Slackware Essential And Critical Security Patch Updates - Page 73
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue.
New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages (including alsa-driver), and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x)
New xine packages are available for Slackware 9.1 and -current to fix security issues.
New utempter packages are available for Slackware 9.1 and -current to fix a security issue. (Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue)
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS.
Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages. More details about this issue may be found in the Common
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL. We recommend sites that use OpenSSL upgrade to the fixed packages
Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution.
New kernels are available for Slackware 9.1 and -current to fix a bounds-checking problem in the kernel's mremap() call which could be used by a local attacker to gain root privileges. Please note that this is not the same issue as CAN-2003-0985
New XFree86 base packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix overflows which could possibly be exploited to gain unauthorized root access. All sites running XFree86 should upgrade to the new package.
Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise.
GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these
INN (InterNetNews) is used to run a news (NNTP) server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade.
New kdepim packages are available for Slackware 9.0 and 9.1 to fix a security issue with .VCF file handling. For Slackware -current, a complete upgrade to kde-3.1.5 is available.
New kernels are available for Slackware 8.1 containing a backported fix from a bounds-checking problem in the kernel's mremap() call which could be used by a local attacker to gain root privileges. This fix was previously issued for Slackware
New kernels are available for Slackware 9.0, 9.1 and -current. The 9.1 and -current kernels have been upgraded to 2.4.24, and a fix has been backported to the 2.4.21 kernels in Slackware 9.0 to fix a bounds-checking problem in the kernel's mremap() call
lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1,
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the use of CVS as a server.
Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode,
The recently issued kernel advisory (SSA:2003-336-01) reads: "More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database: This should say "kernel", not "Apache". Sorry for any confusion.