[sflack-security] pidgin (SFSA:2007-275-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] pidgin (SFSA:2007-275-01)

A new pidgin package is available for Sflack 12.0 to fix a minor
fix security issue.

More details about this issue may be found here:

http://www.pidgin.im/news/security/?id=23


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.2.1-x86_64-1_sflack12.0.tgz:
Upgraded to pidgin-2.2.1.
This fixes a crash that can be triggered remotely on MSN in 2.2.0.
For more information, see:
http://www.pidgin.im/news/security/?id=23
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/pidgin-2.2.1-x86_64-1_sflack12.0.tgz


MD5 signature:
+------------+

Sflack 12.0 package:
b65153151555c2969bdda40de08cadcb pidgin-2.2.1-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg pidgin-2.2.1-x86_64-1_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHA19Kw79R6/xskD8RAm8IAKCSNzLoDc6fXIUvayzDFqB436uUPQCgx/EM
FoE28pyl58pW9PQntQabbT4=
=wM28
-----END PGP SIGNATURE-----

[sflack-security] kdebase, kdelibs (SFSA:2007-264-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] kdebase, kdelibs (SFSA:2007-264-01)

New kdebase packages are available for Sflack 12.0 to fix security issues.

A long URL padded with spaces could be used to display a false URL in
Konqueror's addressbar, and KDM when used with no-password login could
be tricked into logging a different user in without a password. This
is not the way KDM is configured in Sflack by default, somewhat
mitigating the impact of this issue.

More details about the issues may be found here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
http://www.kde.org/info/security/advisory-20070919-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/kdebase-3.5.7-x86_64-3_sflack12.0.tgz:
Patched Konqueror to prevent "spoofing" the URL
(i.e. displaying a URL other than the one associated with the page displayed)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
Patched KDM issue: "KDM can be tricked into performing a password-less
login even for accounts with a password set under certain circumstances,
namely autologin to be configured and "shutdown with password" enabled."
For more information, see:
http://www.kde.org/info/security/advisory-20070919-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
(* Security fix *)
patches/packages/kdelibs-3.5.7-x86_64-3_sflack12.0.tgz:
Patched Konqueror's supporting libraries to prevent addressbar spoofing.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated packages for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/kdebase-3.5.7-x86_64-3_sflack12.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/kdelibs-3.5.7-x86_64-3_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 12.0 packages:
1388bba85ba1b610c1f9f7df0bc3b05b kdebase-3.5.7-x86_64-3_sflack12.0.tgz
7ed805406ee61011b92b1cf07c15cbfb kdelibs-3.5.7-x86_64-3_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg kdelibs-3.5.7-x86_64-3_sflack12.0.tgz kdebase-3.5.7-x86_64-3_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG9PiPw79R6/xskD8RAspFAKDyj4GIfhO7X0pVpKjJ1UH5y7dkPwCeN0C7
xJoflHV7rl3i/YRBgGBoaoQ=
=r/xc
-----END PGP SIGNATURE-----

[sflack-security] php (SFSA:2007-255-03)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] php (SFSA:2007-255-03)

New PHP5 packages are available for Sflack 11.0, and 12.0 to
fix "several low priority security bugs."


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/php-5.2.4-x86_64-1_sflack12.0.tgz:
Upgraded to php-5.2.4. The PHP announcement says this version fixes over
120 bugs as well as "several low priority security bugs."
Read more about it here:
http://www.php.net/releases/5_2_4.php
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.4-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/php-5.2.4-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
23966c2219704edc078277e33cd51a45 php-5.2.4-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
2d540dd6a247d08c0d78f8bbe2c9ed2c php-5.2.4-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

First, stop Apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-5.2.4-x86_64-1_sflack12.0.tgz

Finally, restart Apache:
# apachectl start

Or, for Apache 1.3.x versions using SSL:
# apachectl startssl

+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6RpPw79R6/xskD8RAstWAKCCSoWS48sdJo0MicVgchjC6lAfmQCg7xYA
AziTBOuUCySNzl4njkAC3E4=
=7orv
-----END PGP SIGNATURE-----

