackware users who are anxious to try the new 2.6.x kernel series, it is fully supported by the system. A precompiled Linux 2.6.7 kernel, modules, and source code are provided (along with complete instructions on how to install the new kernel).
Thanks Mark. Patrick Volkerding has released Slackware 10.0 RC2 today. This release include GNOME 2.6.2 and Mozilla 1.7.
Changelog Download
OSNews reports that Patrick Volkerding has released Slackware 10-RC1 today
A kernel update has been released for Slackware Linux:
New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue. Without a patch to asm-i386/i387.h, a local user can crash the machine.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
A cvs update is available for Slackware Linux:
New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away.
KDE 3.2.3 is available for Slackware Linux 9.1
FootNotes reports that Dropline GNOME 2.6.1 for Slackware Linux has been released
A mod_ssl update is available for Slackware Linux:
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA. Web sites running mod_ssl should upgrade to the new set of apache and mod_ssl packages. There are new PHP packages as well to fix a Slackware-specific local denial-of-service issue (an additional Slackware advisory SSA:2004-154-02 has been issued for PHP).
A PHP update has been released for Slackware Linux:
New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path (under /tmp) could allow a local attacker to place shared libraries at this location causing PHP to crash, or to execute arbitrary code as the PHP user (which is by default, "nobody").
Thanks to Bryce Nichols for researching and reporting this issue.
Updated cvs packages are now available for Slackware Linux:
New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
Updated kdelibs packages has been released for Slackware Linux:
New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
A mc update is available for Slackware Linux:
New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc.
Sites that use mc should upgrade to the new mc package.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232
An apache update has been released for Slackware Linux
New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.
An lha update has been released for Slackware Linux
New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away.
A xine-lib update (SSA:2004-124-03) has been released for Slackware Linux:
New xine-lib packages are available for Slackware 9.1 and -current to fix a security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream.
rsync update (SSA:2004-124-01) has been released for Slackware Linux:
New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well).
