Advisory: Slackware Essential And Critical Security Patch Updates

Slackware: 2005-255-02: util-linux umount privilege escalation Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges.

LinuxSecurity.com Team
Sep 13, 2005

Slackware: 2005-255-01: dhcpcd DoS Security Update

New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and

LinuxSecurity.com Team
Sep 13, 2005

Slackware: 2005-251-04: php5 in Slackware 10.1 Security Update

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the

LinuxSecurity.com Team
Sep 08, 2005

Slackware: 2005-251-03: slackware-current s Security Update

This advisory summarizes recent security fixes in Slackware -current. Usually security advisories are not issued on problems that exist only within the test version of Slackware (slackware-current), but since it's so close to being released as Slackware 10.2, and since there have been

LinuxSecurity.com Team
Sep 08, 2005

Slackware: 2005-251-02: mod_ssl Security Update

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If "SSLVerifyClient optional" was configured in the global section of the config file, it could improperly override "SSLVerifyClient require" in a per-location section.

LinuxSecurity.com Team
Sep 08, 2005

Slackware: 2005-251-01: kcheckpass in kdebase Security Update

New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges.

LinuxSecurity.com Team
Sep 08, 2005

Slackware: 2005-242-02: PHP Security Update

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which

LinuxSecurity.com Team
Aug 30, 2005

Slackware: 2005-242-03: gaim Security Update

New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash

LinuxSecurity.com Team
Aug 30, 2005

Slackware: 2005-242-01: PCRE library Security Update

New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary

LinuxSecurity.com Team
Aug 30, 2005

Slackware: 2005-210-01: telnet client Security Update

New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server.

LinuxSecurity.com Team
Jul 30, 2005

Slackware: 2005-203-05: fetchmail Security Update

New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Connecting to a malicious or compromised POP3 server may overflow fetchmail's stack causing a crash or the execution of arbitrary code.

LinuxSecurity.com Team
Jul 22, 2005

Slackware: 2005-203-04: gxine format string vulnerability Security Update

New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

LinuxSecurity.com Team
Jul 22, 2005

Slackware: 2005-203-03: zlib Security Update

New zlib packages are available for Slackware 10.0, 10.1, and -current to fix an additional crash issue. zlib 1.1.x is not affected.

LinuxSecurity.com Team
Jul 22, 2005

Slackware: 2005-203-01: Mozilla/Firefox Security Update

New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: New versions of the mozilla-plugins symlink creation package are also out for

LinuxSecurity.com Team
Jul 22, 2005

Slackware: 2005-203-02: kdenetwork Security Update

New kdenetwork packages are available for Slackware 10.0, 10.1, and -current to fix security issues. Overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. More details about this vulnerability may be found here:

LinuxSecurity.com Team
Jul 22, 2005

Slackware: 2005-201-02: emacs movemail POP utility Security Update

New emacs packages are available for Slackware 10.1 and -current to a security issue with the movemail utility for retrieving mail from a POP mail server. If used to connect to a malicious POP server, it is possible for the server to cause the execution of arbitrary code as

LinuxSecurity.com Team
Jul 20, 2005

Slackware: 2005-201-01: dnsmasq Security Update

New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache.

LinuxSecurity.com Team
Jul 20, 2005

Slackware: 2005-195-02: XV Security Update

New XV image viewer packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Format string and other issues could cause a crash or execution of arbitrary code if a specially crafted image is loaded with XV.

LinuxSecurity.com Team
Jul 15, 2005

Slackware: 2005-195-10: tcpdump DoS Security Update

New tcpdump packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A specially crafted BGP packet can cause tcpdump to go into an infinite loop, creating a denial of service where network monitoring is disabled.

LinuxSecurity.com Team
Jul 15, 2005

Slackware: 2005-192-02: PHP packages d again for 8.1, 9.0, 9.1 Security Update

Sorry folks, I mistakenly used a build template that was too new to build the first round of PHP packages for Slackware 8.1, 9.0, and 9.1, which tried to place the module in /usr/libexec/apache (older versions of Slackware use /usr/libexec instead), and tried to link to incorrect

LinuxSecurity.com Team
Jul 12, 2005

Slackware Essential And Critical Security Patch Updates - Page 70

Slackware: 2005-255-02: util-linux umount privilege escalation Security Update

Slackware: 2005-255-01: dhcpcd DoS Security Update

Slackware: 2005-251-04: php5 in Slackware 10.1 Security Update

Slackware: 2005-251-03: slackware-current s Security Update

Slackware: 2005-251-02: mod_ssl Security Update

Slackware: 2005-251-01: kcheckpass in kdebase Security Update

Slackware: 2005-242-02: PHP Security Update

Slackware: 2005-242-03: gaim Security Update

Slackware: 2005-242-01: PCRE library Security Update

Slackware: 2005-210-01: telnet client Security Update

Slackware: 2005-203-05: fetchmail Security Update

Slackware: 2005-203-04: gxine format string vulnerability Security Update

Slackware: 2005-203-03: zlib Security Update

Slackware: 2005-203-01: Mozilla/Firefox Security Update

Slackware: 2005-203-02: kdenetwork Security Update

Slackware: 2005-201-02: emacs movemail POP utility Security Update

Slackware: 2005-201-01: dnsmasq Security Update

Slackware: 2005-195-02: XV Security Update

Slackware: 2005-195-10: tcpdump DoS Security Update

Slackware: 2005-192-02: PHP packages d again for 8.1, 9.0, 9.1 Security Update

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By