[sflack-security] samba (SFSA:2007-255-02)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] samba (SFSA:2007-255-02)

New samba packages are available for Sflack 11.0, and 12.0
to fix a security issue and various other bugs.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.26a-x86_64-1_sflack12.0.tgz:
Upgraded to samba-3.0.26a.
This fixes a security issue in all Samba 3.0.25 versions:
"Incorrect primary group assignment for domain users using the rfc2307
or sfu winbind nss info plugin."
For more information, see:
http://www.samba.org/samba/security/CVE-2007-4138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/samba-3.0.26a-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/samba-3.0.26a-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
b9d9985e3662e9121b31ccdf6f1a1158 samba-3.0.26a-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
b458c7273926237768cf0771b5cc8772 samba-3.0.26a-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-3.0.26a-x86_64-1_sflack12.0.tgz

Restart Samba:
# /etc/rc.d/rc.samba restart


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6RjEw79R6/xskD8RAtizAJ9ClLUuZhdppU2xeCMMbYt5hC0SrwCcDyGx
FA4vjwq/5pxz6vAYOQQPHc8=
=gl/l
-----END PGP SIGNATURE-----

[sflack-security] openssh (SFSA:2007-255-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] openssh (SFSA:2007-255-01)

New openssh packages are available for Sflack 11.0, and 12.0
to fix a possible security issue. This version should
also provide increased performance with certain ciphers.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/openssh-4.7p1-x86_64-1_sflack12.0.tgz:
Upgraded to openssh-4.7p1.
From the OpenSSH release notes:
"Security bugs resolved in this release: Prevent ssh(1) from using a
trusted X11 cookie if creation of an untrusted cookie fails; found and
fixed by Jan Pechanec."
While it's fair to say that we here at Sflack don't see how this could
be leveraged to compromise a system, a) the OpenSSH people (who presumably
understand the code better) characterize this as a security bug, b) it has
been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
network daemons. Better safe than sorry.
More information should appear here eventually:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/openssh-4.7p1-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/openssh-4.7p1-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
57fb79bc81995a46fc9eb98f87f42b63 openssh-4.7p1-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
e138c89cef693b9e93fdb08a719ce39c openssh-4.7p1-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg openssh-4.7p1-x86_64-1_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6RdCw79R6/xskD8RAngfAKDDN9GIodJRHdMZKbCYaV0xKrf5iACbB8VC
vGacfV7Qbc5am/yH46/Stg8=
=SsVi
-----END PGP SIGNATURE-----

[sflack-security] java (jre, jdk) (SFSA:2007-243-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] java (jre, jdk) (SFSA:2007-243-01)

Sun has released security advisories pertaining to both the Java
Runtime Environment and the Standard Edition Development Kit.

One such advisory may be found here:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

Updated versions of both the jre and jdk packages are provided
which address all known flaws in Java(TM) at this time. There
may be more advisories on http://sunsolve.sun.com describing other
flaws that are patched with this update. Happy hunting!

Sflack builds and repackages Sun's Java(TM) sources with little changing,
so the packages from Sflack 12.0 should work on all glibc based
Sflack versions.


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
Sat Sep 1 11:00:55 CEST 2007
patches/packages/jre-6u2-x86_64-1.tgz:
Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment
Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) sources build and
repackaged in Sflack's package format, and may be used on any version
of Sflack that is based on glibc.
For more information, see:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
(* Security fix *)
An additional change was made to the script that Sflack uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
extra/jdk-6/jdk-6u2-x86_64-1.tgz: Upgraded to Java(TM) 2 Platform
Standard Edition Development Kit Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) sources build and
repackaged in Sflack's package format, and may be used on any version
of Sflack that is based on glibc.
For more information, see:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
(* Security fix *)
An additional change was made to the script that Sflack uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated packages for Sflack 11.0, and 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/jre-6u2-x86_64-1.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/extra/jdk-6/jdk-6u2-x86_64-1.tgz


