3 Security Updates for Slackware
Posted on: 07/30/2011 08:22 AM

The following 3 security updates has been released for Slackware Linux: [slackware-security] libpng (SSA:2011-210-01), [slackware-security] samba (SSA:2011-210-03), and [slackware-security] dhcpcd (SSA:2011-210-02)

[slackware-security] libpng (SSA:2011-210-01)
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current
to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/libpng-1.4.8-i486-1_slack13.37.txz: Upgraded.
Fixed uninitialized memory read in png_format_buffer()
(Bug report by Frank Busse, related to CVE-2004-0421).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.46-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.46-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.46-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.46-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.46-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.46-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.46-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.46-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.46-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.46-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.46-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.46-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.8-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.8-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.8-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.8-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.8-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.8-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 8.1 package:
ad0f8dc2b0b9269c342a0d61bd007c5e libpng-1.2.46-i386-1_slack8.1.tgz

Slackware 9.0 package:
365bea389c02fdc3b920b36b1f5f5a4d libpng-1.2.46-i386-1_slack9.0.tgz

Slackware 9.1 package:
b96cf4fb882decd82bba233b615df3ba libpng-1.2.46-i486-1_slack9.1.tgz

Slackware 10.0 package:
64b11f971f7379ed0af5dc766daf2dd4 libpng-1.2.46-i486-1_slack10.0.tgz

Slackware 10.1 package:
13927173b5ecc4a33a0290363e4e53cd libpng-1.2.46-i486-1_slack10.1.tgz

Slackware 10.2 package:
b32cb1ee9694579a42e47128323b0412 libpng-1.2.46-i486-1_slack10.2.tgz

Slackware 11.0 package:
bc0efc812d8b1a52bb5c480a5b2f9200 libpng-1.2.46-i486-1_slack11.0.tgz

Slackware 12.0 package:
c4fb87f7ecf7aebcd380765d25d0f751 libpng-1.2.46-i486-1_slack12.0.tgz

Slackware 12.1 package:
8f1d8ec6a325c95725b3740dbd41c311 libpng-1.2.46-i486-1_slack12.1.tgz

Slackware 12.2 package:
c846762291145276057dad5c58bb2f89 libpng-1.2.46-i486-1_slack12.2.tgz

Slackware 13.0 package:
e0bc86aa7eeed92f8f8734efa0b54483 libpng-1.2.46-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
3d2a8eb7474420519c947f666635ece8 libpng-1.2.46-x86_64-1_slack13.0.txz

Slackware 13.1 package:
406d411805cf2f99c567c97f53bce69b libpng-1.4.8-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
972fb84c00c4a0d7ab9134f6e65c657f libpng-1.4.8-x86_64-1_slack13.1.txz

Slackware 13.37 package:
a323c2d1ff04054ec8423710200c7682 libpng-1.4.8-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
a56d0776e600625505cc12e6853c50cc libpng-1.4.8-x86_64-1_slack13.37.txz

Slackware -current package:
ebf0f61c96738b840afa104e6ed3a71f libpng-1.4.8-i486-1.txz

Slackware x86_64 -current package:
c3ea775b59fde83c9e65a1d9648945c9 libpng-1.4.8-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg libpng-1.4.8-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


[slackware-security] samba (SSA:2011-210-03)
New samba packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded.
Fixed cross-site request forgery and cross-site scripting vulnerability
in SWAT (the Samba Web Administration Tool).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.5.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-3.5.10-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
9dd8c9e4a6881ea5b82cf8e3d59e0256 samba-3.5.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
a9364edef99d026831b38757de582109 samba-3.5.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9139d218c171399faf99c23f70ac755d samba-3.5.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5e5757633918950d795280efb7a88d08 samba-3.5.10-x86_64-1_slack13.37.txz

Slackware -current package:
0e347b1e1648bcc94582392e573da4a4 samba-3.5.10-i486-1.txz

Slackware x86_64 -current package:
0c6a7ddf8633a1f3087b10397bea9abe samba-3.5.10-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-3.5.10-i486-1_slack13.37.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


[slackware-security] dhcpcd (SSA:2011-210-02)
New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz: Upgraded.
Sanitize the host name provided by the DHCP server to insure that it does
not contain any shell metacharacters.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcpcd-3.2.3-i486-2_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcpcd-5.2.12-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcpcd-5.2.12-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcpcd-5.2.12-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
1029af8f686830f358e053ca2406b9a6 dhcpcd-3.2.3-i486-2_slack13.0.txz

Slackware x86_64 13.0 package:
5615c7feb96339495bf628ea248a6b76 dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Slackware 13.1 package:
23211c76d60f18f568a44f76c6cbc2dc dhcpcd-5.2.12-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2b186bb623ee30926e54e11c5017ec14 dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9b669fe2c0f4cd3267aad81a28e8302c dhcpcd-5.2.12-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
77564e0ba2daaa5066acd44cd33e8f40 dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Slackware -current package:
8700b8a222d2cbc3564cd9d25b551ac1 dhcpcd-5.2.12-i486-1.txz

Slackware x86_64 -current package:
1d96860005547b5edfc55a4d79fb44cd dhcpcd-5.2.12-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg dhcpcd-5.2.12-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key





Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/3_security_updates_for_slackware_2b8a.html)