[sflack-security] file [and bin package] (SFSA:2007-093-01)

[sflack-security]  file [and bin package] (SFSA:2007-093-01)

New file packages are available for Sflack 11.0, and -current
to fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/file-4.20-x86_64-1_sflack11.0.tgz:
Upgraded to file-4.20.
This fixes a heap overflow that could allow code to be executed as the
user running file (note that there are many scenarios where file might be
used automatically, such as in virus scanners or spam filters).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/file-4.20-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/a/file-4.20-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
0e97c0e080068bb00a2fed2f638cd408 file-4.20-x86_64-1_sflack11.0.tgz

Sflack -current package:
7757d2406f21fbde431d0502e009272a file-4.20-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg --install-new file-4.20-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

[sflack-security] libwpd (SFSA:2007-085-02)

[sflack-security]  libwpd (SFSA:2007-085-02)

New libwpd packages are available for Sflack 11.0, and -current
to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/libwpd-0.8.9-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
7da467de9fe50fef8f6ce6260470e131 libwpd-0.8.9-x86_64-1_sflack11.0.tgz

Sflack -current package:
a017c907d972739c83b2b41a02c9e358 libwpd-0.8.9-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg libwpd-0.8.9-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

[sflack-security] mozilla-firefox2 (SFSA:2007-066-03)

 
[sflack-security]  mozilla-firefox2 (SFSA:2007-066-03)

In according to slackware-security a new mozilla-firefox2 packages are available
for Sflack 11.0 to fix security issues.


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/package/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz:

* Upgraded to firefox-2.0.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 packages:
519df2a012f41e7e0edfef96f8b8ca4c mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
 

[sflack-security] imagemagick (SFSA:2007-066-06)

[sflack-security]  imagemagick (SFSA:2007-066-06)

In according to slackware-security a new imagemagick package
is available for Sflack 11.0 to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz:

* Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


MD5 signature:
+------------+

Sflack 11.0 package:
e46851b55de409cbb9b9259d95d1318a
imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] seamonkey (SFSA:2007-066-05)

[sflack-security]  seamonkey (SFSA:2007-066-05)

In according to slackware-security a new seamonkey package is available
for Sflack 11.0 to fix security issues.

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz:

* Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


MD5 signature:
+------------+

Sflack 11.0 package:
8fb86b335cd649c9d7ff7b82231a2697 seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg seamonkey-1.0.8-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] gnupg (SFSA:2007-066-01)

[sflack-security]  gnupg (SFSA:2007-066-01)

In according to slackware-security a new gnupg package is available
for Sflack 11.0 to fix security ramifications of incorrect gpg usage.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263

Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
n/gnupg-1.4.7-x86_64-1_sflack11.0.tgz: Upgraded to gnupg-1.4.7.

* This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/gnupg-1.4.7-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
4fe767baecec5191d56e7a6f4b1f9497 gnupg-1.4.7-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.7-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com

[sflack-security] php (SFSA:2007-053-01)

[sflack-security]  php (SFSA:2007-053-01)

In according to slackware-security a new php packages are available
for Sflack 11.0 to improve the stability and security of PHP.

Quite a few bugs were fixed -- please see http://www.php.net for a
detailed list. All sites that use PHP are encouraged to upgrade.
Please note that we haven't tested all PHP applications for backwards
compatibility with this new upgrade, so you should have the old package
on hand just in case.

Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+

2007-03-01 patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz:
* Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 packages:
0ad5c808ce1a90e8d8d5d391f0d2bfd0 php-5.2.1-x86_64-1_sflack11.0.tgz


Installation instructions:
+------------------------+

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-5.2.1-x86_64-1_sflack11.0.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

[sflack-security] samba (SFSA:2007-038-01)

[sflack-security]  samba (SFSA:2007-038-01)

In according to slackware-security a new samba packages,
are available for Sflack 11.0, to fix denial of service security issues.

More details about the issues fixed in Samba 3.0.24 may be found in the
Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-02-08 patches/packages/samba-3.0.24-x86_64-1_sflack11.0.tgz:

* Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can
cause smbd to enter into an infinite loop, disrupting Samba services.
Linux is not vulnerable to the second issue, and Slackware does not
ship the afsacl.so VFS plugin (but it's something to be aware of
if you build Samba with custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+--------------------------+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com

Sflack 11.0 is released!

The first release of Sflack, version 11.0, is available now.

Sflack’s version follow the same numeration of big sister Slackware.

Some of the features:

Series ap: lmv2

Series d: gcc-4.1.1
Series l: glibc-2.4
Series k: kernel 2.6.18.2
Series n: apache-2.2.3
                   php-5.1.6
Series x:  x11-X11R7.1
Series xap: firefox-2.0
                      thunderbird-2a1

How to get the Sflack(R) release:

The Sflack release may be obtained be anonymous FTP from ftp.slackarea.net in directory /pub/sflack.

Other sites are, of course, welcome to help out with the load by mirroring the distribution.

If you find any problems with the distribution, or if you have any suggestions for improvements, please let me know.
If you know of more up-to-date versions of software in the distribution, I’d like to hear about that, too.

Read the Official Announce of Sflack 11.0 .