Advisory: Slackware Essential And Critical Security Patch Updates

Slackware: 2004-207-02: new mod_ssl packages Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix a security issue. A format string vulnerability in mod_proxy hook functions could allow an attacker to run code as the mod_ssl user. Sites using mod_ssl should upgrade (be sure to back up your existing

LinuxSecurity.com Team
Jul 26, 2004

Slackware: 2004-202-01: PHP Security Update

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. More details about this issue may be found in the Common

LinuxSecurity.com Team
Jul 21, 2004

Slackware: 2004-167-01: kernel DoS Security Update

New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue. Without a patch to asm-i386/i387.h, a local user can crash the machine. More details about this issue may be found in the Common

LinuxSecurity.com Team
Jun 15, 2004

Slackware: 2004-161-01: cvs Security Update

New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away.

LinuxSecurity.com Team
Jun 09, 2004

Slackware: 2004-154-02: PHP local security issue Security Update

New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path (under /tmp) could allow a local attacker to place shared libraries at

LinuxSecurity.com Team
Jun 02, 2004

Slackware: 2004-154-01: mod_ssl Security Update

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is

LinuxSecurity.com Team
Jun 02, 2004

Slackware: 2004-140-01: cvs Security Update

New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away.

LinuxSecurity.com Team
May 20, 2004

Slackware: 2004-238-01: kdelibs Security Update

New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

LinuxSecurity.com Team
May 18, 2004

Slackware: 2004-136-01: mc Security Update

New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc. Sites that use mc should upgrade to the new mc package.

LinuxSecurity.com Team
May 17, 2004

Slackware: 2004-133-01: apache Security Update

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that

LinuxSecurity.com Team
May 12, 2004

Slackware: 2004-125-01: lha in bin package Security Update

New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away.

LinuxSecurity.com Team
May 04, 2004

Slackware: 2004-124-04: libpng Security Update

New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it. More details about this issue may be found in the Common

LinuxSecurity.com Team
May 03, 2004

Slackware: 2004-124-03: xine-lib Security Update

New xine-lib packages are available for Slackware 9.1 and -current to fix a security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream. More details about this issue may be found in this advisory:

LinuxSecurity.com Team
May 03, 2004

Slackware: 2004-124-01: rsync Security Update

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should

LinuxSecurity.com Team
May 03, 2004

Slackware: 2004-124-02: sysklogd Security Update

New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue.

LinuxSecurity.com Team
May 03, 2004

Slackware: 2004-119-01: kernel s Security Update

New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages (including alsa-driver), and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x)

LinuxSecurity.com Team
Apr 28, 2004

Slackware: 2004-111-01: xine Security Update

New xine packages are available for Slackware 9.1 and -current to fix security issues.

LinuxSecurity.com Team
Apr 21, 2004

Slackware: 2004-110-01: utempter Security Update

New utempter packages are available for Slackware 9.1 and -current to fix a security issue. (Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue)

LinuxSecurity.com Team
Apr 19, 2004

Slackware: 2004-108-02: cvs Security Update

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS.

LinuxSecurity.com Team
Apr 18, 2004

Slackware: 2004-108-01: tcpdump denial of service Security Update

Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages. More details about this issue may be found in the Common

LinuxSecurity.com Team
Apr 17, 2004

Slackware Essential And Critical Security Patch Updates - Page 73

Slackware: 2004-207-02: new mod_ssl packages Security Update

Slackware: 2004-202-01: PHP Security Update

Slackware: 2004-167-01: kernel DoS Security Update

Slackware: 2004-161-01: cvs Security Update

Slackware: 2004-154-02: PHP local security issue Security Update

Slackware: 2004-154-01: mod_ssl Security Update

Slackware: 2004-140-01: cvs Security Update

Slackware: 2004-238-01: kdelibs Security Update

Slackware: 2004-136-01: mc Security Update

Slackware: 2004-133-01: apache Security Update

Slackware: 2004-125-01: lha in bin package Security Update

Slackware: 2004-124-04: libpng Security Update

Slackware: 2004-124-03: xine-lib Security Update

Slackware: 2004-124-01: rsync Security Update

Slackware: 2004-124-02: sysklogd Security Update

Slackware: 2004-119-01: kernel s Security Update

Slackware: 2004-111-01: xine Security Update

Slackware: 2004-110-01: utempter Security Update

Slackware: 2004-108-02: cvs Security Update

Slackware: 2004-108-01: tcpdump denial of service Security Update

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By