-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  x11 (SSA:2006-207-02)

New x11 packages are available for Slackware 10.2 and -current to
fix security issues.  In addition, fontconfig and freetype have been
split out from the x11 packages in -current, so if you run -current
you'll also need to install those new packages.

More details about the issues may be found here:

  https://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/x11-6.8.2-i486-6_slack10.2.tgz:
  Patched some more possible linux 2.6.x setuid() related bugs:
    https://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
  Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2.
  (* Security fix *)
patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz:  Patched as above.
  (* Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 10.2:

Updated packages for Slackware -current:


MD5 signatures:
+-------------+

Slackware 10.2 packages:
0cf87318d76c36906dcd5fb5bc718444  x11-6.8.2-i486-6_slack10.2.tgz
bea4188bde1da241595e91bae2c76c11  x11-devel-6.8.2-i486-6_slack10.2.tgz
3286ca1e2dd171577927a31c1a327601  x11-xdmx-6.8.2-i486-6_slack10.2.tgz
27eca3d63e056ac4553c0196161405f4  x11-xnest-6.8.2-i486-6_slack10.2.tgz
e208de9bbe2a830b6f161e0ae3301d3b  x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Slackware -current packages:
3cfe905c595a7ff72810834cba17fb40  fontconfig-2.2.3-i486-1.tgz
d796910b7b481086b9569488a07ca257  freetype-2.1.9-i486-1.tgz
abec810fe0662c05b527e815a164b29d  x11-6.9.0-i486-5.tgz
dd3d53f59bdd24a2df459cd086659887  x11-devel-6.9.0-i486-5.tgz
d6d7c360b0b6e3d344bbab361db7a71c  x11-xdmx-6.9.0-i486-5.tgz
0de6e761a401623fd571c97601d08645  x11-xnest-6.9.0-i486-5.tgz
73a12a31308ed5af5eddd22a67904736  x11-xvfb-6.9.0-i486-5.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg x11-6.8.2-i486-6_slack10.2.tgz \
  x11-devel-6.8.2-i486-6_slack10.2.tgz \
  x11-xdmx-6.8.2-i486-6_slack10.2.tgz \
  x11-xnest-6.8.2-i486-6_slack10.2.tgz \
  x11-xvfb-6.8.2-i486-6_slack10.2.tgz


+-----+

Slackware: 2006-207-02: x11 Security Update

July 26, 2006
New x11 packages are available for Slackware 10.2 and -current to fix security issues

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/x11-6.8.2-i486-6_slack10.2.tgz: Patched some more possible linux 2.6.x setuid() related bugs: https://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2. (* Security fix *) patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz: Patched as above. (* Security fix *) patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz: Rebuilt. patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz: Rebuilt. patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz: Rebuilt.

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 10.2:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 10.2 packages: 0cf87318d76c36906dcd5fb5bc718444 x11-6.8.2-i486-6_slack10.2.tgz bea4188bde1da241595e91bae2c76c11 x11-devel-6.8.2-i486-6_slack10.2.tgz 3286ca1e2dd171577927a31c1a327601 x11-xdmx-6.8.2-i486-6_slack10.2.tgz 27eca3d63e056ac4553c0196161405f4 x11-xnest-6.8.2-i486-6_slack10.2.tgz e208de9bbe2a830b6f161e0ae3301d3b x11-xvfb-6.8.2-i486-6_slack10.2.tgz
Slackware -current packages: 3cfe905c595a7ff72810834cba17fb40 fontconfig-2.2.3-i486-1.tgz d796910b7b481086b9569488a07ca257 freetype-2.1.9-i486-1.tgz abec810fe0662c05b527e815a164b29d x11-6.9.0-i486-5.tgz dd3d53f59bdd24a2df459cd086659887 x11-devel-6.9.0-i486-5.tgz d6d7c360b0b6e3d344bbab361db7a71c x11-xdmx-6.9.0-i486-5.tgz 0de6e761a401623fd571c97601d08645 x11-xnest-6.9.0-i486-5.tgz 73a12a31308ed5af5eddd22a67904736 x11-xvfb-6.9.0-i486-5.tgz

Severity
[slackware-security] x11 (SSA:2006-207-02)
New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages.
More details about the issues may be found here:
https://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg x11-6.8.2-i486-6_slack10.2.tgz \ x11-devel-6.8.2-i486-6_slack10.2.tgz \ x11-xdmx-6.8.2-i486-6_slack10.2.tgz \ x11-xnest-6.8.2-i486-6_slack10.2.tgz \ x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved