Slackware Essential And Critical Security Patch Updates - Page 76
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Fixes the zlib vulnerability and supplementary groups are removed from a server process after changing uid and gid.
New zlib packages are available to fix a security problem which may impactprograms that link with zlib.
Joost Pol discoverd an off-by-one bug in OpenSSH's channel code that can allow a local attacker to obtain root privileges.
This fixes several security problems in the POST handling code used for uploading files through forms. All sites using PHP are urged to upgrade as soon as possible.
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
New packages are now available to address security issues with the atscheduler program (found in Slackware 8.0's bin.tgz package), sudo, andxchat.
Pine 4.44 packages are now available to fix a problem with insecure URLhandling.
A buffer overflow has been found in the glob(3) function in glibc.Fixed packages for Slackware 8.0 are now available.
An exploitable overflow has been found in the address handling code of themutt mail client version 1.2.5i supplied with Slackware 8.0.
This problem can be exploited by local users to gain rootaccess. It is not exploitable by remote attackers without shell access.
The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise.
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow.
Multiple vulnerabilities exist in the versions of BIND found in Slackware7.1 and -current.
glibc-2.2 contains a local vulnerability that affects all setuid rootbinaries.
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message.
Several security problems have been found in the Apache web server software. It is recommended that all users of Apache upgrade to the latest stable release to fix these problems.
A vulnerability involving an input validation error in the "site exec" command has recently been identified in the wu-ftpd program (CERT Advisory CA-2000-13).