Welcome to ssrt.aldria.com linux 2.6.8 (pts/0) 29-07-2010, 15:42
ssrt login:
ssrt
password:
* Slackware Security Response Team *
- Slackware-11.0 IS RELEASED ! -
Aldria Systems running Slackware
ssrt:~$ ls
ssrt:~$
Broadcast message from root (pts/0) 29-07-2010, 15:42
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] qt (SSA:2006-298-01)
New qt packages are available for Slackware 10.0, 10.1, 10.2, and 11.0
to fix a possible security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
Trolltech has put out a press release which may be found here:
http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/qt-3.3.7-i486-1_slack11.0.tgz: Upgraded to qt-x11-free-3.3.7.
This fixes an issue with Qt's handling of pixmap images that causes Qt linked
applications to crash if a specially crafted malicious image is loaded.
Inspection of the code in question makes it seem unlikely that this could
lead to more serious implications (such as arbitrary code execution), but it
is recommended that users upgrade to the new Qt package.
For more information, see:
http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/qt-3.3.3-i486-2_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/qt-3.3.3-i486-4_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/qt-3.3.4-i486-3_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/qca-tls-1.0-i486-3_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/qt-3.3.7-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
a1c994922a521124e45090f59803f943 qt-3.3.3-i486-2_slack10.0.tgz
Slackware 10.1 package:
0b0fbabc4d3ebc3f73d51c60888327da qt-3.3.3-i486-4_slack10.1.tgz
Slackware 10.2 package:
32a47658e1d1905f75b6dd922cddece6 qt-3.3.4-i486-3_slack10.2.tgz
Slackware 11.0 packages:
5b73117bbad94a0279535ecffc56ff3b qca-tls-1.0-i486-3_slack11.0.tgz
8640fdfa927f2b683835b004b0fc25d4 qt-3.3.7-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg qt-3.3.7-i486-1_slack11.0.tgz
If you are running Slackware 11.0, you will also need to upgrade the
qca-tls package to put the plugin in the new qt-3.3.7 plugin directory.
Earlier versions of Slackware do not include the qca-tls package.
# upgradepkg qca-tls-1.0-i486-3_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFP9EWakRjwEAQIjMRAkkmAJwL+nYhVodk695R+fSwkRD8IJq1rgCeM/aW
/4iaIAcRgfyX1sVVOI3GOUA=
=tTXl
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2006-307-01)
New php packages are available for Slackware 10.2 and 11.0 to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
extra/php5/php-5.2.0-i486-1.tgz: Upgraded to php-5.2.0.
This release "includes a large number of new features, bug fixes and security
enhancements." In particular, when the UTF-8 charset is selected there are
buffer overflows in the htmlspecialchars() and htmlentities() that may be
exploited to execute arbitrary code.
More details about the vulnerability may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
Further details about the release can be found in the release announcement:
http://www.php.net/releases/5_2_0.php
Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at
this location:
http://www.php.net/UPDATE_5_2.txt
This package was placed in /extra rather than /patches to save people from
possible surprises with automated upgrade tools, since users of PHP4 and
PHP 5.1.x applications may need to make some code changes before things will
work again.
(* Security fix *)
patches/packages/php-4.4.4-i486-4_slack11.0.tgz: Patched the UTF-8 overflow.
More details about the vulnerability may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/php-4.4.4-i486-2_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.4-i486-4_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.0-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
2c7e99db93c5f4268ab510b72439ec6a php-4.4.4-i486-2_slack10.2.tgz
Slackware 11.0 packages:
9d42f4fd0cb8513ad34fae54be5a7450 php-4.4.4-i486-4_slack11.0.tgz
74a26ae3673b25a88cb7cd162bf37dfa php-5.2.0-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg php-4.4.4-i486-4_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFTClcakRjwEAQIjMRAljDAJ9rLj4YBcGr4KsTXyu4yMQ8zElfKQCeNtSR
Ed3wddrzf+E1dzArRTeH6zE=
=JXjX
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] screen (SSA:2006-307-02)
New screen packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/screen-4.0.3-i486-1_slack11.0.tgz: Upgraded to screen-4.0.3.
This addresses an issue with the way screen handles UTF-8 character encoding
that could allow screen to be crashed (or possibly code to be executed in the
context of the screen user) if a specially crafted sequence of pseudo-UTF-8
characters are displayed withing a screen session.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/screen-4.0.3-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/screen-4.0.3-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/screen-4.0.3-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/screen-4.0.3-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/screen-4.0.3-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/screen-4.0.3-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/screen-4.0.3-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
9c1a0083359cf0f4bf14f5841f8f3115 screen-4.0.3-i386-1_slack8.1.tgz
Slackware 9.0 package:
90db04d9868a3e75146fb4578e6261b7 screen-4.0.3-i386-1_slack9.0.tgz
Slackware 9.1 package:
1c65a579e4f3f315ef1d9912e6e54bab screen-4.0.3-i486-1_slack9.1.tgz
Slackware 10.0 package:
53709705609d082669d8bf05373f4a3d screen-4.0.3-i486-1_slack10.0.tgz
Slackware 10.1 package:
0d4c6091084d02a1664fb58a6963a697 screen-4.0.3-i486-1_slack10.1.tgz
Slackware 10.2 package:
90b3e193a96c7567237a37dfd6727e2b screen-4.0.3-i486-1_slack10.2.tgz
Slackware 11.0 package:
e3c0654bc400f594bb98b2684cf6fa28 screen-4.0.3-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg screen-4.0.3-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFTClfakRjwEAQIjMRAtBvAJ9sNJwKcMBGIvjgfRFu7xiHgpO00wCeJSa9
uFyeDMy9W6zmemCpY+FikZc=
=Te4R
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] bind (SSA:2006-310-01)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
and 11.0 to fix security issues. The minimum OpenSSL version was raised to
OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
in older versions (these patches were already issued for Slackware). If you
have not upgraded yet, get those as well to prevent a potentially exploitable
security problem in named.
In addition, the default RSA exponent was changed from 3 to 65537.
Both of these issues are essentially the same as ones discovered in OpenSSL at
the end of September 2006, only now there's protection against compiling using
the wrong OpenSSL version. RSA keys using exponent 3 (which was previously
BIND's default) will need to be regenerated to protect against the forging of
RRSIGs.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.2-P2. This fixes some security issues related to
previous fixes in OpenSSL. The minimum OpenSSL version was raised to
OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
in older versions (these patches were already issued for Slackware). If you
have not upgraded yet, get those as well to prevent a potentially exploitable
security problem in named. In addition, the default RSA exponent was changed
from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's
default) will need to be regenerated to protect against the forging
of RRSIGs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.2.6_P2-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.2.6_P2-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.2.6_P2-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.2.6_P2-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.2_P2-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.2_P2-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
c2fab2101632d3b01b5b9d9ebcc97b33 bind-9.2.6_P2-i386-1_slack8.1.tgz
Slackware 9.0 package:
f523d5c052129bcabad6e0f88972bc75 bind-9.2.6_P2-i386-1_slack9.0.tgz
Slackware 9.1 package:
23a1f9b17079ff577028d64f04004ce6 bind-9.2.6_P2-i486-1_slack9.1.tgz
Slackware 10.0 package:
608b3ca4c3c61a9813f15b26af2783c6 bind-9.2.6_P2-i486-1_slack10.0.tgz
Slackware 10.1 package:
07d7544420ed1b9bd54fb37d69cceee1 bind-9.3.2_P2-i486-1_slack10.1.tgz
Slackware 10.2 package:
6139c1094ebdea077f294bb93699471d bind-9.3.2_P2-i486-1_slack10.2.tgz
Slackware 11.0 package:
91a4039b80450465ad2d10b24117b208 bind-9.3.2_P2-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg bind-9.3.2_P2-i486-1_slack11.0.tgz
Restart named:
# sh /etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFT/7WakRjwEAQIjMRAuy+AJ0RCbN/Wc+Zk6vU1T6x8G7zZUlnyACdHNuC
lFQm7DNOoZsCUtEGsmS8YH4=
=8sKY
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] firefox/thunderbird/seamonkey (SSA:2006-313-01)
New Firefox and Thunderbird packages are available for Slackware
10.2 and 11.0 to fix security issues. In addition, a new
Seamonkey package is available for Slackware 11.0 to fix
similar issues.
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz:
Upgraded to firefox-1.5.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz:
Upgraded to thunderbird-1.5.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.6.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 packages:
893ce2650fb5943688b6601dc487ab8c mozilla-firefox-1.5.0.8-i686-1.tgz
bb30824cef92f3d19268978f616f0835 mozilla-thunderbird-1.5.0.8-i686-1.tgz
Slackware 11.0 packages:
893ce2650fb5943688b6601dc487ab8c mozilla-firefox-1.5.0.8-i686-1.tgz
bb30824cef92f3d19268978f616f0835 mozilla-thunderbird-1.5.0.8-i686-1.tgz
54ef9d50b6cfca3db58c397cbea7ac49 seamonkey-1.0.6-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-firefox-1.5.0.8-i686-1.tgz mozilla-thunderbird-1.5.0.8-i686-1.tgz
And for Slackware 11.0:
# upgradepkg seamonkey-1.0.6-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFU8nKakRjwEAQIjMRAvYzAJ9kI/mQphoLKJo7pDjRQioNffBr1ACfYULa
qzfK9lBQEya/+Or4zyjkY1g=
=TMRa
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] [fixed URLs] firefox/thunderbird/seamonkey (SSA:2006-313-01)
The original advisory for this issue contained incorrect URLs
for the Slackware 11.0 patches. Sorry about that! The URLs
for the 10.2 packages were correct (and the Firefox/Thunderbird
links given for 11.0 would have been just fine anyway since
10.2 and 11.0 are using the same packages for those).
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 packages:
893ce2650fb5943688b6601dc487ab8c mozilla-firefox-1.5.0.8-i686-1.tgz
bb30824cef92f3d19268978f616f0835 mozilla-thunderbird-1.5.0.8-i686-1.tgz
Slackware 11.0 packages:
893ce2650fb5943688b6601dc487ab8c mozilla-firefox-1.5.0.8-i686-1.tgz
bb30824cef92f3d19268978f616f0835 mozilla-thunderbird-1.5.0.8-i686-1.tgz
54ef9d50b6cfca3db58c397cbea7ac49 seamonkey-1.0.6-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFU+wDakRjwEAQIjMRAi6YAJ4sMsXZrvLqe7G0jgUxyIO7L9w0jQCcCqYx
XFTbe34KUgsztLBnJHbODhY=
=f+BT
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] tar (SSA:2006-335-01)
New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/tar-1.16-i486-1_slack11.0.tgz:
Upgraded to tar-1.16.
This fixes an issue where files may be extracted outside of the current
directory, possibly allowing a malicious tar archive, when extracted, to
overwrite any of the user's files (in the case of root, any file on the
system).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/tar-1.16-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tar-1.16-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tar-1.16-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tar-1.16-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tar-1.16-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tar-1.16-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tar-1.16-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
7c9534ea20e4dea9481d2e5389ccb028 tar-1.16-i386-1_slack8.1.tgz
Slackware 9.0 package:
876549ce9871fe255e53f6941d652955 tar-1.16-i386-1_slack9.0.tgz
Slackware 9.1 package:
c1de51bb69fbecd26c9b7ee317b92fa7 tar-1.16-i486-1_slack9.1.tgz
Slackware 10.0 package:
75e329799b7bf0d536fab1debea5c301 tar-1.16-i486-1_slack10.0.tgz
Slackware 10.1 package:
7a97719499b08cefb77fb0aaee4e2a80 tar-1.16-i486-1_slack10.1.tgz
Slackware 10.2 package:
c64be78f5930f9e9557f5ec8b783b7ec tar-1.16-i486-1_slack10.2.tgz
Slackware 11.0 package:
9832de4337bd8e1bd6e43c18e06885dc tar-1.16-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg tar-1.16-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFcJtaakRjwEAQIjMRAjNUAJ9BYVrBllGpK2uBER2ZWK7rgSWhPACgj1Jp
RFT5BLIXp/5yNg0k9/IKW2o=
=EK0r
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libpng (SSA:2006-335-03)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG
file could crash applications that use libpng.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.14-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.14-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.14-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.14-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.14-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.14-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
5e7bac72067dfebb12551b507e8c6a49 libpng-1.2.14-i386-1_slack8.1.tgz
Slackware 9.0 package:
e303a64de57491dfef8dd460500436da libpng-1.2.14-i386-1_slack9.0.tgz
Slackware 9.1 package:
8d2347b553374e1a13800d06f6649887 libpng-1.2.14-i486-1_slack9.1.tgz
Slackware 10.0 package:
f58b88f9d26257bdd1d10cf5a567c584 libpng-1.2.14-i486-1_slack10.0.tgz
Slackware 10.1 package:
0a6e1f2f0107ed1829dea247f2032cc2 libpng-1.2.14-i486-1_slack10.1.tgz
Slackware 10.2 package:
782c1cc5d65f62c01df761f4443ba880 libpng-1.2.14-i486-1_slack10.2.tgz
Slackware 11.0 package:
f0043f7ebf31d1033a04d30438570486 libpng-1.2.14-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libpng-1.2.14-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFcJtfakRjwEAQIjMRAkydAKCQZAQTGh+8fncpgT+8sOp1hi1v3gCfcSQK
kDL0G90RFSticoLulnGz5IU=
=q/zF
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] tar (SSA:2006-335-01)
New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/tar-1.16-i486-1_slack11.0.tgz:
Upgraded to tar-1.16.
