[sflack-security] libwpd (SFSA:2007-085-02)
New libwpd packages are available for Sflack 11.0, and -current
to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.
Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz
Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/libwpd-0.8.9-x86_64-1.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
7da467de9fe50fef8f6ce6260470e131 libwpd-0.8.9-x86_64-1_sflack11.0.tgz
Sflack -current package:
a017c907d972739c83b2b41a02c9e358 libwpd-0.8.9-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libwpd-0.8.9-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
Categoria: Security Advisories
This is an archive of all the security annoucements that have been posted to the Slackware Linux slackware-security mailing list. Select the year archive you want, then a list of messages from that year will be displayed.
The Sflack GPG key may be found here.
[sflack-security] mozilla-firefox2 (SFSA:2007-066-03)
[sflack-security] mozilla-firefox2 (SFSA:2007-066-03)
In according to slackware-security a new mozilla-firefox2 packages are available
for Sflack 11.0 to fix security issues.
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/package/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz:
* Upgraded to firefox-2.0.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 packages:
519df2a012f41e7e0edfef96f8b8ca4c mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-firefox2-2.0.0.2-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
[sflack-security] imagemagick (SFSA:2007-066-06)
[sflack-security] imagemagick (SFSA:2007-066-06)
In according to slackware-security a new imagemagick package
is available for Sflack 11.0 to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz:
* Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz
MD5 signature:
+------------+
Sflack 11.0 package:
e46851b55de409cbb9b9259d95d1318a
imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg imagemagick-6.3.3_0-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com
[sflack-security] seamonkey (SFSA:2007-066-05)
[sflack-security] seamonkey (SFSA:2007-066-05)
In according to slackware-security a new seamonkey package is available
for Sflack 11.0 to fix security issues.
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
xap/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz:
* Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Where to find the new package:
+----------------------------+
Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/seamonkey-1.0.8-x86_64-1_sflack11.0.tgz
MD5 signature:
+------------+
Sflack 11.0 package:
8fb86b335cd649c9d7ff7b82231a2697 seamonkey-1.0.8-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg seamonkey-1.0.8-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com
[sflack-security] gnupg (SFSA:2007-066-01)
[sflack-security] gnupg (SFSA:2007-066-01)
In according to slackware-security a new gnupg package is available
for Sflack 11.0 to fix security ramifications of incorrect gpg usage.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
n/gnupg-1.4.7-x86_64-1_sflack11.0.tgz: Upgraded to gnupg-1.4.7.
* This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Sflack 11.0:
ftp://ftp.slackarea.net/pub/sflack/sflack-11.0/patches/packages/gnupg-1.4.7-x86_64-1_sflack11.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
4fe767baecec5191d56e7a6f4b1f9497 gnupg-1.4.7-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg gnupg-1.4.7-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security@sflack.com
[sflack-security] php (SFSA:2007-053-01)
[sflack-security] php (SFSA:2007-053-01)
In according to slackware-security a new php packages are available
for Sflack 11.0 to improve the stability and security of PHP.
Quite a few bugs were fixed -- please see http://www.php.net for a
detailed list. All sites that use PHP are encouraged to upgrade.
Please note that we haven't tested all PHP applications for backwards
compatibility with this new upgrade, so you should have the old package
on hand just in case.
Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-03-01 patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz:
* Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated packages for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 packages:
0ad5c808ce1a90e8d8d5d391f0d2bfd0 php-5.2.1-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.1-x86_64-1_sflack11.0.tgz
Finally, restart apache:
# apachectl start (or: apachectl startssl)
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
[sflack-security] samba (SFSA:2007-038-01)
[sflack-security] samba (SFSA:2007-038-01)
In according to slackware-security a new samba packages,
are available for Sflack 11.0, to fix denial of service security issues.
More details about the issues fixed in Samba 3.0.24 may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-02-08 patches/packages/samba-3.0.24-x86_64-1_sflack11.0.tgz:
* Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can
cause smbd to enter into an infinite loop, disrupting Samba services.
Linux is not vulnerable to the second issue, and Slackware does not
ship the afsacl.so VFS plugin (but it's something to be aware of
if you build Samba with custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+--------------------------+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
[sflack-security] bind (SFSA:2007-026-01)
[sflack-security] bind (SFSA:2007-026-01)
In according to slackware-security a new bind packages,
are available for Sflack 11.0, to fix denial of service security issues.
Continua a leggere [sflack-security] bind (SFSA:2007-026-01)