New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.
Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n. +--------------------------+
Where to find the new packages: +-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues.
Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-3.6.12-i686-1.txz: Upgraded. This fixes some security issues. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox36.html (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.