[sflack-security] file [and bin package] (SFSA:2007-093-01)
New file packages are available for Sflack 11.0, and -current
to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/file-4.20-x86_64-1_sflack11.0.tgz:
Upgraded to file-4.20.
This fixes a heap overflow that could allow code to be executed as the
user running file (note that there are many scenarios where file might be
used automatically, such as in virus scanners or spam filters).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.
Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/file-4.20-x86_64-1_sflack11.0.tgz
Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/a/file-4.20-x86_64-1.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
0e97c0e080068bb00a2fed2f638cd408 file-4.20-x86_64-1_sflack11.0.tgz
Sflack -current package:
7757d2406f21fbde431d0502e009272a file-4.20-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg --install-new file-4.20-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
Correlati