This fixes an issue where files may be extracted outside of the current
directory, possibly allowing a malicious tar archive, when extracted, to
overwrite any of the user's files (in the case of root, any file on the
system).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/tar-1.16-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tar-1.16-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tar-1.16-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tar-1.16-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tar-1.16-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tar-1.16-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tar-1.16-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
7c9534ea20e4dea9481d2e5389ccb028 tar-1.16-i386-1_slack8.1.tgz
Slackware 9.0 package:
876549ce9871fe255e53f6941d652955 tar-1.16-i386-1_slack9.0.tgz
Slackware 9.1 package:
c1de51bb69fbecd26c9b7ee317b92fa7 tar-1.16-i486-1_slack9.1.tgz
Slackware 10.0 package:
75e329799b7bf0d536fab1debea5c301 tar-1.16-i486-1_slack10.0.tgz
Slackware 10.1 package:
7a97719499b08cefb77fb0aaee4e2a80 tar-1.16-i486-1_slack10.1.tgz
Slackware 10.2 package:
c64be78f5930f9e9557f5ec8b783b7ec tar-1.16-i486-1_slack10.2.tgz
Slackware 11.0 package:
9832de4337bd8e1bd6e43c18e06885dc tar-1.16-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg tar-1.16-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFcJtaakRjwEAQIjMRAjNUAJ9BYVrBllGpK2uBER2ZWK7rgSWhPACgj1Jp
RFT5BLIXp/5yNg0k9/IKW2o=
=EK0r
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] proftpd (SSA:2006-335-02)
New proftpd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz:
Upgraded to proftpd-1.3.0a plus an additional security patch. Several
security issues were found in proftpd that could lead to the execution of
arbitrary code by a remote attacker, including one in mod_tls that does
not require the attacker to be authenticated first.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/proftpd-1.3.0a-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/proftpd-1.3.0a-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/proftpd-1.3.0a-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/proftpd-1.3.0a-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/proftpd-1.3.0a-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/proftpd-1.3.0a-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
74e7540bd3a29270b6192e470a456b45 proftpd-1.3.0a-i386-1_slack8.1.tgz
Slackware 9.0 package:
50ad4d2161afb3e8f215cb6355d5960c proftpd-1.3.0a-i386-1_slack9.0.tgz
Slackware 9.1 package:
4264ec744b7e964ec8ba659a038edc77 proftpd-1.3.0a-i486-1_slack9.1.tgz
Slackware 10.0 package:
58ab727acfaba50b1acb16d49d02570b proftpd-1.3.0a-i486-1_slack10.0.tgz
Slackware 10.1 package:
4d4560f63398633cdcfe4dda9b9c39da proftpd-1.3.0a-i486-1_slack10.1.tgz
Slackware 10.2 package:
8253edd497dc19bef0d6b215dc9e4e34 proftpd-1.3.0a-i486-1_slack10.2.tgz
Slackware 11.0 package:
6964fa68393b79c0d1493843a709f339 proftpd-1.3.0a-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg proftpd-1.3.0a-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFcJtcakRjwEAQIjMRAo3ZAJsGetn+zmAIHHmEbi3BL4uncvuYWgCgjkip
KatXdKdjDKa/iUotydCefjo=
=x+jK
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gnupg (SSA:2006-340-01)
New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
More details about the issues may be found here:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
bug in earlier versions of gnupg. All gnupg users should update to the
new packages as soon as possible. For details, see the information
concerning CVE-2006-6235 posted on lists.gnupg.org:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
This update also addresses a more minor security issue possibly
exploitable when GnuPG is used in interactive mode. For more information
about that issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.6-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.6-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 9.0 package:
bc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz
Slackware 9.1 package:
1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz
Slackware 10.0 package:
8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz
Slackware 10.1 package:
bdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz
Slackware 10.2 package:
1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz
Slackware 11.0 package:
8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFdzaaNVnzhlUXJe4RAlwOAKCP1f7bvcZUHRgNnGvW8rVzUxqipACfcNKq
gKvKfFxDQK2sJgDdaRrqS5E=
=Kj8+
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gnupg [resigned] (SSA:2006-340-01b)
Hello,
As many people have pointed out, the last advisory (SSA:2006-340-01)
was not signed with the usual Slackware Security Team key
(fingerprint 40102233). I did some reconfiguration on the box that
does the distribution signing and it had some unintended
side-effects. :-/ Several CHECKSUMS.md5.asc files were also signed
with the wrong key.
The affected CHECKSUMS.md5 files have been resigned and uploaded, and
this announcement has also been signed (and verified :-) using the
usual primary Slackware signing key.
Also, it was noticed that the URL given to lists.gnupg.org was either
incorrect or has changed since the advisory was issued. This error
has also been corrected.
Sorry for any confusion.
Pat
Corrected advisory follows:
+-----------+
[slackware-security] gnupg (SSA:2006-340-01)
New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
More details about the issues may be found here:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
bug in earlier versions of gnupg. All gnupg users should update to the
new packages as soon as possible. For details, see the information
concerning CVE-2006-6235 posted on lists.gnupg.org:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
This update also addresses a more minor security issue possibly
exploitable when GnuPG is used in interactive mode. For more information
about that issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.6-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.6-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 9.0 package:
bc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz
Slackware 9.1 package:
1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz
Slackware 10.0 package:
8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz
Slackware 10.1 package:
bdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz
Slackware 10.2 package:
1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz
Slackware 11.0 package:
8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFeI8makRjwEAQIjMRAu8VAJ0RZ/xgaxLRvLTM29ZoTKUcrexcIACdEb8L
Ky6eX5hX9qflBMwbnQ4AF7g=
=3X3Q
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2006-357-02)
New mozilla-thunderbird packages are available for Slackware 10.2 and 11.0
to fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz:
Upgraded to thunderbird-1.5.0.9.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
587d05a0b7aa65de06a97613563e5f6b mozilla-thunderbird-1.5.0.9-i686-1.tgz
Slackware 11.0 package:
587d05a0b7aa65de06a97613563e5f6b mozilla-thunderbird-1.5.0.9-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-thunderbird-1.5.0.9-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFjdiTakRjwEAQIjMRAofrAJsGV1jcDb4SvdAPDYtmvQGXTqDK3QCfRxLY
yrdkKhHs1bi14Mn8YoBTL3o=
=pqzY
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] koffice (SSA:2006-357-04)
A new koffice package is available for Slackware 10.2 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6120
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/koffice-1.4.1-i486-3_slack10.2.tgz:
Patched to fix a security problem with KOffice's PPT file parsing.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6120
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/koffice-1.4.1-i486-3_slack10.2.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
d241c50a4a2efc4a612d999c6aefdb31 koffice-1.4.1-i486-3_slack10.2.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg koffice-1.4.1-i486-3_slack10.2.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFjdiaakRjwEAQIjMRAgGkAJ0ZxvJr0DXqNuEFGRPKIypmHcc9GQCeLP/x
fMX9qo2Frlc58cAoywyI100=
=34iK
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] seamonkey (SSA:2006-357-03)
A new seamonkey package is available for Slackware 11.0 to
fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.7.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
aff51e515772846324a4b497042e73e8 seamonkey-1.0.7-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg seamonkey-1.0.7-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFjdiXakRjwEAQIjMRAh2wAKCHOqUCmWhkYZmfhEgjGiA8JCYrgACfeHaE
MF8EDWFP17U81VEzdXh+rCA=
=NrUO
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2006-357-01)
New mozilla-firefox packages are available for Slackware 10.2 and 11.0
to fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz:
Upgraded to Mozilla Firefox 2.0.0.1.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz:
Upgraded to firefox-1.5.0.9.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
f4aa601cd710872dc925789f6199c077 mozilla-firefox-1.5.0.9-i686-1.tgz
Slackware 11.0 packages:
f4aa601cd710872dc925789f6199c077 mozilla-firefox-1.5.0.9-i686-1.tgz
3a79624328886ad13cd110440d37f7dd mozilla-firefox-2.0.0.1-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-firefox-1.5.0.9-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFjdiQakRjwEAQIjMRAu+vAJsGQJDh9dExooCSiap/5VqHWOOXlQCfd+rX
kAC/osNHDR1V8Mqu7V75/sY=
=LgEd
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] xine-lib (SSA:2006-357-05)
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2,
and 11.0 to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz:
Upgraded to xine-lib-1.1.3 which fixes possible security problems
such as a heap overflow in libmms and a buffer overflow in the
Real Media input plugin.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xine-lib-1.1.3-i686-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.1.3-i686-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.1.3-i686-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.3-i686-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 9.1 package:
fa1687a00ff18aada399ec50da8c9dd6 xine-lib-1.1.3-i686-1_slack9.1.tgz
Slackware 10.0 package:
6ac0c62b486fdd7f306e2f11ae559d4b xine-lib-1.1.3-i686-1_slack10.0.tgz
Slackware 10.1 package:
36ded1ce6911ce49b37b3fb7c579eace xine-lib-1.1.3-i686-1_slack10.1.tgz
Slackware 10.2 package:
be29817649ddb9bf902b09824d1ad6ed xine-lib-1.1.3-i686-1_slack10.2.tgz
Slackware 11.0 package:
8276d06c6df229c6b8627ec571f15a37 xine-lib-1.1.3-i686-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg xine-lib-1.1.3-i686-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFjdidakRjwEAQIjMRApbrAJ0RZGLzRf/wqao8cErS8KAt9RTTnACgiMTo
n0bfG3egCDy6hFaX3qdi3so=
=cA4B
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] fetchmail (SSA:2007-024-01)
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and 11.0 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz:
Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug
introduced in fetchmail-6.3.5 could cause fetchmail to crash. However,
no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long
standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
password in clear text or omit using TLS even when configured otherwise.
All fetchmail users are encouraged to consider using getmail, or to upgrade
to the new fetchmail packages.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.3.6-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.3.6-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.3.6-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/fetchmail-6.3.6-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/fetchmail-6.3.6-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/fetchmail-6.3.6-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
134ddb9615befd410d01ce4f21a8de27 fetchmail-6.3.6-i386-1_slack8.1.tgz
Slackware 9.0 package:
c194dfa2d7b747240488a16a85f3130c fetchmail-6.3.6-i386-1_slack9.0.tgz
Slackware 9.1 package:
f50a91e22ea16bb751f662e87676eee7 fetchmail-6.3.6-i486-1_slack9.1.tgz
Slackware 10.0 package:
6de04880cf23cf6f90fa848ec5d04c15 fetchmail-6.3.6-i486-1_slack10.0.tgz
Slackware 10.1 package:
b342ab7f593d95b5463edd98349aac50 fetchmail-6.3.6-i486-1_slack10.1.tgz
Slackware 10.2 package:
e64aeba7bb9b03814c1c97bc7bef478b fetchmail-6.3.6-i486-1_slack10.2.tgz
Slackware 11.0 package:
cbb37cdf05946c799ec134389a051e91 fetchmail-6.3.6-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg fetchmail-6.3.6-i486-1_slack11.0.tgz
If fetchmail is running in a daemon mode, restart it after upgrading.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFt7+FakRjwEAQIjMRAs+pAJ0b32T9YsmVAdyrSpdXMqnGdKpPlQCfanvq
wePF/CNUg0iTJiLWYwhxQhs=
=zMcz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] bind (SSA:2007-026-01)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix denial of service security issues.
Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x
older than 9.3.4 can be made to crash with malformed local or remote data.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.3.4-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.4. This update fixes two denial of service
vulnerabilities where an attacker could crash the name server with
specially crafted malformed data.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.2.8-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.2.8-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.2.8-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.2.8-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.4-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.4-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.4-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
43e96e4850f6caf31a54ef40a9e43b30 bind-9.2.8-i386-1_slack8.1.tgz
Slackware 9.0 package:
e8d6fc775853a7ca8ede0384aef42df5 bind-9.2.8-i386-1_slack9.0.tgz
Slackware 9.1 package:
f51dec70ec4eb40b158d61fd896f3598 bind-9.2.8-i486-1_slack9.1.tgz
Slackware 10.0 package:
69e8a58709fdf9b6640c9b580f2a3f02 bind-9.2.8-i486-1_slack10.0.tgz
Slackware 10.1 package:
70a9bfb735c72244363a533bf045a866 bind-9.3.4-i486-1_slack10.1.tgz
Slackware 10.2 package:
2415304d1eaabdb2ac11f431d9fa166c bind-9.3.4-i486-1_slack10.2.tgz
Slackware 11.0 package:
ced6de22bd753d4f005fb47ab933df88 bind-9.3.4-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.3.4-i486-1_slack11.0.tgz
Restart the name server:
# sh /etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFutrsakRjwEAQIjMRAknyAJ9vEGdZRDJvOD3KTsWG9hyEmsR3igCeNlBz
TilkP09rafBxXBs23gWnt8E=
=/ql+
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] samba (SSA:2007-038-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2,
and 11.0 to fix a denial-of-service security issue.
More details about the issues fixed in Samba 3.0.24 may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.24-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can cause smbd
to enter into an infinite loop, disrupting Samba services. Linux is not
vulnerable to the second issue, and Slackware does not ship the afsacl.so
VFS plugin (but it's something to be aware of if you build Samba with
custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.24-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.24-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.24-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.24-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
e845effc7048393b56069a09350eda68 samba-3.0.24-i486-1_slack10.0.tgz
Slackware 10.1 package:
907e0f0351a362381afd9dd627970e11 samba-3.0.24-i486-1_slack10.1.tgz
Slackware 10.2 package:
3b72e21a7e43ea9726e0147560b5f077 samba-3.0.24-i486-1_slack10.2.tgz
Slackware 11.0 package:
c17312f0537f36098f23351366b10a09 samba-3.0.24-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg samba-3.0.24-i486-1_slack11.0.tgz
Restart Samba:
sh /etc/rc.d/rc.samba restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFyh+takRjwEAQIjMRAnK9AJ0ZItWfRH8Or4Ch8WlZOp8404E5EACglDim
4RmGZG4w/+UlAA+CmycReR8=
=K/lS
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-announce] glibc-zoneinfo US Daylight Savings Time changes
New glibc-zoneinfo packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, and 11.0 to update the timezone information to
account for the extention of Daylight Savings Time (DST) in the US.
