Slackware 1161 Published by Philipp Esselbach 0

Updated Mozilla packages have been released for Slackware Linux

New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.

Slackware 1161 Published by Philipp Esselbach 0

Updated libpng packages has been released for Slackware Linux:

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package.

Slackware 1161 Published by Philipp Esselbach 0

An alternate samba package for Slackware 10.0 has been released:

It was pointed out that the new Samba packages for Slackware 10.0 (and -current) have a dependency on libattr.so that wasn't in the previous packages. Since it's not the intent to introduce new requirements in security patches (especially for stable versions), an alternate version of the samba package is being made available that does not require libattr.so.

The original samba-3.0.5-i486-1.tgz package for Slackware 10.0 will also remain in the patches directory (at least for now, since it was just referenced in a security advisory and the URL to it should remain working), and because the original package works fine if the xfsprogs package (which contains libattr) is installed. If you're running a full installation or have xfsprogs installed, you do not need to update samba again.

Slackware 1161 Published by Philipp Esselbach 0

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix a security issue.

A format string vulnerability in mod_proxy hook functions could allow an attacker to run code as the mod_ssl user. Sites using mod_ssl should upgrade (be sure to back up your existing key files first).

Slackware 1161 Published by Philipp Esselbach 0

New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix security issues.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686

Slackware 1161 Published by Philipp Esselbach 0

Updated PHP packages are available for Slackware Linux 8.1 - 10.0:

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

Slackware 1161 Published by Philipp Esselbach 0

Slackware Linux 10.0 has been released:

The first Slackware release of 2004, Slackware Linux 10.0 continues the more than ten-year Slackware tradition of simplicity, stability, and security.

Among the many program updates and distribution enhancements, you'll find two of the most advanced desktop environments available today: GNOME 2.6.1 (including a collection of pre-compiled GNOME applications), and KDE 3.2.3, the latest version of the award-winning K Desktop Environment. Slackware uses the 2.4.26 kernel bringing you advanced performance features such as the ReiserFS journaling filesystem, SCSI and ATA RAID volume support, and kernel support for X DRI (the Direct Rendering Interface) that brings high-speed hardware accelerated 3D graphics to Linux. Additional kernels allow installing Slackware using any of the journaling filesystems available for Linux, including ext3, ReiserFS, IBM's JFS, and SGI's XFS. For those Slackware users who are anxious to try the new 2.6.x kernel series, it is fully supported by the system. A precompiled Linux 2.6.7 kernel, modules, and source code are provided (along with complete instructions on how to install the new kernel).

Slackware 1161 Published by Philipp Esselbach 0

A cvs update is available for Slackware Linux:

New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away.

Slackware 1161 Published by Philipp Esselbach 0

A mod_ssl update is available for Slackware Linux:

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA. Web sites running mod_ssl should upgrade to the new set of apache and mod_ssl packages. There are new PHP packages as well to fix a Slackware-specific local denial-of-service issue (an additional Slackware advisory SSA:2004-154-02 has been issued for PHP).

Slackware 1161 Published by Philipp Esselbach 0

A PHP update has been released for Slackware Linux:

New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path (under /tmp) could allow a local attacker to place shared libraries at this location causing PHP to crash, or to execute arbitrary code as the PHP user (which is by default, "nobody").

Thanks to Bryce Nichols for researching and reporting this issue.

Slackware 1161 Published by Philipp Esselbach 0

Updated cvs packages are now available for Slackware Linux:

New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396

Slackware 1161 Published by Philipp Esselbach 0

Updated kdelibs packages has been released for Slackware Linux:

New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411