Slackware 1126 Published by

3 new security updates are available for Slackware:

- glibc (SSA:2010-295-01)
- mozilla-thunderbird (SSA:2010-295-03)
- mozilla-firefox (SSA:2010-295-02)



[slackware-security] glibc (SSA:2010-295-01)
New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt.
Patched "dynamic linker expands $ORIGIN in setuid library search path".
This security issue allows a local attacker to gain root if they can create
a hard link to a setuid root binary. Thanks to Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://seclists.org/fulldisclosure/2010/Oct/257
(* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
fe218536818e92a129c1bc54c939746d glibc-2.5-i486-5_slack12.0.tgz
44a61910ef911b8577d8ffe6db25a4d0 glibc-i18n-2.5-noarch-5_slack12.0.tgz
646f591a5a7f276d26d1731dff195417 glibc-profile-2.5-i486-5_slack12.0.tgz
a230abf524edc643ce004c1ff64f512b glibc-solibs-2.5-i486-5_slack12.0.tgz
e6de7535e8271d0db267263915a70e22 glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Slackware 12.1 packages:
c0fdd589622cdb60381c2f28f2bfff1a glibc-2.7-i486-11_slack12.1.tgz
7ce224522417c2aeaa131f915a09e479 glibc-i18n-2.7-noarch-11_slack12.1.tgz
f4a4ad055eb2aa1ecb984917d868b242 glibc-profile-2.7-i486-11_slack12.1.tgz
2cc062234dc826841222e80ce1b4ce06 glibc-solibs-2.7-i486-11_slack12.1.tgz
9a2f1fdf3185bc9ce2e641b6c94bf33b glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Slackware 12.2 packages:
63d1f63892d856a1f809cc8d4b794453 glibc-2.7-i486-18_slack12.2.tgz
f0de3e78497498323f089ddb56ba5f51 glibc-i18n-2.7-noarch-18_slack12.2.tgz
e30bd13da86ef3c127dedb7a31a490fd glibc-profile-2.7-i486-18_slack12.2.tgz
26c50351c530bc569ed2664aa8ea1ab0 glibc-solibs-2.7-i486-18_slack12.2.tgz
077fcc888ee6ebcfc00018043754d199 glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Slackware 13.0 packages:
1b8f954339e7f33b2149193964b83070 glibc-2.9-i486-4_slack13.0.txz
abd450ab5ef57d775561e2a9fc9cc83a glibc-i18n-2.9-i486-4_slack13.0.txz
82fb6947e1a6cfa49ba633cb85da1970 glibc-profile-2.9-i486-4_slack13.0.txz
dfe9770d051633ba612622651b872912 glibc-solibs-2.9-i486-4_slack13.0.txz
997fc370ffb9c47542371854b77d20f1 glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware x86_64 13.0 packages:
da45460ae0ca09a4ead864e4ec536699 glibc-2.9-x86_64-4_slack13.0.txz
872227d8d5615881c72fd40ee8df685c glibc-i18n-2.9-x86_64-4_slack13.0.txz
b3862eb5479a8c8a807395267fdf80b0 glibc-profile-2.9-x86_64-4_slack13.0.txz
12bd96ae14d54e30bdb3ef6f7cc233cf glibc-solibs-2.9-x86_64-4_slack13.0.txz
3c77b4da325e30d1a5b33dd08e8778ff glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware 13.1 packages:
a54af004a11c4dd22aac80a1987a2eb6 glibc-2.11.1-i486-4_slack13.1.txz
0d5b3848b6ca455e40acaeb5f96e171e glibc-i18n-2.11.1-i486-4_slack13.1.txz
e139fea062d772e1777e74c657101f82 glibc-profile-2.11.1-i486-4_slack13.1.txz
5587f6b82dc3e2f8e7644500c98587ec glibc-solibs-2.11.1-i486-4_slack13.1.txz
eac27b0a86c8d214356f4c129d9a7272 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware x86_64 13.1 packages:
304f9204bef835b10840b71fcaad4354 glibc-2.11.1-x86_64-4_slack13.1.txz
bca59e40ffcf3069c70eb15947eb04e9 glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
03f09bf10f5a61285b5bfdf9e2009137 glibc-profile-2.11.1-x86_64-4_slack13.1.txz
27bb1cac7066a76dab2f04a2fcb3a14c glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
236372130178abc826e09eaa12dd7db5 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware -current packages:
39b8c96ef2161c86cd13ee8fd240bf97 a/glibc-solibs-2.12.1-i486-2.txz
f26f8165f418b0d8120ee3d44c0dbd14 a/glibc-zoneinfo-2.12.1-noarch-2.txz
d7ef55b89b6c5d350d81e377317a6610 l/glibc-2.12.1-i486-2.txz
bcf549bf173537bef56e823216a2eb59 l/glibc-i18n-2.12.1-i486-2.txz
77da2dd0aa8504b8446638282bfd39a6 l/glibc-profile-2.12.1-i486-2.txz

Slackware x86_64 -current packages:
046aa5bccd77f9b7ab8be35a609d20b5 a/glibc-solibs-2.12.1-x86_64-2.txz
07c3df0db68615c529b90a31ba9125eb a/glibc-zoneinfo-2.12.1-noarch-2.txz
60049dd502b2ad4d1ffd9f0e4c5790cf l/glibc-2.12.1-x86_64-2.txz
2ff8df667920817e2654f6af3f3787fa l/glibc-i18n-2.12.1-x86_64-2.txz
728482177fec580983a40eaa7d1a88ee l/glibc-profile-2.12.1-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
[slackware-security] mozilla-thunderbird (SSA:2010-295-03)
New mozilla-thunderbird packages are available for Slackware 13.1 and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-3.0.9-i686-1.txz: Upgraded.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-thunderbird-3.0.9-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-thunderbird-3.0.9-x86_64-1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-3.1.5-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-3.1.5-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
388ea05dcce5ee345da4ceb7f05ed9a6 mozilla-thunderbird-3.0.9-i686-1.txz

Slackware x86_64 13.1 package:
ab3d2ee3a443b9fcc63141ec46a61b64 mozilla-thunderbird-3.0.9-x86_64-1.txz

Slackware -current package:
f04c611a3d7c67eb8daa1f3d9a42c96c xap/mozilla-thunderbird-3.1.5-i686-1.txz

Slackware x86_64 -current package:
60832685f2c3933fbe6b6b632f945328 xap/mozilla-thunderbird-3.1.5-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg mozilla-thunderbird-3.0.9-i686-1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
[slackware-security] mozilla-firefox (SSA:2010-295-02)
New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-3.6.11-i686-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.11-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.11-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-3.6.11-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-3.6.11-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
5fa7ed35759a818994f0325f9944151f mozilla-firefox-3.6.11-i686-1.txz

Slackware x86_64 13.0 package:
bab4649aab1bd0e4cffe81906a6ae8af mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
5fa7ed35759a818994f0325f9944151f mozilla-firefox-3.6.11-i686-1.txz

Slackware x86_64 13.1 package:
6c0b3d7a98b544cdb806660272d86481 mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz

Slackware -current package:
5fa7ed35759a818994f0325f9944151f xap/mozilla-firefox-3.6.11-i686-1.txz

Slackware x86_64 -current package:
87da1e687f5be429422434eb3aa29da3 xap/mozilla-firefox-3.6.11-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xap/mozilla-firefox-3.6.11-i686-1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key