This is an important update as any machine in the US (in an area using
DST) running Slackware 10.2 or earlier will otherwise have a system
clock off by one hour for a month starting on March 11. It is strongly
suggested to upgrade this package before March 11, 2007.
Slackware 11.0 is not affected by this particular US DST issue, but
an update to the latest zoneinfo database is provided anyway.
NOTE: All these packages are the *same*, but with different package
names. If you're not concerned about that, you may use any one of
these packages to upgrade all your Slackware boxes, 8.1 or newer.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz:
Updated with tzdata2007b for impending Daylight Savings Time
changes in the US.
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-zoneinfo-2.2.5-i386-3_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-zoneinfo-2.3.1-noarch-5_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/glibc-zoneinfo-2.3.2-noarch-2_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/glibc-zoneinfo-2.3.2-noarch-7_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/glibc-zoneinfo-2.3.4-noarch-2_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/glibc-zoneinfo-2.3.5-noarch-7_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.2.5-i386-3_slack8.1.tgz
Slackware 9.0 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.1-noarch-5_slack9.0.tgz
Slackware 9.1 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.2-noarch-2_slack9.1.tgz
Slackware 10.0 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.2-noarch-7_slack10.0.tgz
Slackware 10.1 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.4-noarch-2_slack10.1.tgz
Slackware 10.2 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.5-noarch-7_slack10.2.tgz
Slackware 11.0 package:
9ee701e7d8c6d4a2569dcbc653937d4d glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF2NQkakRjwEAQIjMRAtXbAJ0VD/jXxS/qYqRoMc577lQgpOCmkwCeMOQQ
prIYmra7XMEPCkjqpKscSPk=
=oLML
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2007-053-01)
New php packages are available for Slackware 10.2 and 11.0 to improve the
stability and security of PHP. Quite a few bugs were fixed -- please
see http://www.php.net for a detailed list. All sites that use PHP are
encouraged to upgrade. Please note that we haven't tested all PHP
applications for backwards compatibility with this new upgrade, so you
should have the old package on hand just in case.
Both PHP 4.4.5 and PHP 5.2.1 updates have been provided.
Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/php-4.4.5-i486-1_slack11.0.tgz:
Upgraded to php-4.4.5 which improves stability and security.
For complete details, see http://www.php.net.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
extra/php5/php-5.2.1-i486-1_slack11.0.tgz:
Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.5-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php-5.2.1/php-5.2.1-i486-1_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.5-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.1-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 packages:
9910a0b1e46d10583b6d2f6588e13457 php-4.4.5-i486-1_slack10.2.tgz
6f4eb9e2bb286cb33bf8f450e458025e php-5.2.1-i486-1_slack10.2.tgz
Slackware 11.0 packages:
4e312abf50feeedfe50a1fcddbd4cb2a php-4.4.5-i486-1_slack11.0.tgz
be96edf4afb6b554b22df5f30a8d2b9b php-5.2.1-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-4.4.5-i486-1_slack11.0.tgz
Finally, restart apache:
# apachectl start (or: apachectl startssl)
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF3mY6akRjwEAQIjMRAmTfAJ9QNBkYT4jVehp6F85xWdFez5K4jwCgh35K
t7uIoEqfdp8xvfkc6wWSJMU=
=9NwU
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gnupg (SSA:2007-066-01)
New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,
and 11.0 to fix security ramifications of incorrect gpg usage.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
n/gnupg-1.4.7-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.7.
This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.7-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.7-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.7-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.7-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.7-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 9.0 package:
eac6b5e6084f602f2c4fa6091e850ade gnupg-1.4.7-i386-1_slack9.0.tgz
Slackware 9.1 package:
43638cd06c5f104287f53aa28b480718 gnupg-1.4.7-i486-1_slack9.1.tgz
Slackware 10.0 package:
7d293676a7c3c0b996d077293cb2a11c gnupg-1.4.7-i486-1_slack10.0.tgz
Slackware 10.1 package:
15eaf8b90a6589976d4bcb7611b84561 gnupg-1.4.7-i486-1_slack10.1.tgz
Slackware 10.2 package:
61a60aefa1dd6882c6561c0f9dc394f1 gnupg-1.4.7-i486-1_slack10.2.tgz
Slackware 11.0 package:
aff7417fcfa53fc7dc0eb9a63097cc35 gnupg-1.4.7-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg gnupg-1.4.7-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRApdSAJ9O7EP2cXOBfgb8W6OUOPDrzl1jLACfZA0Y
ykHZMTXr508rHhMXZGSLLl8=
=uE72
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2007-066-03)
New mozilla-firefox packages are available for Slackware 10.2, and 11.0 to
fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/mozilla-firefox-1.5.0.10-i686-1.tgz:
Upgraded to firefox-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.2/mozilla-firefox-2.0.0.2-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
7bec44c44b529880c23af6827b904727 mozilla-firefox-1.5.0.10-i686-1.tgz
Slackware 11.0 packages:
7bec44c44b529880c23af6827b904727 mozilla-firefox-1.5.0.10-i686-1.tgz
a330faba1e9aa687c555f33e9fecef5f mozilla-firefox-2.0.0.2-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-firefox-1.5.0.10-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRAtTUAJ0WDsHcCuUsQLMItjnBqHElobagpACfc+wu
aLO+tL07SiHxL6m5bYorTwM=
=XzqT
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] seamonkey (SSA:2007-066-05)
A new seamonkey package is available for Slackware 11.0 to
fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/seamonkey-1.0.8-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.0.8-i486-1_slack11.0.tgz
MD5 signature:
+------------+
Slackware 11.0 package:
247b0f163c28b2ac38f72d696d0ba7ee seamonkey-1.0.8-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg seamonkey-1.0.8-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRAi5tAJ9q4SoFPIONqsewiaUokFOwARXpuwCeLcog
3QFbA+1NenEWqAh52P8VF6A=
=eLrF
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] imagemagick (SSA:2007-066-06)
A new imagemagick package is available for Slackware 11.0 to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/imagemagick-6.3.3_0-i486-1_slack11.0.tgz:
Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz
MD5 signature:
+------------+
Slackware 11.0 package:
aa74825b927c5fcd596cbc4fdbbb5e1f imagemagick-6.3.3_0-i486-1_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg imagemagick-6.3.3_0-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRAoOHAJ95ZoP88Xixk1to81IdLUvWI3xvmwCfaX07
U0p800Stw5AdWwl9LCSthQg=
=pSul
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2007-066-04)
New mozilla-thunderbird packages are available for Slackware 10.2,
and 11.0 to fix security issues.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/mozilla-thunderbird-1.5.0.10-i686-1.tgz:
Upgraded to thunderbird-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
0605436c2c48d6848a5f5f3eed1a8835 mozilla-thunderbird-1.5.0.10-i686-1.tgz
Slackware 11.0 package:
0605436c2c48d6848a5f5f3eed1a8835 mozilla-thunderbird-1.5.0.10-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-thunderbird-1.5.0.10-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRAjoHAJ9EECGKyqZ6x2fOZ31/DOT3xEYltwCeN6ld
0UYXfFj4ENl7hlaweS2rcr4=
=WWp6
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] x11 (SSA:2007-066-02)
New x11 packages are available for Slackware 10.2 and 11.0.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
x/x11-6.9.0-i486-12_slack11.0.tgz: Patched.
This update fixes overflows in the dbe and render extensions. This could
possibly be exploited to overwrite parts of memory, possibly allowing
malicious code to execute, or (more likely) causing X to crash.
For information about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-8_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-12_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
f7f193b138303d0b04c72bd8b89d6947 x11-6.8.2-i486-8_slack10.2.tgz
Slackware 11.0 package:
1e5e912cf9133cdf8825906f908bec6a x11-6.9.0-i486-12_slack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg x11-6.9.0-i486-12_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFF72mtakRjwEAQIjMRAtzPAJsGFvfj42G0XG7L5dJH5aDFJ6QtywCgk42A
9VrlUw5fRyApsNBUj1yW1YE=
=WGyu
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libwpd (SSA:2007-085-02)
New libwpd packages are available for Slackware 10.2, 11.0, and -current to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libwpd-0.8.9-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libwpd-0.8.9-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
3e571dca7151b9d95ebc11f76f97d880 libwpd-0.8.9-i486-1_slack10.2.tgz
Slackware 11.0 package:
1f9c766f470191a3f6e72bed4c510fb2 libwpd-0.8.9-i486-1_slack11.0.tgz
Slackware -current package:
a1b28a0d8501644516ffa702d18934d1 libwpd-0.8.9-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libwpd-0.8.9-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGCICMakRjwEAQIjMRAisaAJ9Rl400ObeQyvxo7/X9Wmjacx9IcQCfRRUs
lR77L5CIH6g91YiO64kIF9I=
=RPrk
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2007-085-01)
New mozilla-firefox packages are available for Slackware 10.2, 11.0,
and -current to fix security issues.
Note that firefox-1.5.x will reach end-of-life next month, so upgrading
to the 2.x branch soon is probably a good idea.
- From http://developer.mozilla.org/devnews/index.php/2007/03/
"Note: Firefox 1.5.0.x will be maintained with security and stability
updates until April 24, 2007. All users are encouraged to upgrade
to Firefox 2."
Since Slackware packages the official Firefox binaries, the Firefox 2
packages in Slackware 11.0 and -current should run on many earlier
Slackware versions as well, though there are some known problems with
plugins (such as gxine).
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
xap/mozilla-firefox-1.5.0.10-i686-1.tgz:
Upgraded to firefox-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-i686-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-2.0.0.3-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
23fd49e9e556bbda86ead79f2d8bcbf4 mozilla-firefox-1.5.0.11-i686-1.tgz
Slackware 11.0 packages:
23fd49e9e556bbda86ead79f2d8bcbf4 mozilla-firefox-1.5.0.11-i686-1.tgz
cdfdb8b2c491e68314f1a32cd8b1ac8a mozilla-firefox-2.0.0.3-i686-1.tgz
Slackware -current package:
cdfdb8b2c491e68314f1a32cd8b1ac8a mozilla-firefox-2.0.0.3-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-firefox-1.5.0.11-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGCICIakRjwEAQIjMRAv87AJ9vUUcPgtbT6XKsTjF+PgSjmLVFmwCff/iG
Y9eAmKMeL6VTzZjEMVpkpJs=
=brDi
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] file [and bin package] (SSA:2007-093-01)
New file packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, 11.0, and -current to fix a security issue.
NOTE: In Slackware 11.0 and earlier, the file utility was part
of the required "bin" package, so this patch is needed even if
your machine does not have a "file" package installed (which,
if you're not running Slackware -current, it probably does not).
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/file-4.20-i486-1_slack11.0.tgz:
Upgraded to file-4.20.
This fixes a heap overflow that could allow code to be executed as the
user running file (note that there are many scenarios where file might be
used automatically, such as in virus scanners or spam filters).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/file-4.20-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/file-4.20-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/file-4.20-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/file-4.20-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/file-4.20-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/file-4.20-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/file-4.20-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-4.20-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
772ec2c67a683d0616f5c06f8881bb70 file-4.20-i386-1_slack8.1.tgz
Slackware 9.0 package:
3d57cb1aa5804b3f66c5a6122df212ab file-4.20-i386-1_slack9.0.tgz
Slackware 9.1 package:
359c64d93bb2f375d6bbfe10791682bf file-4.20-i486-1_slack9.1.tgz
Slackware 10.0 package:
be07145b22d92cf3fb480f3d8be76a52 file-4.20-i486-1_slack10.0.tgz
Slackware 10.1 package:
f091e41e6cf4804ed5b12a67833d9100 file-4.20-i486-1_slack10.1.tgz
Slackware 10.2 package:
72bf4f0f71f79dccf24095e5625f4dd9 file-4.20-i486-1_slack10.2.tgz
Slackware 11.0 package:
0a9109c5f0a8d44e018b70b140c77a46 file-4.20-i486-1_slack11.0.tgz
Slackware -current package:
42877f903b32dc426861a3802f739d21 file-4.20-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg --install-new file-4.20-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGErn/akRjwEAQIjMRAp/HAJ4qwwpxTaE5DNgs1dFu9dpSAjy7pgCfbbb5
6V7PQCXKly9Zru/dYeWjRAg=
=2XVr
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] ktorrent (SSA:2007-093-02)
New ktorrent packages are available for Slackware 11.0 and -current to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz:
Upgraded to ktorrent-2.1.3.