MD5 signatures:
+-------------+

a57949225809437ad45ad3f4c4e4f182 jre-6u2-x86_64-1.tgz
7b388b6c1a03bc5fa2988190f92aa94a jdk-6u2-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg jre-6u2-x86_64-1.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG2TiMw79R6/xskD8RAnOSAJ9oq1i0MRDyXIws2LuQ8S7NICS/jACgktuC
T0J+FaLPH4vmcsRResrITyI=
=vPyY
-----END PGP SIGNATURE-----

[sflack-security] tcpdump (SFSA:2007-230-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] tcpdump (SFSA:2007-230-01)

New tcpdump packages are available for Sflack 11.0, and 12.0
to fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798

Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/tcpdump-3.9.7-x86_64-1_sflack12.0.tgz:
Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
This new version fixes an integer overflow in the BGP dissector which
could possibly allow remote attackers to crash tcpdump or to execute
arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/tcpdump-3.9.7-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/tcpdump-3.9.7-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
f16910a98c4949764e251896dd0a9220 tcpdump-3.9.7-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
726d82c64d559823129937f06e69889a tcpdump-3.9.7-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg tcpdump-3.9.7-x86_64-1_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG0sSUw79R6/xskD8RAsFZAJsGd/TYKbHn322E16ZnDPYrx1A3MACgiMJ9
wrEp6xCBErOKm5I8b1+UhK8=
=IMXJ
-----END PGP SIGNATURE-----

[sflack-security] xpdf (SFSA:2007-222-05)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] xpdf (SFSA:2007-222-05)

New xpdf packages are available for Sflack 11.0,
and 12.0 to fix an integer overflow.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/xpdf-3.02pl1-x86_64-1_sflack12.0.tgz:
Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly
be leveraged to run arbitrary code if a malicious PDF file is processed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/xpdf-3.02pl1-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
1e4e12f4b0bdb0d117b68b3367eefa51 xpdf-3.02pl1-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
b62b98e91103c4f9657399d3a010207d xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xpdf-3.02pl1-x86_64-1_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGvZTdw79R6/xskD8RAiy+AJ9vI7EcaHVl1UAgvVaiAI9VHJOqmgCfatOT
0TS61Folb8tNUp6nwDbj98M=
=yr9E
-----END PGP SIGNATURE-----

[sflack-security] seamonkey (SFSA:2007-222-04)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] seamonkey (SFSA:2007-222-04)

New seamonkey packages are available for Sflack 11.0 and 12.0 to
fix various security issues.

For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/seamonkey-1.1.4-x86_64-1_sflack12.tgz:
Upgraded to seamonkey-1.1.4.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/seamonkey-1.1.4-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/seamonkey-1.1.4-x86_64-1_sflack12.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
92fe5baf4ad554f0d58b9bbeadd063ba seamonkey-1.1.4-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
174ea4a2b3aa368e02d4f38988831db4 seamonkey-1.1.4-x86_64-1_sflack12.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg seamonkey-1.1.4-x86_64-1_sflack12.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGvZEDw79R6/xskD8RAvesAKDYBjqdxJvr4TNmmrESbnxlrux21QCgk0Jx
+LDGUeSpEWDvYKgPXFeIatk=
=RWPP
-----END PGP SIGNATURE-----

[sflack-security] poppler (SFSA:2007-222-02)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] poppler (SFSA:2007-222-02)

A new poppler package is available for Sflack 12.0 to fix an
integer overflow.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387

Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/poppler-0.5.4-x86_64-2_sflack12.0.tgz:
Patched to fix an integer overflow in code borrowed from xpdf.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/poppler-0.5.4-x86_64-2_sflack12.0.tgz


MD5 signature:
+------------+

Sflack 12.0 package:
e75f38793ee35bdbcad12eac5ff3c452 poppler-0.5.4-x86_64-2_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg poppler-0.5.4-x86_64-2_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGvYY6w79R6/xskD8RAoxaAJ0Xi+nGam5BxaHr3cbheDnz+MDAQgCg0CB3
o0Gt56oPhIxW+/U0EZ7VWhw=
=RMza
-----END PGP SIGNATURE-----