Slackware 1153 Published by Philipp Esselbach 0

New CUPS packages are available for Slackware 9.1, 10.0, and -current to fix a denial of service issue where a malformed packet can crash the CUPS server.

Slackware 1153 Published by Philipp Esselbach 0

New samba packages are available for Slackware 10.0 and -current.

These fix two denial of service vulnerabilities reported by
iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.

Slackware 1153 Published by Philipp Esselbach 0

New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues.

More details about this issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746

Slackware 1153 Published by Philipp Esselbach 0

The gaim package for Slackware Linux has been updated again

A couple of bugs were found in the gaim 0.82 release, and gaim-0.82.1 was released to fix them. In addition, gaim-encryption-2.29 did not work with gaim-0.82 due to changes in the header files, so the gaim-encryption plugin has also been updated to gaim-encryption-2.30.

Slackware 1153 Published by Philipp Esselbach 0

New gaim packages are available for Slackware 9.1, 10.0 and -current to fix several security issues. Sites that use GAIM should upgrade to the new version.

Slackware 1153 Published by Philipp Esselbach 0

New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues.

Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

Slackware 1153 Published by Philipp Esselbach 0

Updated sox packages are available for Slackware Linux

New sox packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix buffer overflow security issues that could allow a malicious WAV file to execute arbitrary code.

Slackware 1153 Published by Philipp Esselbach 0

Updated imagemagick packages are available for Slackware Linux

New imagemagick packages are available for Slackware 9.1, 10.0, and -current to fix security issues with PNG images.

More details about the issues with PNG may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

Slackware 1153 Published by Philipp Esselbach 0

Updated Mozilla packages have been released for Slackware Linux

New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.

Slackware 1153 Published by Philipp Esselbach 0

Updated libpng packages has been released for Slackware Linux:

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package.

Slackware 1153 Published by Philipp Esselbach 0

An alternate samba package for Slackware 10.0 has been released:

It was pointed out that the new Samba packages for Slackware 10.0 (and -current) have a dependency on libattr.so that wasn't in the previous packages. Since it's not the intent to introduce new requirements in security patches (especially for stable versions), an alternate version of the samba package is being made available that does not require libattr.so.

The original samba-3.0.5-i486-1.tgz package for Slackware 10.0 will also remain in the patches directory (at least for now, since it was just referenced in a security advisory and the URL to it should remain working), and because the original package works fine if the xfsprogs package (which contains libattr) is installed. If you're running a full installation or have xfsprogs installed, you do not need to update samba again.

Slackware 1153 Published by Philipp Esselbach 0

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix a security issue.

A format string vulnerability in mod_proxy hook functions could allow an attacker to run code as the mod_ssl user. Sites using mod_ssl should upgrade (be sure to back up your existing key files first).

Slackware 1153 Published by Philipp Esselbach 0

New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix security issues.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686

Slackware 1153 Published by Philipp Esselbach 0

Updated PHP packages are available for Slackware Linux 8.1 - 10.0:

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595