A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may
allow remote attackers to overwrite the ktorrent user's files. A bug in
chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash
ktorrent and cause heap corruption by the use of an invalid idx value.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/ktorrent/ktorrent-2.1.3-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
1917c267334e4b90ab04c58b1f2ff338 ktorrent-2.1.3-i486-1_slack11.0.tgz
Slackware -current package:
64c4d3bf516aebe96b6591ab75c2aeb9 ktorrent-2.1.3-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg ktorrent-2.1.3-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEroCakRjwEAQIjMRAgysAJ4tvNC0z7sEBgmUSZNvN+fdwus2hQCffJ3z
SziSDsKFDhjEsSH4LkiwteU=
=FwV5
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] qt (SSA:2007-093-03)
New qt packages are available for Slackware 10.2, 11.0, and -current to
fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/qt-3.3.8-i486-1_slack11.0.tgz:
Patched an issue where the Qt UTF 8 decoder may in some instances fail to
reject overlong sequences, possibly allowing "/../" path injection or XSS
errors.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/qt-3.3.4-i486-4_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/qt-3.3.8-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/qt-3.3.8-i486-3.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
793d29a0b2ace2baf44a3f71ac9a7879 qt-3.3.4-i486-4_slack10.2.tgz
Slackware 11.0 package:
4c1a3f1c9095156a57f5292e4cb73673 qt-3.3.8-i486-1_slack11.0.tgz
Slackware -current package:
e8be820d81d7d3486ed9e210500a5e06 qt-3.3.8-i486-3.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg qt-3.3.8-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEroFakRjwEAQIjMRAlZEAJ9ki99D0rq/60DLKhXq80uf7R8gdACfVWiu
3aVJxe+eZ4EEBM2mGrgHP4g=
=niby
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] xine-lib (SSA:2007-109-02)
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
and -current to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
Upgraded to xine-lib-1.1.6.
This fixes overflows in xine-lib in some little-used media formats in
xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in
xine-lib < 1.1.5 could definitely cause an application using xine-lib to
crash, and it is theorized that a malicious media file could be made to run
arbitrary code in the context of the user running the application.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.1.6-i686-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.1.6-i686-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.6-i686-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.6-i686-2.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
a4fac5c1692d7e3e693d33485d8f238b xine-lib-1.1.6-i686-1_slack10.0.tgz
Slackware 10.1 package:
f1b482bc314e827946be08249a7a1f67 xine-lib-1.1.6-i686-1_slack10.1.tgz
Slackware 10.2 package:
84cef008726751072a0ebcfeb861e4fa xine-lib-1.1.6-i686-1_slack10.2.tgz
Slackware 11.0 package:
a9001ed332e1f09c53e2de90b9ff652a xine-lib-1.1.6-i686-1_slack11.0.tgz
Slackware -current package:
751958cb4eb3067130633294af25f365 xine-lib-1.1.6-i686-2.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg xine-lib-1.1.6-i686-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGKApIakRjwEAQIjMRAqHWAJ9mtDudDqtchoKjBdMpY/7ko5xPSgCdEcgY
nJPaaCfvMqhtTrRPuWozfCE=
=w+le
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] freetype (SSA:2007-109-01)
New x11 and/or freetype and fontconfig packages are available for Slackware
10.1, 10.2, 11.0, and -current to fix security issues in freetype. Freetype
was packaged with X11 prior to Slackware version 11.0.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
Fixed an overflow parsing BDF fonts.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-devel-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xdmx-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xnest-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xvfb-6.8.1-i486-6_slack10.1.tgz
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-9_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.3.4-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.1 packages:
f43963a12395187f84a5a893a9b49b08 x11-6.8.1-i486-6_slack10.1.tgz
d50e827c4b6662dcad766a7bd7a21a65 x11-devel-6.8.1-i486-6_slack10.1.tgz
cef7148c39d423ecab3e2ccccd3adb84 x11-xdmx-6.8.1-i486-6_slack10.1.tgz
f14c00ed7581968f0b1f48090ff3b88e x11-xnest-6.8.1-i486-6_slack10.1.tgz
578877ff6ce1d31ac4260ef6aeee9782 x11-xvfb-6.8.1-i486-6_slack10.1.tgz
Slackware 10.2 packages:
391c07940d6953297bf5c8f34d3e9d08 x11-6.8.2-i486-9_slack10.2.tgz
964ad494c2b38a2b6691d4146edf38f0 x11-devel-6.8.2-i486-9_slack10.2.tgz
e0abb822a02da4189999ed3ec728cc7f x11-xdmx-6.8.2-i486-9_slack10.2.tgz
355e7d7b950271c9113c041be6987574 x11-xnest-6.8.2-i486-9_slack10.2.tgz
a19ad4440384fe676fb5ba39d781a0ed x11-xvfb-6.8.2-i486-9_slack10.2.tgz
Slackware 11.0 packages:
54347dc1526ece8d23c43b4b9fb19ece fontconfig-2.4.2-i486-1_slack11.0.tgz
db824c40a99a28faa622ffa1dd6c147c freetype-2.3.4-i486-1_slack11.0.tgz
2364ff264047eb9a7055a7d3ed82ffdc x11-6.9.0-i486-13_slack11.0.tgz
9e177d82b3d9e48ccfca95ac556771ef x11-devel-6.9.0-i486-13_slack11.0.tgz
0b42fd71db86207b08987316ed567210 x11-xdmx-6.9.0-i486-13_slack11.0.tgz
3bac6d7d422dc015f7d99db93b61a9ca x11-xnest-6.9.0-i486-13_slack11.0.tgz
a523bce573612986a59aa39214dffc9d x11-xvfb-6.9.0-i486-13_slack11.0.tgz
Slackware -current package:
e37bde7696812341354b94fef81e4b91 freetype-2.3.4-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg fontconfig-2.4.2-i486-1_slack11.0.tgz \
freetype-2.3.4-i486-1_slack11.0.tgz x11-6.9.0-i486-13_slack11.0.tgz \
x11-devel-6.9.0-i486-13_slack11.0.tgz \
x11-xdmx-6.9.0-i486-13_slack11.0.tgz \
x11-xnest-6.9.0-i486-13_slack11.0.tgz \
x11-xvfb-6.9.0-i486-13_slack11.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGKApDakRjwEAQIjMRAmhcAKCRrxpsy2WJCyLrKSvDpJMEhm2GBgCfWUZh
5Eapvq6lMB4wEoECwwIb22c=
=lxDx
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Slackware 11.0 x11-6.9.0 patch fix (SSA:2007-110-01)
A new x11-6.9.0-i486-14_slack11.0.tgz patch is available for Slackware 11.0 to
fix the inadvertent inclusion of two old fontconfig binaries. Installing the
original fontconfig patch followed by the original x11 patch would cause
fc-cache and fc-list to be overwritten by old versions, breaking fontconfig.
To fix the issue, reinstall the fontconfig patch. The x11 package has been
updated so that installation will not be order-specific for anyone fetching
the patches now.
Sorry for the inconvenience.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/x11-6.9.0-i486-14_slack11.0.tgz:
Removed old versions of fc-cache and fc-list.
Somehow a couple of old fontconfig binaries snuck into this package, and
prevent fc-cache from working properly at boot (or any other time).
If you've already installed these upgrades, reinstalling the fontconfig
package will fix the issue. If you do that, there's no need to reinstall
this new x11 package -- it's been fixed so that there's no longer a problem
with the package install order (and because those fc-* binaries didn't
belong there). Sorry for any inconvenience...
Thanks to Petri Kaukasoina for pointing this out.
(* Fix *)
+--------------------------+
Where to find the new package:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-14_slack11.0.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
dd7b984b91576d65b829074963dd8bd0 x11-6.9.0-i486-14_slack11.0.tgz
Installation instructions:
+------------------------+
If you already have x11-6.9.0-i486-13_slack11.0.tgz, check the version of
fc-cache. It should be 2.4.2:
# fc-cache --version
fontconfig version 2.4.2
If not, reinstall the fontconfig package:
# upgradepkg --reinstall fontconfig-2.4.2-i486-1_slack11.0.tgz
If you don't yet have the new x11, fontconfig, and freetype patches,
the versions in slackware-11.0/patches/packages may be installed with
upgradepkg in no particular order.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGKRKmakRjwEAQIjMRAgYEAJ9WVFNSpBKFb/WtLOQnN0BDKcQ74gCfY/od
smPPTuiIIkib2ObAOoak8Ak=
=4LQM
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2007-127-01)
New php packages are available for Slackware 10.2, 11.0, and -current
to improve the stability and security of PHP. Quite a few bugs were
fixed -- please see http://www.php.net for a detailed list.
All sites that use PHP are encouraged to upgrade. Please note that
we haven't tested all PHP applications for backwards compatibility
with this new upgrade, so you should have the old package on hand
just in case.
Both PHP 4.4.7 and PHP 5.2.2 updates have been provided.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
extra/php5/php-5.2.2-i486-1_slack11.0.tgz:
Upgraded to php-5.2.2.
This fixes bugs and improves security.
For more details, see:
http://www.php.net/releases/5_2_2.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
(* Security fix *)
patches/packages/php-4.4.7-i486-1_slack11.0.tgz:
Upgraded to php-4.4.7.
This fixes bugs and improves security.
For more details, see:
http://www.php.net/releases/4_4_7.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.7-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.2-i486-1_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.7-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.2-i486-1_slack11.0.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php5/php-5.2.2-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 packages:
56aa46827b63ffbc362727cbaaf586e8 php-4.4.7-i486-1_slack10.2.tgz
c05e8b71616725493bee7d150b8dc62a php-5.2.2-i486-1_slack10.2.tgz
Slackware 11.0 packages:
b949d684bd04d1f843c28ee01076d246 php-4.4.7-i486-1_slack11.0.tgz
b7be5a1e3ef61d1c758513caeda9c7c7 php-5.2.2-i486-1_slack11.0.tgz
Slackware -current packages:
38a8fe4b7bd5637e09a5a28f50a19a0e php-4.4.7-i486-1.tgz
b49eb13cc4110617f5515426f747b8d7 php-5.2.2-i486-1.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-4.4.7-i486-1_slack11.0.tgz
Finally, restart apache:
# apachectl start (or: apachectl startssl)
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGP+k7akRjwEAQIjMRAkNHAJ9uqevX7tR1PTmYt+14p4yVMPYetQCfeIN9
LlbOex2X7R6jqEU92ePmHbc=
=konX
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] samba (SSA:2007-134-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
and -current to fix security issues.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.25-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.25.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.25-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.25-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.25-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.25-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.25-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
388421f6cb6392b1a8610ca4d65e1f2e samba-3.0.25-i486-1_slack10.0.tgz
Slackware 10.1 package:
8dbe857b25dcd2fd8ded5afbeb110800 samba-3.0.25-i486-1_slack10.1.tgz
Slackware 10.2 package:
9d768f8d50aeb2790344a441505a2a2c samba-3.0.25-i486-1_slack10.2.tgz
Slackware 11.0 package:
65775e4d63ebb041344e0f74e33b2285 samba-3.0.25-i486-1_slack11.0.tgz
Slackware -current package:
a98430e0830c78168562bb49304dfb91 samba-3.0.25-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg samba-3.0.25-i486-1_slack11.0.tgz
Restart samba:
# /etc/rc.d/rc.samba restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGSPAvakRjwEAQIjMRArZeAKCNt0ZRD8fB1lCO9YUENQQN+NRVcwCferaM
C4362ou/eXiQ8UJElovuATM=
=BP6W
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libpng (SSA:2007-136-01)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.18.
A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
libpng applications. This vulnerability has been assigned the identifiers
CVE-2007-2445 and CERT VU#684664.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.18-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.18-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.18-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.18-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.18-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.18-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.18-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
c7eb1c4fdb9770a6cdf74f254f81fc27 libpng-1.2.18-i386-1_slack8.1.tgz
Slackware 9.0 package:
8108fa520ece9138607731a74dfc141e libpng-1.2.18-i386-1_slack9.0.tgz
Slackware 9.1 package:
ac40a7b0b793dbf186fa7765f3ab7f49 libpng-1.2.18-i486-1_slack9.1.tgz
Slackware 10.0 package:
c83777019c539e619a8f08a3fe4ca145 libpng-1.2.18-i486-1_slack10.0.tgz
Slackware 10.1 package:
3f9f1ba6c975ea16b8921482fba71c74 libpng-1.2.18-i486-1_slack10.1.tgz
Slackware 10.2 package:
3a7f07dbaef1058987718fc5bc2beed0 libpng-1.2.18-i486-1_slack10.2.tgz
Slackware 11.0 package:
0dd59c370e78ef621ce810e55a012596 libpng-1.2.18-i486-1_slack11.0.tgz
Slackware -current package:
ea3063b5c3ae38d48aff4631d0275cba libpng-1.2.18-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libpng-1.2.18-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGS3hsakRjwEAQIjMRAjMRAJ4mk4mcI7cAeR+4vckUXqY1psYNBwCfUaq8
ocoKO8GeiLtc2gNncAfp74o=
=/Q33
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php5 (SSA:2007-152-01)
New php5 packages are available for Slackware 10.2, 11.0, and -current to
fix security issues. PHP5 was considered a test package in Slackware 10.2,
and an "extra" package in Slackware 11.0. If you are currently running
PHP4 you may wish to stick with that, as upgrading to PHP5 will probably
require changes to your system's configuration and/or web code.
More details about the issues affecting Slackware's PHP5 may be found in
the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
One CVE-issued vulnerability (CVE-2007-1887) does not affect Slackware as
we do not ship an unbundled sqlite2 library.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
extra/php5/php-5.2.3-i486-1_slack11.0.tgz:
Upgraded to php-5.2.3.
Here's some basic information about the release from php.net:
"This release continues to improve the security and the stability of the
5.X branch as well as addressing two regressions introduced by the
previous 5.2 releases. These regressions relate to the timeout handling
over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in
certain conditions. All users are encouraged to upgrade to this release."
