Slackware Essential And Critical Security Patch Updates - Page 69
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code.
New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a "man in the middle" may force a client and server to fall back to the less-secure SSL 2.0 protocol.
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server)
New Thunderbird packages are available for Slackware 10.2 and -current to fix a security issue: MFSA 2005-59 Command-line handling on Linux allows shell execution More details about this issue may be found on the Mozilla web site:
New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this
New Mozilla and Firefox packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues: MFSA 2005-59 Command-line handling on Linux allows shell execution MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges.
New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and
A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the
This advisory summarizes recent security fixes in Slackware -current. Usually security advisories are not issued on problems that exist only within the test version of Slackware (slackware-current), but since it's so close to being released as Slackware 10.2, and since there have been
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If "SSLVerifyClient optional" was configured in the global section of the config file, it could improperly override "SSLVerifyClient require" in a per-location section.
New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges.
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash
New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary
New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server.
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Connecting to a malicious or compromised POP3 server may overflow fetchmail's stack causing a crash or the execution of arbitrary code.
New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
New zlib packages are available for Slackware 10.0, 10.1, and -current to fix an additional crash issue. zlib 1.1.x is not affected.
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: New versions of the mozilla-plugins symlink creation package are also out for