glibc-zoneinfo (SSA:2007-283-01)

Slackware 1130 Published by Philipp Esselbach 0

New glibc-zoneinfo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to update the timezone tables to the latest versions. If you've noticed your clock has wandered off, these packages should fix the problem.

This isn't really a "security issue" (or is a minor one), but it's an important fix nevertheless.

php (SSA:2007-255-03)

Slackware 1130 Published by Philipp Esselbach 0

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs."

Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 (being in the /testing directory), and was not the default version of PHP for Slackware 11.0 (being in the /extra directory), but updates are being provided anyway.

firefox (SSA:2007-213-01)

Slackware 1130 Published by Philipp Esselbach 0

New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues.

Note that Firefox 1.5.x has reached its EOL (end of life) and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox binaries, these packages should work equally well on earlier Slackware systems.

More details about the security issues may be found at this link:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox

bind (SSA:2007-207-01)

Slackware 1130 Published by Philipp Esselbach 0

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues.

The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

The second issue is the discovery that BIND9's query IDs are cryptographically weak. This issue affects the versions of BIND9 in all supported Slackware versions. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

seamonkey (SSA:2007-205-02)

Slackware 1130 Published by Philipp Esselbach 0

New SeaMonkey packages are available for Slackware 11.0 and 12.0 to fix possible security issues. While this update has been reported to MozillaZine to "fix several security issues", details are not yet available. Presumably the issues are similar to the ones that were recently addressed in Firefox and Thunderbird.

More details about the issues may (eventually) be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey

Slackware Linux 12.0

Slackware 1130 Published by Philipp Esselbach 0

Slackware 12.0 has been released:

Well folks, it's that time to announce a new stable Slackware release again. So, without further ado, announcing Slackware version 12.0! Since we've moved to supporting the 2.6 kernel series exclusively (and fine-tuned the system to get the most out of it), we feel that Slackware 12.0 has many improvements over our last release (Slackware 11.0) and is a must-have upgrade for any Slackware user.

This first Slackware edition of the year combines Slackware's legendary simplicity (and close tracking of original sources), stability, and security with some of the latest advances in Linux technology. Expect no less than the best Slackware yet.

php5 (SSA:2007-152-01)

Slackware 1130 Published by Philipp Esselbach 0

New php5 packages are available for Slackware 10.2, 11.0, and -current to fix security issues. PHP5 was considered a test package in Slackware 10.2, and an "extra" package in Slackware 11.0. If you are currently running PHP4 you may wish to stick with that, as upgrading to PHP5 will probably require changes to your system's configuration and/or web code.

More details about the issues affecting Slackware's PHP5 may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872

One CVE-issued vulnerability (CVE-2007-1887) does not affect Slackware as
we do not ship an unbundled sqlite2 library.

Slackware 11.0 x11-6.9.0 patch fix (SSA:2007-110-01)

Slackware 1130 Published by Philipp Esselbach 0

A new x11-6.9.0-i486-14_slack11.0.tgz patch is available for Slackware 11.0 to fix the inadvertent inclusion of two old fontconfig binaries. Installing the original fontconfig patch followed by the original x11 patch would cause fc-cache and fc-list to be overwritten by old versions, breaking fontconfig.

To fix the issue, reinstall the fontconfig patch. The x11 package has been updated so that installation will not be order-specific for anyone fetching the patches now.

freetype (SSA:2007-109-01)

Slackware 1130 Published by Philipp Esselbach 0

New x11 and/or freetype and fontconfig packages are available for Slackware 10.1, 10.2, 11.0, and -current to fix security issues in freetype. Freetype was packaged with X11 prior to Slackware version 11.0.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
Fixed an overflow parsing BDF fonts.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
(* Security fix *)
+--------------------------+

x11 (SSA:2007-066-02)

Slackware 1130 Published by Philipp Esselbach 0

New x11 packages are available for Slackware 10.2 and 11.0.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
x/x11-6.9.0-i486-12_slack11.0.tgz: Patched.
This update fixes overflows in the dbe and render extensions. This could
possibly be exploited to overwrite parts of memory, possibly allowing
malicious code to execute, or (more likely) causing X to crash.
For information about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
+--------------------------+

gnupg (SSA:2007-066-01)

Slackware 1130 Published by Philipp Esselbach 0

New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security ramifications of incorrect gpg usage.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
n/gnupg-1.4.7-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.7.
This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
+--------------------------+

imagemagick (SSA:2007-066-06)

Slackware 1130 Published by Philipp Esselbach 0

A new imagemagick package is available for Slackware 11.0 to fix security issues.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/imagemagick-6.3.3_0-i486-1_slack11.0.tgz:
Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
+--------------------------+

mozilla-firefox (SSA:2007-066-03)

Slackware 1130 Published by Philipp Esselbach 0

New mozilla-firefox packages are available for Slackware 10.2, and 11.0 to fix security issues.


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/mozilla-firefox-1.5.0.10-i686-1.tgz:
Upgraded to firefox-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+

mozilla-thunderbird (SSA:2007-066-04)

Slackware 1130 Published by Philipp Esselbach 0

New mozilla-thunderbird packages are available for Slackware 10.2, and 11.0 to fix security issues.

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/mozilla-thunderbird-1.5.0.10-i686-1.tgz:
Upgraded to thunderbird-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+

seamonkey (SSA:2007-066-05)

Slackware 1130 Published by Philipp Esselbach 0

A new seamonkey package is available for Slackware 11.0 to fix security issues.

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/seamonkey-1.0.8-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+

samba (SSA:2007-038-01)

Slackware 1130 Published by Philipp Esselbach 0

New samba packages are available for Slackware 10.0, 10.1, 10.2, and 11.0 to fix a denial-of-service security issue.

More details about the issues fixed in Samba 3.0.24 may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454

bind (SSA:2007-026-01)

Slackware 1130 Published by Philipp Esselbach 0

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix denial of service security issues.

Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x older than 9.3.4 can be made to crash with malformed local or remote data.

More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494

bind (SSA:2006-310-01)

Slackware 1130 Published by Philipp Esselbach 0

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...