For more complete information, see:
http://www.php.net/releases/5_2_3.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.3-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.3-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.3-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
9f399433ff6cf9c6627476e298cc4e39 php-5.2.3-i486-1_slack10.2.tgz
Slackware 11.0 package:
8ee13bfe55814bed9898ef92c0f25b6c php-5.2.3-i486-1_slack11.0.tgz
Slackware -current package:
ecdc3dbd5c5766f0ebaa05327d8a2fea php-5.2.3-i486-1.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.3-i486-1_slack11.0.tgz
Finally, restart apache:
# apachectl start (or: apachectl startssl)
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGYHxfakRjwEAQIjMRAos2AJ9PLzRsgFtU6v8sAx03y2L9aPGIVgCfcsXm
GglnRzWyN1/FMUqy/LdJyNU=
=o4tu
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] firefox-seamonkey-thunderbird (SSA:2007-152-02)
New mozilla-firefox and seamonkey packages are available for Slackware 10.2,
11.0, and -current to fix security issues. New thunderbird packages are
are available for Slackware 10.2 and 11.0 to fix security issues.
More details about this issue may be found at these links:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz:
Upgraded to firefox-1.5.0.12.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz:
Upgraded to thunderbird-1.5.0.12.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz:
Upgraded to firefox-2.0.0.4.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-2.0.0.4-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-1.1.2-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 packages:
9b1f98981341c2b5813cba7a8425a17d mozilla-firefox-1.5.0.12-i686-1.tgz
07ce695e642641cda081435714ba499a mozilla-thunderbird-1.5.0.12-i686-1.tgz
Slackware 11.0 packages:
9b1f98981341c2b5813cba7a8425a17d mozilla-firefox-1.5.0.12-i686-1.tgz
07ce695e642641cda081435714ba499a mozilla-thunderbird-1.5.0.12-i686-1.tgz
5bcbb4759292e9660a31d084b62f74a5 seamonkey-1.1.2-i486-1_slack11.0.tgz
96895695345c903decc484a7b0ab0a85 mozilla-firefox-2.0.0.4-i686-1.tgz
Slackware -current packages:
96895695345c903decc484a7b0ab0a85 mozilla-firefox-2.0.0.4-i686-1.tgz
e437c6f7a9a2cda50d27278bfc3f0a4d seamonkey-1.1.2-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-firefox-1.5.0.12-i686-1.tgz mozilla-thunderbird-1.5.0.12-i686-1.tgz seamonkey-1.1.2-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGYN9aakRjwEAQIjMRAkckAKCBXnG6U7K8m6APGWX5ukQBSLVTZQCcDSDK
uAEUCZ2guzWPSyA57FB5STI=
=bbJd
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libexif (SSA:2007-164-01)
New libexif packages are available for Slackware 10.2, 11.0, and -current to
fix a crash and potential security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
l/libexif-0.6.16-i486-1_slack11.0.tgz: Upgraded to libexif-0.6.16.
An integer overflow in libexif can crash applications that use the library
on malformed images. The upstream advisory indicates that this flaw could
also be used to execute arbitrary code in the context of the user, but no
exploit is known (by us) to exist among iDefense's researchers or in the
wild. But, as a crash bug and heap overflow one must suppose that the
possibility exists.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libexif-0.6.16-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libexif-0.6.16-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
cd7fae377395a5b9538a702a7ff23afc libexif-0.6.16-i486-1_slack10.2.tgz
Slackware 11.0 package:
c10f21ab97a858ac1183e6a2cc916dd9 libexif-0.6.16-i486-1_slack11.0.tgz
Slackware -current package:
151902aeb8486e2884afd3bb84e48535 libexif-0.6.16-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg libexif-0.6.16-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGcLG7akRjwEAQIjMRAquHAJwKLYhe6LdivaCLQo+ON+TxJFC9BgCfSgm9
S5rbSEhBgMGUb7tFEnmN/3M=
=R6YC
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] thunderbird (SSA:2007-165-01)
A new thunderbird package is available for Slackware -current to
fix two possible security issues. This package may also be used on
many older versions of Slackware (though we're not certain how far
back...)
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Here are the details from the Slackware -current ChangeLog:
+--------------------------+
xap/mozilla-thunderbird-2.0.0.4-i686-1.tgz: Upgraded to thunderbird-2.0.0.4.
This upgrade fixes two possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-2.0.0.4-i686-1.tgz
MD5 signature:
+------------+
Slackware -current package:
6b9ffb3b101315cb4178a23a9ecae109 mozilla-thunderbird-2.0.0.4-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-thunderbird-2.0.0.4-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGcbSNakRjwEAQIjMRAhwTAJ91IxsDK7ERhq2uFnjaU1UesAH5IgCeL7yy
hMPAIDOeWK1eul008W31gNs=
=h6Sw
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gd (SSA:2007-178-01)
GD is an open source code library for the dynamic creation of images.
New gd packages are available for Slackware 11.0, and -current to
fix possible security issues.
Please see: http://www.libgd.org/ReleaseNote020035
for complete release notes. "Upgrading is strongly recommended."
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/gd-2.0.35-i486-1_slack11.0.tgz:
Upgraded to gd-2.0.35.
This fixes a few possible security issues:
* Possible infinite loop in the PNG reader
* Possible integer overflow in gdImageCreateTrueColor
* Possible crash in gdImageCreateXbm
* Numerous flaws in the GIF reader
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.0.35-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
d29e978cd31d64d6d8bb4db0c48822de gd-2.0.35-i486-1_slack11.0.tgz
Slackware -current package:
2a2d38f9b985bb01a1d558a082d28131 gd-2.0.35-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gd-2.0.35-i486-1_slack11.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGggGVakRjwEAQIjMRAjMFAJ9iRvJyZ8XF84DAIaqr86RduCKV8ACeMUMB
YU0VB9OdEYuuv/KNXSgQNFM=
=Cg0K
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi slackware-security subscribers. Thought you'd like to know about the
release if you hadn't noticed yet. If you have, pardon the interruption.
:-)
The official announcement follows:
Well folks, it's that time to announce a new stable Slackware release
again. So, without further ado, announcing Slackware version 12.0!
Since we've moved to supporting the 2.6 kernel series exclusively (and
fine-tuned the system to get the most out of it), we feel that Slackware
12.0 has many improvements over our last release (Slackware 11.0) and is a
must-have upgrade for any Slackware user.
This first Slackware edition of the year combines Slackware's legendary
simplicity (and close tracking of original sources), stability, and
security with some of the latest advances in Linux technology. Expect no
less than the best Slackware yet.
Among the many program updates and distribution enhancements, you'll find
two of the most advanced desktop environments available today: Xfce 4.4.1,
a fast and lightweight but visually appealing and easy to use desktop
environment, and KDE 3.5.7, the latest version of the award-winning K
Desktop Environment. We have added to Slackware support for HAL (the
Hardware Abstraction Layer) which allows the system administrator to add
users to the cdrom and plugdev groups. Then they will be able to use items
such as USB flash sticks, USB cameras that appear like USB storage,
portable hard drives, CD and DVD media, MP3 players, and more, all without
requiring sudo, the mount or umount command. Just plug and play.
Properly set up, Slackware's desktop should be suitable for any level of
Linux experience.
Slackware uses the 2.6.21.5 kernel bringing you advanced performance
features such as journaling filesystems, SCSI and ATA RAID volume support,
SATA support, Software RAID, LVM (the Logical Volume Manager, and
encrypted filesystems. Kernel support for X DRI (the Direct Rendering
Interface) brings high-speed hardware accelerated 3D graphics to Linux.
We have switched from the older one-piece X11 Window System to the newest
modular X11 from X.Org, which should be simpler to maintain and will
likely speed up development of new features for X (such as translucent
windows and a few other things that are on the horizon).
There are two kinds of kernels in Slackware -- the huge kernels, which
contain support for just about every driver in the Linux kernel. These are
primarily intended to be used for installation, but there's no real reason
that you couldn't continue to run them after you have installed. The
other type of kernel is the generic kernel, in which nearly every driver
is built as a module. To use a generic kernel you'll need to build an
initrd to load your filesystem module and possibly your drive controller
or other drivers needed at boot time, configure LILO to load the initrd at
boot, and reinstall LILO. See the docs in /boot after installing for more
information. Slackware's Linux kernels come in both SMP and non-SMP types
now. The SMP kernel supports multiple processors, multi-core CPUs,
HyperThreading, and about every other optimization available. In our own
testing this kernel has proven to be fast, stable, and reliable. We
recommend using the SMP kernel even on single processor machines if it
will run on them.
- From the beginning, Slackware has offered a stable and secure Linux
distribution for UNIX veterans as well as an easy-to-use system for
beginners. Slackware includes everything you'll need to run a powerful
server or workstation. Each Slackware package follows the setup and
installation instructions from its author(s) as closely as possible,
offering you the most stable and easily expandable setup.
Here are some of the advanced features of Slackware 12.0:
- - Runs the 2.6.21.5 version of the Linux kernel from ftp.kernel.org.
Also included is a kernel patched with Speakup to support speech
synthesizers providing access to Linux for the visually impaired
community. The 2.6.x kernel series has matured into a stable
kernel, and provides reliable performance for your desktop or
your production server.
- - System binaries are linked with the GNU C Library, version 2.5.
This version of glibc also has excellent compatibility with
existing binaries.
- - X11 7.2.0. This is the X.Org Foundation's modular X Window System.
You will notice many more X package than before, and it's probably
best to install them all. There's been much activity in the X
development world, and the improvements here in terms of performance
and hardware support are sure to be only the beginning.
- - Installs gcc-4.1.2 as the default C, C++, Objective-C,
Fortran-77/95, and Ada 95 compiler.
- - Support for fully encrypted network connections with OpenSSL,
OpenSSH, OpenVPN, and GnuPG.
- - Apache (httpd) 2.2.4 web server with Dynamic Shared Object
support, SSL, and PHP 5.2.3.
- - PCMCIA, CardBus, USB, IEE1394 (FireWire) and ACPI support. This
makes Slackware a great operating system for your laptop.
- - The udev dynamic device management system for Linux 2.6.x.
This locates and configures most hardware automatically as it
is added (or removed) from the system, and creates the access
nodes in /dev. It also loads the kernel modules required by
sound cards and other hardware at boot time.
- - New development tools, including Perl 5.8.8, Python 2.5.1,
Ruby 1.8.6, Subversion 1.4.4, git-1.5.2.2, mercurial-0.9.4,
graphical tools like Qt designer and KDevelop, and much more.
- - Updated versions of the Slackware package management tools make it
easy to add, remove, upgrade, and make your own Slackware packages.
Package tracking makes it easy to upgrade from Slackware 11.0 to
Slackware 12.0 (see CHANGES_AND_HINTS.TXT). The slackpkg tool in
/extra can also help update from an older version of Slackware to
a newer one, and keep your Slackware system up to date. In
addition, the slacktrack utility (in extra/) will help you build
and maintain your own packages.
- - Web browsers galore! Includes KDE's Konqueror 3.5.7,
SeaMonkey 1.1.2 (this is the replacement for the Mozilla
Suite), and the immensely popular Firefox 2.0.0.4, as well as
the Thunderbird 2.0.0.4 email and news client with advanced
junk mail filtering.
- - The complete K Desktop Environment (KDE) version 3.5.7, including
the KOffice productivity suite, networking tools, GUI development
with KDevelop, multimedia tools (including the amazing Amarok
music player), the Konqueror web browser and file manager, dozens
of games and utilities, international language support, and more.
- - A collection of GTK+ based applications including pidgin-2.0.2,
gimp-2.2.15, gkrellm-2.2.10, gxine-0.5.11, xchat-2.8.2, xsane-0.994,
and pan-0.131.
- - Large repository of extra software packages compiled and ready to
run. This includes various window managers, the Java(TM) 2 Software
Development Kit Standard Edition, libsafe (buffer overflow protection
for additional security), ISDN support, additional 802.11 drivers,
and much more (see the /extra directory).
- - Many more improved and upgraded packages than we can list here. For
a complete list of core packages in Slackware 12.0, see this file:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/PACKAGES.TXT
Downloading Slackware 12.0:
- ---------------------------
The full version of Slackware Linux 12.0 is available for download from
the central Slackware FTP sites hosted by our friends at www.cwo.com
and osuosl.org:
ftp://slackware.osuosl.org/pub/slackware/slackware-12.0/
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/
If the sites are busy, see the list of official mirror sites here:
http://slackware.com/getslack/
We will be setting up BitTorrent downloads for the official ISO images.
Stay tuned to http://slackware.com for the latest updates.
Instructions for burning the Slackware tree onto install discs may be
found in the isolinux directory.
Purchasing Slackware on CD-ROM:
- -------------------------------
Or, please consider purchasing the Slackware Linux 12.0 six CD-ROM set
directly from Slackware Linux, and you'll be helping to support the
continued development of Slackware Linux! :-)
This is the official release of Slackware on CD-ROM, and has many enhanced
features, including:
- Easy bootable CD-ROM installation. If your machine can boot a
CD-ROM, just boot the first disc to begin the installation process.
- The source code used to build Slackware Linux 12.0.
The price for the Slackware Linux CD-ROM set is $49.95 plus shipping.
Slackware 12.0 is also available on a single DVD for $59.95 plus shipping.
Slackware Linux is also available by subscription. When we release a new
version of Slackware (which is normally once or twice a year) we ship it
to you and bill your credit card $32.95 plus shipping. Shipping is $5 in
the USA, Canada, and Mexico for First Class. Overseas is $9 PER ORDER.
There is an additional $3 COD charge (USA Only). UPS Blue Label (2nd day)
[USA Only] is $10 PER ORDER, UPS Red Label (next day) [USA Only] is $15
PER ORDER.
