[sflack-security] libwpd (SFSA:2007-085-02)

[sflack-security]  libwpd (SFSA:2007-085-02)

New libwpd packages are available for Sflack 11.0, and -current
to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/libwpd-0.8.9-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
7da467de9fe50fef8f6ce6260470e131 libwpd-0.8.9-x86_64-1_sflack11.0.tgz

Sflack -current package:
a017c907d972739c83b2b41a02c9e358 libwpd-0.8.9-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg libwpd-0.8.9-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

[sflack-security] mozilla-firefox2 (SFSA:2007-066-03)

 
[sflack-security]  mozilla-firefox2 (SFSA:2007-066-03)

In according to slackware-security a new mozilla-firefox2 packages are available
for Sflack 11.0 to fix security issues.


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/package/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz:

* Upgraded to firefox-2.0.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 packages:
519df2a012f41e7e0edfef96f8b8ca4c mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
 

[sflack-security] imagemagick (SFSA:2007-066-06)

[sflack-security]  imagemagick (SFSA:2007-066-06)

In according to slackware-security a new imagemagick package
is available for Sflack 11.0 to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz:

* Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


MD5 signature:
+------------+

Sflack 11.0 package:
e46851b55de409cbb9b9259d95d1318a
imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] seamonkey (SFSA:2007-066-05)

[sflack-security]  seamonkey (SFSA:2007-066-05)

In according to slackware-security a new seamonkey package is available
for Sflack 11.0 to fix security issues.

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz:

* Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


MD5 signature:
+------------+

Sflack 11.0 package:
8fb86b335cd649c9d7ff7b82231a2697 seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] gnupg (SFSA:2007-066-01)

[sflack-security]  gnupg (SFSA:2007-066-01)

In according to slackware-security a new gnupg package is available
for Sflack 11.0 to fix security ramifications of incorrect gpg usage.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
n/gnupg-1.4.7-x86_64-1_sflack11.0.tgz: Upgraded to gnupg-1.4.7.

* This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/gnupg-1.4.7-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
4fe767baecec5191d56e7a6f4b1f9497 gnupg-1.4.7-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.7-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] php (SFSA:2007-053-01)

[sflack-security]  php (SFSA:2007-053-01)

In according to slackware-security a new php packages are available
for Sflack 11.0 to improve the stability and security of PHP.

Quite a few bugs were fixed -- please see http://www.php.net for a
detailed list. All sites that use PHP are encouraged to upgrade.
Please note that we haven't tested all PHP applications for backwards
compatibility with this new upgrade, so you should have the old package
on hand just in case.

Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+

2007-03-01 patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz:
* Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 packages:
0ad5c808ce1a90e8d8d5d391f0d2bfd0 php-5.2.1-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-5.2.1-x86_64-1_sflack11.0.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

[sflack-security] samba (SFSA:2007-038-01)

[sflack-security]  samba (SFSA:2007-038-01)

In according to slackware-security a new samba packages,
are available for Sflack 11.0, to fix denial of service security issues.

More details about the issues fixed in Samba 3.0.24 may be found in the
Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-02-08 patches/packages/samba-3.0.24-x86_64-1_sflack11.0.tgz:

* Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can
cause smbd to enter into an infinite loop, disrupting Samba services.
Linux is not vulnerable to the second issue, and Slackware does not
ship the afsacl.so VFS plugin (but it's something to be aware of
if you build Samba with custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+--------------------------+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com