Before ordering express shipping, you may wish to check that we have the
product in stock. We make releases to the net at the same time as disc
production begins, so there is a lag between the online release and the
shipping of media. But, even if you download now you can still buy the
official media later. You'll feel good, be helping the project, and have
a great decorative item perfect for any computer room shelf. :-)
Ordering Information:
- ---------------------
You can order online at the Slackware Linux store:
http://store.slackware.com
Other Slackware items like t-shirts, caps, pins, and stickers
can also be found here. These will help you find and identify
yourself to your fellow Slackware users. :-)
Order inquiries (including questions about becoming a Slackware
reseller) may be directed to this address:
info@slackware.com
Or, send a check or money order to:
Slackware Linux, Inc.
1164 Claremont Drive
Brentwood, CA 94513
USA
Have fun! :^) I hope you find Slackware to be useful, and thanks
very much for your support of this project over the years.
- ---
Patrick J. Volkerding
Visit us on the web at: http://slackware.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGiZD/NVnzhlUXJe4RApjlAJ9ZGnkx8rAy/xVszVCMpZhJ1ITeXwCeNTe3
YtGZoUD6fspuGtI0aPRNvN0=
=NHYn
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] firefox (SSA:2007-200-01)
New mozilla-firefox packages are available for Slackware 11.0 and 12.0
to fix security issues.
Note that Firefox 1.5.x has reached its EOL (end of life) and is no
longer being updated by mozilla.com. Users of Firefox 1.5.x are
encouraged to upgrade to Firefox 2.x. Since we use the official Firefox
binaries, these packages should work equally well on earlier Slackware
systems.
More details about the security issues may be found at this link:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.5-i686-1.tgz:
Upgraded to firefox-2.0.0.5.
This upgrade fixes a couple of minor security bugs. Nobody here is launching
Firefox from Internet Explorer, right? :-)
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-firefox-2.0.0.5-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
d19fb2f984211199f8fb067df2baa251 mozilla-firefox-2.0.0.5-i686-1.tgz
Slackware 12.0 package:
d19fb2f984211199f8fb067df2baa251 mozilla-firefox-2.0.0.5-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-firefox-2.0.0.5-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGn6zwakRjwEAQIjMRAkazAJ9fajDpOR2Edgar1TVYvgxDlwxDTgCfcgVH
kkY8AvJTQyOudmaieKcaVU0=
=k5m3
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] thunderbird (SSA:2007-205-01)
New Thunderbird packages are available for Slackware 11.0 and 12.0
to fix two possible security issues. This package may also be used
on many older versions of Slackware (though we're not certain how far
back...)
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz:
Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine
with Firefox it is susceptible to similar vulnerabilities. This update fixes
the same issues fixed in the recent Firefox patch.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
e9f7d5f04a5680d1f0d5a4147cc7d7bf mozilla-thunderbird-2.0.0.5-i686-1.tgz
Slackware 12.0 package:
e9f7d5f04a5680d1f0d5a4147cc7d7bf mozilla-thunderbird-2.0.0.5-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-thunderbird-2.0.0.5-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGpkTnakRjwEAQIjMRAuQHAJ9wDpTVLemTLAk6YyQLzYcH1prtvwCbBJvA
NIIy3sKZuWsaPi8hhv7ZQwc=
=0cCt
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] seamonkey (SSA:2007-205-02)
New SeaMonkey packages are available for Slackware 11.0 and 12.0
to fix possible security issues. While this update has been
reported to MozillaZine to "fix several security issues", details
are not yet available. Presumably the issues are similar to the
ones that were recently addressed in Firefox and Thunderbird.
More details about the issues may (eventually) be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-1.1.3-i486-1_slack12.tgz:
Upgraded to seamonkey-1.1.3. This is presumably a security update, but the
details on the net have been sparse. So far nothing has appeared at the
usual URL, but I would treat this as a security update unless it is announced
as otherwise.
For more information (if/when it appears), see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.3-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/seamonkey-1.1.3-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
616b87062576fa68a143c69dfaae8e71 seamonkey-1.1.3-i486-1_slack11.0.tgz
Slackware 12.0 package:
1e3a1776cf9ed4e2a301087db2d2d91b seamonkey-1.1.3-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg seamonkey-1.1.3-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGpkTqakRjwEAQIjMRAnA5AJ9ieWffMykq0CFSq3205thVFYzWIACeMR10
zNRCfNoxAaZ+nfrl4srHApc=
=Wkuj
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] bind (SSA:2007-207-01)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, and 12.0 to fix security issues.
The first issue which allows remote attackers to make recursive queries only
affects Slackware 12.0. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
The second issue is the discovery that BIND9's query IDs are cryptographically
weak. This issue affects the versions of BIND9 in all supported Slackware
versions. More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.1_P1-i486-1_slack12.0.tgz:
Upgraded to bind-9.4.1_P1 to fix security issues.
The default access control lists allow remote attackers to make recursive
queries in BIND9 versions 9.4.0 through 9.4.1.
The query IDs in BIND9 prior to BIND 9.4.1-P1 are cryptographically weak.
For more information on these issues, see:
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.2.8_P1-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.2.8_P1-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.2.8_P1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.2.8_P1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.4_P1-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.4_P1-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.1_P1-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
4c4416bf01018b5930f8eb4250bb6bb4 bind-9.2.8_P1-i386-1_slack8.1.tgz
Slackware 9.0 package:
60690cd64a251807a8582b0e904772bd bind-9.2.8_P1-i386-1_slack9.0.tgz
Slackware 9.1 package:
6769219553630a1ee75cf7b7021c9168 bind-9.2.8_P1-i486-1_slack9.1.tgz
Slackware 10.0 package:
7f8d1ad2360a9f0ccb38a9c8d83ad8d8 bind-9.2.8_P1-i486-1_slack10.0.tgz
Slackware 10.1 package:
39a4665d83754377d5be50a739100ad1 bind-9.3.4_P1-i486-1_slack10.1.tgz
Slackware 10.2 package:
f6c0d70a75b3a88c2972e359db895f72 bind-9.3.4_P1-i486-1_slack10.2.tgz
Slackware 11.0 package:
e830092ede1eedbcd54e85c370d8b621 bind-9.3.4_P1-i486-1_slack11.0.tgz
Slackware 12.0 package:
8bea2625ec5d0b04afaf12297474684e bind-9.4.1_P1-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.4.1_P1-i486-1_slack12.0.tgz
Then, restart the nameserver:
# /etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGqREnakRjwEAQIjMRAsbSAJ9ZStIvD+oFpsMNz9PydMzuZEqJvACfWyqm
G+K4UfAgebMjv47ZFwQ3y8U=
=e8l6
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] firefox (SSA:2007-213-01)
New mozilla-firefox packages are available for Slackware 11.0 and 12.0
to fix security issues.
Note that Firefox 1.5.x has reached its EOL (end of life) and is no
longer being updated by mozilla.com. Users of Firefox 1.5.x are
encouraged to upgrade to Firefox 2.x. Since we use the official Firefox
binaries, these packages should work equally well on earlier Slackware
systems.
More details about the security issues may be found at this link:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.6-i686-1.tgz:
Upgraded to firefox-2.0.0.6.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-i686-1.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-firefox-2.0.0.6-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
77bb6342ba2bce50ae793c449b8a2365 mozilla-firefox-2.0.0.6-i686-1.tgz
Slackware 12.0 package:
77bb6342ba2bce50ae793c449b8a2365 mozilla-firefox-2.0.0.6-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-firefox-2.0.0.6-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGsNifakRjwEAQIjMRAvjGAJ9mKK7yAjf0B5/Pcsa3HKukOW8kLwCfTobs
E95vmto9Zs2N3qw2TtFz3Ao=
=+tAY
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] thunderbird (SSA:2007-215-01)
New Thunderbird packages are available for Slackware 11.0 and 12.0
to fix two possible security issues. This package may also be used
on many older versions of Slackware (though we're not certain how far
back...)
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz:
Upgraded to thunderbird-2.0.0.6.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
7b5396dcb1aa23b2fd867177cf905853 mozilla-thunderbird-2.0.0.6-i686-1.tgz
Slackware 12.0 package:
7b5396dcb1aa23b2fd867177cf905853 mozilla-thunderbird-2.0.0.6-i686-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-thunderbird-2.0.0.6-i686-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGs5RDakRjwEAQIjMRAg+LAKCSQvowR1B4221vPTbLbT8TB77nygCfftFK
2IvnD3Al+ARXffqEguukF5s=
=okSs
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] xpdf (SSA:2007-222-05)
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,
and 12.0 to fix an integer overflow.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/xpdf-3.02pl1-i486-1_slack12.0.tgz:
Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly
be leveraged to run arbitrary code if a malicious PDF file is processed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.02pl1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.02pl1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.02pl1-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.02pl1-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl1-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl1-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 9.1 package:
9eede4f674b8af7dab7228000069f81a xpdf-3.02pl1-i486-1_slack9.1.tgz
Slackware 10.0 package:
3d37539ceebdfc92c4ae719b852309c7 xpdf-3.02pl1-i486-1_slack10.0.tgz
Slackware 10.1 package:
f5d1f6483fa704aff148cab49a39dd14 xpdf-3.02pl1-i486-1_slack10.1.tgz
Slackware 10.2 package:
888a403ad8c33326382a1c1d96fd5109 xpdf-3.02pl1-i486-1_slack10.2.tgz
Slackware 11.0 package:
27b1e58dc5fdcc64b38fad8ffe667e9c xpdf-3.02pl1-i486-1_slack11.0.tgz
Slackware 12.0 package:
6ef32871b16ff093354daaf7f390ba0c xpdf-3.02pl1-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg xpdf-3.02pl1-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD4DBQFGvTl2akRjwEAQIjMRAhe5AJjdr+7qa7FR/IaaU39SeSXBZQUZAJwKVWIU
PRjkC3HRRnpl2DY1VKXqzg==
=dYup
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] poppler (SSA:2007-222-02)
A new poppler package is available for Slackware 12.0 to fix an
integer overflow.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/poppler-0.5.4-i486-2_slack12.0.tgz:
Patched to fix an integer overflow in code borrowed from xpdf.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.5.4-i486-2_slack12.0.tgz
MD5 signature:
+------------+
Slackware 12.0 package:
d173df595b7767066d540890878ee444 poppler-0.5.4-i486-2_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg poppler-0.5.4-i486-2_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvTlzakRjwEAQIjMRAuH7AJ9t8R31Fg/g8QzmubcoPXZWGBEDDQCfVvRz
RQzcbJotVm3Ipw8qFmsPbn0=
=tFj4
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gimp (SSA:2007-222-01)
New gimp packages are available for Slackware 10.2, 11.0, and 12.0 to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz:
Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding
certain image types.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gimp-2.2.17-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
d65dd07991a2cd1acd9a97a2c8710ba5 gimp-2.2.17-i486-1_slack10.2.tgz
Slackware 11.0 package:
b39163ba82020a7d64609729fd51de04 gimp-2.2.17-i486-1_slack11.0.tgz
Slackware 12.0 package:
52fd45595c6c1cf3a2eca6d2960ce32b gimp-2.2.17-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg gimp-2.2.17-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvTlyakRjwEAQIjMRAl9cAJ9kF0hJH/TeJcKfM3MFNmnP/1E77gCggpUb
uGuU7J7zxrn4zrTyZs05V7A=
=OenY
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] seamonkey (SSA:2007-222-04)
New seamonkey packages are available for Slackware 11.0 and 12.0 to
fix various security issues.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-1.1.4-i486-1_slack12.tgz:
Upgraded to seamonkey-1.1.4.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.4-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/seamonkey-1.1.4-i486-1_slack12.tgz
MD5 signatures:
+-------------+
Slackware 11.0 package:
ffefd546a568923a4f3c232f409cd30c seamonkey-1.1.4-i486-1_slack11.0.tgz
Slackware 12.0 package:
e8e318b771004e391a6fe561c5d63489 seamonkey-1.1.4-i486-1_slack12.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg seamonkey-1.1.4-i486-1_slack12.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvTl1akRjwEAQIjMRAm/PAJ47jbcRdvGHWYrZMgwdd4wmI93BbACffk9J
sg+reRKWHmiqvd27wT30FFQ=
=X9Ed
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] qt (SSA:2007-222-03)
New qt packages are available for Slackware 10.2, 11.0, and 12.0 to
fix format string errors.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/qt-3.3.8-i486-5_slack12.0.tgz:
Patched to fix several format string bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/qt-3.3.4-i486-5_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/qt-3.3.8-i486-2_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/qt-3.3.8-i486-5_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
41b4beffbe9809a167c6492922443096 qt-3.3.4-i486-5_slack10.2.tgz
Slackware 11.0 package:
887d7025b2fec4954bfe2c622edcb115 qt-3.3.8-i486-2_slack11.0.tgz
Slackware 12.0 package:
0f4590d20500a61dacdcd81c7ce5d9ff qt-3.3.8-i486-5_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg qt-3.3.8-i486-5_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvTl0akRjwEAQIjMRAiNEAJ0al52f2rrkSosXVjgPwyZ7yjMdkACfZmrs
XL5BIqIGNcPgFtO0FSHuoU8=
=zgUz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] tcpdump (SSA:2007-230-01)
New tcpdump packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, and 12.0 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/tcpdump-3.9.7-i486-1_slack12.0.tgz:
Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
This new version fixes an integer overflow in the BGP dissector which
could possibly allow remote attackers to crash tcpdump or to execute
arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tcpdump-3.9.7-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tcpdump-3.9.7-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tcpdump-3.9.7-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tcpdump-3.9.7-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tcpdump-3.9.7-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/tcpdump-3.9.7-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 9.0 package:
3ac8262bcab4556d29db76c6bab77b4c tcpdump-3.9.7-i386-1_slack9.0.tgz
Slackware 9.1 package:
41cb8e80ae262be700aee5343d8e91a8 tcpdump-3.9.7-i486-1_slack9.1.tgz
Slackware 10.0 package:
c530e5cdde5dcaa16d4f1c5a85d96f32 tcpdump-3.9.7-i486-1_slack10.0.tgz
Slackware 10.1 package:
3b75b71c289c3d90ac0a3eab4c864879 tcpdump-3.9.7-i486-1_slack10.1.tgz
Slackware 10.2 package:
60d19664ef5c43f463e6d8dcb7f808bb tcpdump-3.9.7-i486-1_slack10.2.tgz
Slackware 11.0 package:
9dbfc4c5aac75837cfb661c06cad668b tcpdump-3.9.7-i486-1_slack11.0.tgz
Slackware 12.0 package:
f2b34a0c29485d8f942602b69fae0c70 tcpdump-3.9.7-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg tcpdump-3.9.7-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGx1ElakRjwEAQIjMRAmgdAJ9AG4KQGUHSrYyHFStrXj308pmB9gCfTHdb
RT8I5CNsqo1TEAIPcXQ5HHE=
=cWLn
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] java (jre, jdk) (SSA:2007-243-01)
Sun has released security advisories pertaining to both the Java
Runtime Environment and the Standard Edition Development Kit.
One such advisory may be found here:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
Updated versions of both the jre and jdk packages are provided
which address all known flaws in Java(TM) at this time. There
may be more advisories on http://sunsolve.sun.com describing other
flaws that are patched with this update. Happy hunting!
Slackware repackages Sun's Java(TM) binaries without changing them,
so the packages from Slackware 12.0 should work on all glibc based
Slackware versions.
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
Fri Aug 31 13:33:54 CDT 2007
patches/packages/jre-6u2-i586-1.tgz:
Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment
Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) binaries repackaged in
Slackware's package format, and may be used on any version of Slackware
that is based on glibc.
For more information, see:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
(* Security fix *)
An additional change was made to the script that Slackware uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
extra/jdk-6/jdk-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform
Standard Edition Development Kit Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) binaries repackaged in
Slackware's package format, and may be used on any version of Slackware
that is based on glibc.
For more information, see:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
(* Security fix *)
An additional change was made to the script that Slackware uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Updated packages for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/jre-6u2-i586-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/extra/jdk-6/jdk-6u2-i586-1.tgz
MD5 signatures:
+-------------+
4635834cfc639976697abfe01e1aacfd jre-6u2-i586-1.tgz
450ee66b4b9d71edfc5fe81f00267fce jdk-6u2-i586-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg jre-6u2-i586-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG2IwWakRjwEAQIjMRAvtvAJ4vSCwb3r3WqnYAxWWpppQ6UjeRhQCfdNiU
cf7VzlZct2Mfq6Z22VCg2pA=
=xptm
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] samba (SSA:2007-255-02)
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
and 12.0 to fix a security issue and various other bugs.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz:
Upgraded to samba-3.0.26a.
This fixes a security issue in all Samba 3.0.25 versions:
"Incorrect primary group assignment for domain users using the rfc2307
or sfu winbind nss info plugin."
For more information, see:
http://www.samba.org/samba/security/CVE-2007-4138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.26a-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.26a-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.26a-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
81fa953e94a089cc6fca0829055cbd3d samba-3.0.26a-i486-1_slack10.0.tgz
Slackware 10.1 package:
cfe1ded07f0a67f4645b6bc7a2a10d1a samba-3.0.26a-i486-1_slack10.1.tgz
Slackware 10.2 package:
e07026225d3eefa85c655eb14f59ee4a samba-3.0.26a-i486-1_slack10.2.tgz
Slackware 11.0 package:
3cef7747505fe8b408880e11ef84a95d samba-3.0.26a-i486-1_slack11.0.tgz
Slackware 12.0 package:
4b4b3942f45c8764c6e0a04ed807cd89 samba-3.0.26a-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg samba-3.0.26a-i486-1_slack12.0.tgz
Restart Samba:
# /etc/rc.d/rc.samba restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG6FQKakRjwEAQIjMRAnAUAJ423ytjwoEsL1hgtoo92CdXIOe0WwCfbQNK
4b+Tyu05t27tXhKF+zMRkOo=
=0clU
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2007-255-03)
New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to
fix "several low priority security bugs."
Note that PHP5 was not officially supported in Slackware 10.1 or 10.2
(being in the /testing directory), and was not the default version of
PHP for Slackware 11.0 (being in the /extra directory), but updates are
being provided anyway.
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/php-5.2.4-i486-1_slack12.0.tgz:
Upgraded to php-5.2.4. The PHP announcement says this version fixes over
120 bugs as well as "several low priority security bugs."
Read more about it here:
http://www.php.net/releases/5_2_4.php
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/testing/packages/php5/php-5.2.4-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.4-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.4-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.4-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 10.1 package:
ebe9ba4e1b440422215682ef4a63616a php-5.2.4-i486-1_slack10.1.tgz
Slackware 10.2 package:
dc4516fbfff6219fdcc54fdf76fe4f93 php-5.2.4-i486-1_slack10.2.tgz
Slackware 11.0 package:
03d817c5973d882fee648b060d17ac33 php-5.2.4-i486-1_slack11.0.tgz
Slackware 12.0 package:
237ecf6ba490cf0df9fffd6529cae233 php-5.2.4-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
First, stop Apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.4-i486-1_slack12.0.tgz
Finally, restart Apache:
# apachectl start
Or, for Apache 1.3.x versions using SSL:
# apachectl startssl
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG6FQMakRjwEAQIjMRArDFAJkBFhgJOpdrix/Gnjkj9bm/2kd+swCfRNrU
lHV1WNK7BkzE1Gfss1vR6IM=
=ou8X
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] openssh (SSA:2007-255-01)
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, and 12.0 to fix a possible security issue. This version should
also provide increased performance with certain ciphers.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/openssh-4.7p1-i486-1_slack12.0.tgz:
Upgraded to openssh-4.7p1.
From the OpenSSH release notes:
"Security bugs resolved in this release: Prevent ssh(1) from using a
trusted X11 cookie if creation of an untrusted cookie fails; found and
fixed by Jan Pechanec."
While it's fair to say that we here at Slackware don't see how this could
be leveraged to compromise a system, a) the OpenSSH people (who presumably
understand the code better) characterize this as a security bug, b) it has
been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
network daemons. Better safe than sorry.
More information should appear here eventually:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.7p1-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.7p1-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.7p1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.7p1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.7p1-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.7p1-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssh-4.7p1-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssh-4.7p1-i486-1_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
25e0189c2bc95eea8bb16765754ecea1 openssh-4.7p1-i386-1_slack8.1.tgz
Slackware 9.0 package:
7505d255c41ef230253c717cc26ccbdb openssh-4.7p1-i386-1_slack9.0.tgz
Slackware 9.1 package:
df85c1d9b38e013299a3836bb9c27132 openssh-4.7p1-i486-1_slack9.1.tgz
Slackware 10.0 package:
da0ca9a9fe19b6a957841c713f1741c3 openssh-4.7p1-i486-1_slack10.0.tgz
Slackware 10.1 package:
bde00df8778cd0493c3c0b725723a0c8 openssh-4.7p1-i486-1_slack10.1.tgz
Slackware 10.2 package:
882aefa12a491338232d062e1ae3a728 openssh-4.7p1-i486-1_slack10.2.tgz
Slackware 11.0 package:
3a39b28ceffc200fee92ebe78e259e92 openssh-4.7p1-i486-1_slack11.0.tgz
Slackware 12.0 package:
405be96f426dde59c0fd0cb55eaa555f openssh-4.7p1-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg openssh-4.7p1-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG6FQHakRjwEAQIjMRAtbEAJ9f7ri/HD72lpCbeqU0OXE93nXmkwCfUqKB
VYFEgLe+CpfHcVYr0RfwlBw=
=Iug+
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] kdebase, kdelibs (SSA:2007-264-01)
New kdebase packages are available for Slackware 12.0 to fix security issues.
A long URL padded with spaces could be used to display a false URL in
Konqueror's addressbar, and KDM when used with no-password login could
be tricked into logging a different user in without a password. This
is not the way KDM is configured in Slackware by default, somewhat
mitigating the impact of this issue.
More details about the issues may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
http://www.kde.org/info/security/advisory-20070919-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/kdebase-3.5.7-i486-3_slack12.0.tgz:
Patched Konqueror to prevent "spoofing" the URL
(i.e. displaying a URL other than the one associated with the page displayed)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
Patched KDM issue: "KDM can be tricked into performing a password-less
login even for accounts with a password set under certain circumstances,
namely autologin to be configured and "shutdown with password" enabled."
For more information, see:
http://www.kde.org/info/security/advisory-20070919-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
(* Security fix *)
patches/packages/kdelibs-3.5.7-i486-3_slack12.0.tgz:
Patched Konqueror's supporting libraries to prevent addressbar spoofing.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/kdebase-3.5.7-i486-3_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/kdelibs-3.5.7-i486-3_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 12.0 packages:
467ac64778e2a72334b4ac13ff6f3e98 kdebase-3.5.7-i486-3_slack12.0.tgz
13d4eeb321c922503e8edc49f40e95f4 kdelibs-3.5.7-i486-3_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg kdelibs-3.5.7-i486-3_slack12.0.tgz kdebase-3.5.7-i486-3_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG9GLiakRjwEAQIjMRAlo6AJ9UB1nu6CSM1n3JIwVGJr7AcCW5UgCfWOlD
wZ7TdNQ1JD1PHmmPlikILmA=
=J2a8
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] pidgin (SSA:2007-275-01)
A new pidgin package is available for Slackware 12.0 to fix a minor
fix security issue.
More details about this issue may be found here:
http://www.pidgin.im/news/security/?id=23
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.2.1-i486-1_slack12.0.tgz:
Upgraded to pidgin-2.2.1.
This fixes a crash that can be triggered remotely on MSN in 2.2.0.
For more information, see:
http://www.pidgin.im/news/security/?id=23
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.2.1-i486-1_slack12.0.tgz
MD5 signature:
+------------+
Slackware 12.0 package:
debf41bd7a6ae0401dd4f8af2b80e791 pidgin-2.2.1-i486-1_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg pidgin-2.2.1-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHAwxpakRjwEAQIjMRAgsnAJ0Rp4MyjxFlsxvLWcDJCeamOBM1IQCfWVoR
RgG6oDMkWClRTxF5YT2vrPI=
=gJ5p
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] glibc-zoneinfo (SSA:2007-283-01)
New glibc-zoneinfo packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, and 12.0 to update the timezone tables to the latest
versions. If you've noticed your clock has wandered off, these packages
should fix the problem.
This isn't really a "security issue" (or is a minor one), but it's an
important fix nevertheless.
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz:
Upgraded to timezone data from tzcode2007h and tzdata2007h.
This contains the latest timezone data from NIST, including some important
changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-zoneinfo-2.2.5-i386-4_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-zoneinfo-2.3.1-noarch-6_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/glibc-zoneinfo-2.3.2-noarch-3_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/glibc-zoneinfo-2.3.2-noarch-8_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/glibc-zoneinfo-2.3.4-noarch-3_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/glibc-zoneinfo-2.3.5-noarch-8_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.2.5-i386-4_slack8.1.tgz
Slackware 9.0 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.1-noarch-6_slack9.0.tgz
Slackware 9.1 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.2-noarch-3_slack9.1.tgz
Slackware 10.0 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.2-noarch-8_slack10.0.tgz
Slackware 10.1 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.4-noarch-3_slack10.1.tgz
Slackware 10.2 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.5-noarch-8_slack10.2.tgz
Slackware 11.0 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz
Slackware 12.0 package:
f523b5d2fcc4dc5131bd34a669318866 glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHDQQ0akRjwEAQIjMRAnpJAJ41kiYsTnY8XTwx0HeCAMqb8YceUACfeIaJ
y65upl8xCoDMm9DAknUSI9s=
=dPgz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] firefox, seamonkey (SSA:2007-297-01)
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0,
and -current to fix security issues. New seamonkey updates are available
for Slackware 11.0, 12.0, and -current to address similar issues.
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz:
Upgraded to firefox-2.0.0.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.5.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.5-i486-1_slack11.0.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/seamonkey-1.1.5-i486-1_slack12.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-2.0.0.8-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-1.1.5-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz
Slackware 11.0 packages:
b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz
8b99ebde232b836a98d463d12954604e seamonkey-1.1.5-i486-1_slack11.0.tgz
Slackware 12.0 packages:
b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz
388eb89901569741c236bf2e986a6930 seamonkey-1.1.5-i486-1_slack12.tgz
Slackware -current packages:
b8dfaee623a11682e28ead372bbc748e mozilla-firefox-2.0.0.8-i686-1.tgz
7f9f3ee3d139514bf2f9e708d69bab2a seamonkey-1.1.5-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg mozilla-firefox-2.0.0.8-i686-1.tgz seamonkey-1.1.5-i486-1_slack12.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHIBnVakRjwEAQIjMRAhZPAJ49iLcuqj41beJZTVzryCTek9vjHwCeMxb3
d1nT6zzCL09RnyopnT+GVmE=
=RLnk
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] cups (SSA:2007-305-01)
CUPS was found to contain errors in ipp.c which could allow a remote attacker
to crash CUPS, resulting in a denial of service. If you use CUPS, it is
recommended to update to the latest package for your version of Slackware.
The latest cups package is available for Slackware -current, and patched
packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0,
and 12.0 that fix the problems.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/cups-1.2.11-i486-2_slack12.0.tgz:
Patched cups-1.2.11.
An off-by-one error in ipp.c may allow a remote attacker to crash CUPS
resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cups-1.1.19-i386-2_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cups-1.1.19-i386-2_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cups-1.1.21-i486-2_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/cups-1.1.21-i486-2_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/cups-1.1.23-i486-2_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/cups-1.1.23-i486-2_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/cups-1.1.23-i486-5_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.2.11-i486-2_slack12.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.3.3-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
f6a62aa21fca9e0209b0fcb5ec577b9e cups-1.1.19-i386-2_slack8.1.tgz
Slackware 9.0 package:
6885ff8137f28cb158813f5f6d3717bc cups-1.1.19-i386-2_slack9.0.tgz
Slackware 9.1 package:
105d3e46bd6370c2e284f4742e6396bf cups-1.1.21-i486-2_slack9.1.tgz
Slackware 10.0 package:
c3dee12331e2cd3f26cc13a335d9a220 cups-1.1.21-i486-2_slack10.0.tgz
Slackware 10.1 package:
82a16ce6427f0019a28176053740155e cups-1.1.23-i486-2_slack10.1.tgz
Slackware 10.2 package:
e1c131bdae63d28664688f3876d4e2dd cups-1.1.23-i486-2_slack10.2.tgz
Slackware 11.0 package:
7cfdebc0aedc821e7d83e593d7cb7d9c cups-1.1.23-i486-5_slack11.0.tgz
Slackware 12.0 package:
7fc3c9fc2aa5b9dbfe519f2483516528 cups-1.2.11-i486-2_slack12.0.tgz
Slackware -current package:
811176fc91d13cd3b811b9c0b303cdb0 cups-1.3.3-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg cups-1.2.11-i486-2_slack12.0.tgz
Then, restart cups:
sh /etc/rc.d/rc.cups restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHKpcNakRjwEAQIjMRAr4HAKCRa/0T+WTBHfyk+Mbg7IdlUPx3YACdHPMt
VB9TdfbZqjb4kHtDt1F3JS0=
=ORCe
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2007-314-01)
New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0,
and -current to fix security and other bugs.
Note that PHP5 was not officially supported in Slackware 10.1 or 10.2
(being in the /testing directory), and was not the default version of
PHP for Slackware 11.0 (being in the /extra directory), but updates are
being provided anyway.
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/php-5.2.5-i486-1_slack12.0.tgz:
Upgraded to php-5.2.5.
This fixes bugs and security issues.
For more information, see:
http://www.php.net/releases/5_2_5.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/testing/packages/php5/php-5.2.5-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.5-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.5-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.5-i486-1_slack12.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.5-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.1 package:
8b3d6becd928cb57a885715ac7f8cff8 php-5.2.5-i486-1_slack10.1.tgz
Slackware 10.2 package:
18c47598820ecb187f8d19a3e2bc7ec6 php-5.2.5-i486-1_slack10.2.tgz
Slackware 11.0 package:
8cd2ec70ef323c5de88e34c041a6e6a5 php-5.2.5-i486-1_slack11.0.tgz
Slackware 12.0 package:
1784adc85a1a3ff36d84baa8074d99ed php-5.2.5-i486-1_slack12.0.tgz
Slackware -current package:
4ebf48ac4661da84e889688d76edec8e php-5.2.5-i486-1.tgz
Installation instructions:
+------------------------+
First, stop Apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.5-i486-1_slack12.0.tgz
Finally, restart Apache:
# apachectl start
Or, for Apache 1.3.x versions using SSL:
# apachectl startssl
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHNjKZakRjwEAQIjMRAkVoAJ9Oa4jdTS8/qcAuDXH4dPwhvkhcTACfa5KD
UnJj7i2dMF0dCH2bk/H5hjU=
=r4Gp
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php for Slackware 11.0 reissued (SSA:2007-314-02)
The security/bug fix update for Slackware 11.0 has been reissued
to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for
pointing this out.
Sorry for any inconvenience.
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
extra/php5/php-5.2.5-i486-2_slack11.0.tgz:
The security/bug fix update for Slackware 11.0 has been reissued
to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for
pointing this out. We appreciate the fast weekend Q/A. :-)
This package should be installed rather than the previously
released php-5.2.5-i486-1_slack11.0 (unless you do not use
/usr/php/php-cgi in which case either package will do.)
(* Security fix *)
+--------------------------+
Where to find the new package:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.5-i486-2_slack11.0.tgz
MD5 signature:
+-------------+
Slackware 11.0 package:
c0a7182780dea900928de26a8109379f php-5.2.5-i486-2_slack11.0.tgz
Installation instructions:
+------------------------+
First, stop Apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.5-i486-2_slack11.0.tgz
Finally, restart Apache:
# apachectl start
Or, for Apache using SSL:
# apachectl startssl
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHNoPoakRjwEAQIjMRAu45AJ4x4pwyORyGQ4nlg8ohTZaA0XQTswCfTLzQ
9rDSEZeYpjuVF9SqKenqu80=
=C7gO
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,
12.0, and -current. New poppler packages are available for Slackware 12.0
and -current. New koffice packages are available for Slackware 11.0, 12.0,
and -current. New kdegraphics packages are available for Slackware 10.2,
11.0, 12.0, and -current.
These updated packages address similar bugs which could be used to crash
applications linked with poppler or that use code from xpdf through the
use of a malformed PDF document. It is possible that a maliciously
crafted document could cause code to be executed in the context of the
user running the application processing the PDF.
These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/kdegraphics-3.5.7-i486-2_slack12.0.tgz:
Patched xpdf related bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
patches/packages/koffice-1.6.3-i486-2_slack12.0.tgz:
Patched xpdf related bugs.
For more information, see:
http://www.kde.org/info/security/advisory-20071107-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
patches/packages/poppler-0.6.2-i486-1_slack12.0.tgz:
Upgraded to poppler-0.6.2.
This release fixes xpdf related bugs.
For more information, see:
http://poppler.freedesktop.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
patches/packages/xpdf-3.02pl2-i486-1_slack12.0.tgz:
Upgraded to xpdf-3.02pl2.
The pl2 patch fixes a crash in xpdf.
Some theorize that this could be used to execute arbitrary code if an
untrusted PDF file is opened, but no real-world examples are known (yet).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.02pl2-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.02pl2-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.02pl2-i486-1_slack10.1.tgz
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-3_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.02pl2-i486-1_slack10.2.tgz
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/kdegraphics-3.5.4-i486-2_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/koffice-1.5.2-i486-5_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl2-i486-1_slack11.0.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/kdegraphics-3.5.7-i486-2_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/koffice-1.6.3-i486-2_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl2-i486-1_slack12.0.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.8-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/koffice-1.6.3-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-0.6.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.02pl2-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 9.1 package:
aa3d6b221c07a384baa6a0eba1a1efdb xpdf-3.02pl2-i486-1_slack9.1.tgz
Slackware 10.0 package:
599858ff8356b0e8880136cb3b55e25c xpdf-3.02pl2-i486-1_slack10.0.tgz
Slackware 10.1 package:
255da766ecacfc63e911c18a61e5752d xpdf-3.02pl2-i486-1_slack10.1.tgz
Slackware 10.2 packages:
f7b37b4cb655b521bd9c5ab6307ac270 kdegraphics-3.4.2-i486-3_slack10.2.tgz
2f4ed5c83e8c5be32be96357507c330a xpdf-3.02pl2-i486-1_slack10.2.tgz
Slackware 11.0 packages:
25578c530a3f2ec13bec0357d65bae2c kdegraphics-3.5.4-i486-2_slack11.0.tgz
4acf5abe10c5f3945cbc07055257a542 koffice-1.5.2-i486-5_slack11.0.tgz
8a7b799c24c390afb4772caa1436265d xpdf-3.02pl2-i486-1_slack11.0.tgz
Slackware 12.0 packages:
11baa1865cc585fdd7675841b451ea9b kdegraphics-3.5.7-i486-2_slack12.0.tgz
59e52a5e1e275fc014d90617ecb3e5dd poppler-0.6.2-i486-1_slack12.0.tgz
5e44ffce08846b5fe97084d40c2c8546 koffice-1.6.3-i486-2_slack12.0.tgz
f2664010681ae7d7b448a8fa0c81ab74 xpdf-3.02pl2-i486-1_slack12.0.tgz
Slackware -current packages:
d23a28d7dee50891a33c9ded57c68044 kdegraphics-3.5.8-i486-2.tgz
6e65e3b07e7ff2ed0dda65d18dab6900 koffice-1.6.3-i486-2.tgz
98135c77e0401bbf222e0eb56c085d17 poppler-0.6.2-i486-1.tgz
6ef32871b16ff093354daaf7f390ba0c xpdf-3.02pl1-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg kdegraphics-3.5.7-i486-2_slack12.0.tgz poppler-0.6.2-i486-1_slack12.0.tgz koffice-1.6.3-i486-2_slack12.0.tgz xpdf-3.02pl2-i486-1_slack12.0.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHOAy5akRjwEAQIjMRAhi8AJ9Zv8+7ZJtQ/+8qdFlAQvrTIZz5WwCfWFra
F89h38DyryUoJzkyRj+aczU=
=+W1J
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] samba (SSA:2007-320-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.27-i486-1_slack12.0.tgz:
Upgraded to samba-3.0.27.
Samba 3.0.27 is a security release in order to address a stack buffer
overflow in nmbd's logon request processing, and remote code execution in
Samba's WINS server daemon (nmbd) when processing name registration followed
name query requests.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.27-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.27-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.27-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.27-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.27-i486-1_slack12.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.27-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
f45e9c4f7dca31a0e7d54750c41ed7cb samba-3.0.27-i486-1_slack10.0.tgz
Slackware 10.1 package:
f720d064e49e2eb076b651d4711214b7 samba-3.0.27-i486-1_slack10.1.tgz
Slackware 10.2 package:
cfbfa85b36bab92cd2c4c7533d893789 samba-3.0.27-i486-1_slack10.2.tgz
Slackware 11.0 package:
56c4e1b1556a551438b752bc333b87a2 samba-3.0.27-i486-1_slack11.0.tgz
Slackware 12.0 package:
83eb1ee443157b74aae38ea82e11220e samba-3.0.27-i486-1_slack12.0.tgz
Slackware -current package:
3d151739e88c3df03e23c07af60389fd samba-3.0.27-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg samba-3.0.27-i486-1.tgz
Then, restart Samba:
# /etc/rc.d/rc.samba restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHPik1akRjwEAQIjMRAjUoAKCIhcOkJ/TScefR2yotzZoZu0iWsACfYfpu
GVtqCtv+6R35E6UcysEctw4=
=N/Rj
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2007-324-01)
New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,
and -current to fix security issues. Slackware is not vulnerable to either
of these in its default configuration, but watch out if you've enabled
JavaScript.
More information about the security issues may be found here:
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz:
Upgraded to thunderbird-2.0.0.9.
This update fixes the following security related issues:
URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36).
Crashes with evidence of memory corruption (MFSA 2007-29).
OK, so the first one obviously does not affect us. :-) The second fix has
to do with the same JavaScript handling problem fixed before in Firefox.
JavaScript is not enabled by default in Thunderbird, and the developers
(at least in MFSA 2007-36) do not recommend turning it on.
For more information, see:
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-2.0.0.9-i686-1.tgz
MD5 signatures:
+-------------+
Slackware 10.2 package:
fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware 11.0 package:
fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware 12.0 package:
fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware -current package:
7b5396dcb1aa23b2fd867177cf905853 mozilla-thunderbird-2.0.0.6-i686-1.tgz
Installation instructions:
+------------------------+
Stop Thunderbird.
Upgrade the package as root:
# upgradepkg mozilla-thunderbird-2.0.0.6-i686-1.tgz
Restart Thunderbird.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQ215akRjwEAQIjMRAl0yAJoCSQouDCCIAFyM3DjvTO7ptyeN0QCdFQnf
rsXoNhxP20WsQJ3QnumE7fA=
=aOjs
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] libpng (SSA:2007-325-01)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, 12.0, and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/libpng-1.2.23-i486-1_slack12.0.tgz:
Upgraded to libpng-1.2.23.
Previous libpng versions may crash when loading malformed PNG files.
It is not currently known if this vulnerability can be exploited to
execute malicious code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.23-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.23-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.23-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.23-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.18-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.18-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.23-i486-1_slack12.0.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.23-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
8d0dd9842dad8760a307b26553a65d4b libpng-1.2.23-i386-1_slack8.1.tgz
Slackware 9.0 package:
de97c8d48064f524f5f1e8282239b273 libpng-1.2.23-i386-1_slack9.0.tgz
Slackware 9.1 package:
b27a0b7a99c61481790e48c3ba8f9b7c libpng-1.2.23-i486-1_slack9.1.tgz
Slackware 10.0 package:
554b84161d14901c9ffe6af8bb3f8248 libpng-1.2.23-i486-1_slack10.0.tgz
Slackware 10.1 package:
3f9f1ba6c975ea16b8921482fba71c74 libpng-1.2.18-i486-1_slack10.1.tgz
Slackware 10.2 package:
3a7f07dbaef1058987718fc5bc2beed0 libpng-1.2.18-i486-1_slack10.2.tgz
Slackware 11.0 package:
0582f807f04c7041092b0ccc10c17d1f libpng-1.2.23-i486-1_slack11.0.tgz
Slackware 12.0 package:
aaa0871396e70f44cd8ee6b4243fa93e libpng-1.2.23-i486-1_slack12.0.tgz
Slackware -current package:
db8a8d10e3b637380875d7644faa8e37 libpng-1.2.23-i486-1.tgz