5 Slackware Security Updates

Posted by Philipp Esselbach on: 09/01/2012 10:55 AM [ Print | 0 comment(s) ]

The following 5 updates has been released for Slackware Linux: glibc (SSA:2012-244-01), slocate (SSA:2012-244-05), seamonkey (SSA:2012-244-04), mozilla-firefox (SSA:2012-244-02), and mozilla-thunderbird (SSA:2012-244-03)

glibc (SSA:2012-244-01)

glibc (SSA:2012-244-01)

New glibc packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/glibc-2.13-i486-6_slack13.37.txz: Rebuilt.
Patched multiple integer overflows in the strtod, strtof, strtold, and
strtod_l functions in stdlib in the GNU C Library allow local users to
cause a denial of service (application crash) and possibly execute
arbitrary code via a long string, which triggers a stack-based buffer
overflow.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
(* Security fix *)
patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz: Rebuilt.
patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz: Rebuilt.
patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz: Rebuilt.
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.15-i486-6.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.15-x86_64-6.txz

MD5 signatures:
+-------------+

Slackware 13.1 packages:
edd13967ed3d8dec440a89ee5289fbca glibc-2.11.1-i486-7_slack13.1.txz
6f32d223d76deeb7b9f3a21922bd01b5 glibc-i18n-2.11.1-i486-7_slack13.1.txz
a0e1250d433bbb79a3ba08b9c7d71e51 glibc-profile-2.11.1-i486-7_slack13.1.txz
864ca9b87dfb11785128133cfea320db glibc-solibs-2.11.1-i486-7_slack13.1.txz
f7561370aae626dca40bbbdfd51dfda9 glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Slackware x86_64 13.1 packages:
fc12fd088f1e537258650875fec86438 glibc-2.11.1-x86_64-7_slack13.1.txz
7a7e5b5303ae013201d80ace00ef2bd7 glibc-i18n-2.11.1-x86_64-7_slack13.1.txz
fd15e380056b751d633a9d5f68cb2203 glibc-profile-2.11.1-x86_64-7_slack13.1.txz
b5b6dc3c09d53622098ea9d24dc7072e glibc-solibs-2.11.1-x86_64-7_slack13.1.txz
f0697995c80b6e636b77336d68095826 glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Slackware 13.37 packages:
981ea852e4a84e52581eb8552a0d560d glibc-2.13-i486-6_slack13.37.txz
db61d214708227d74794dce0bf20e413 glibc-i18n-2.13-i486-6_slack13.37.txz
58a459cbe063222332efd9f206d6debc glibc-profile-2.13-i486-6_slack13.37.txz
0608e56b8e2505dede8788929b3f3e6c glibc-solibs-2.13-i486-6_slack13.37.txz
c054e6efb42b94da65a808d435992307 glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Slackware x86_64 13.37 packages:
683c0976cf447451f70ad89e938b9777 glibc-2.13-x86_64-6_slack13.37.txz
a1fd86ad6c472f6de29f20ae75af0f5a glibc-i18n-2.13-x86_64-6_slack13.37.txz
7e1400cb7a85ac091ab481d3df724b85 glibc-profile-2.13-x86_64-6_slack13.37.txz
b14d793b43de47999ceec4013671d939 glibc-solibs-2.13-x86_64-6_slack13.37.txz
04f95620164ab72f4b3739881ce95adb glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Slackware -current packages:
a3cd88ff0d0dcacfa43c0003afddc7a8 a/glibc-solibs-2.15-i486-6.txz
b8fd7fab60bcd4b3e72c75b41f2a1463 a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
98bb23242f559cad59f4e3bd7b7ab63f l/glibc-2.15-i486-6.txz
d2768f1d5d17a66288d6f6d5525fade0 l/glibc-i18n-2.15-i486-6.txz
8f909602ea32f81950731bcef6a28533 l/glibc-profile-2.15-i486-6.txz

Slackware x86_64 -current packages:
538e100455adc41cf41db73cdbe51685 a/glibc-solibs-2.15-x86_64-6.txz
3dbcddbdc4972049e633c588f3fbf182 a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
e2801fdd45ea6d26a7f3b28111c1ea45 l/glibc-2.15-x86_64-6.txz
fc500389aecef3bbbd574f83fe564ddc l/glibc-i18n-2.15-x86_64-6.txz
eb2968f0e1fa932d79c4d32c546ae101 l/glibc-profile-2.15-x86_64-6.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

slocate (SSA:2012-244-05)

slocate (SSA:2012-244-05)

New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
Patched to use lstat64 and -D_LARGEFILE64_SOURCE. Thanks to Mancha+.
Patched to fix information leak of filenames in protected directories.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0227
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/slocate-3.1-i486-2_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/slocate-3.1-i486-2_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/slocate-3.1-i486-4_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/slocate-3.1-x86_64-4_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/slocate-3.1-i486-4_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/slocate-3.1-x86_64-4_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/slocate-3.1-i486-4_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/slocate-3.1-x86_64-4_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/slocate-3.1-i486-4.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/slocate-3.1-x86_64-4.txz

MD5 signatures:
+-------------+

Slackware 12.1 package:
294638d315522d39a548320f8ecb8dfe slocate-3.1-i486-2_slack12.1.tgz

Slackware 12.2 package:
314118b4aa53120c98049c3979a91bd9 slocate-3.1-i486-2_slack12.2.tgz

Slackware 13.0 package:
c355a02276b1dd619d4097aff1f6deaa slocate-3.1-i486-4_slack13.0.txz

Slackware x86_64 13.0 package:
d81b496d4d5eeb64b6d58e006a671019 slocate-3.1-x86_64-4_slack13.0.txz

Slackware 13.1 package:
de3ac5c264fcc7e0916d603ca6f11e41 slocate-3.1-i486-4_slack13.1.txz

Slackware x86_64 13.1 package:
df3c40f8666d2d1bf9c4aa9b383c87ff slocate-3.1-x86_64-4_slack13.1.txz

Slackware 13.37 package:
83670d384a248f24e3a8e2bfdfebb14f slocate-3.1-i486-4_slack13.37.txz

Slackware x86_64 13.37 package:
df0cf00f72804b549283e4c719eff4ec slocate-3.1-x86_64-4_slack13.37.txz

Slackware -current package:
5c32ada3968815e063e5abd8cef507b4 a/slocate-3.1-i486-4.txz

Slackware x86_64 -current package:
69e300421110474e99fcce4d6dcbe6a3 a/slocate-3.1-x86_64-4.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg slocate-3.1-i486-4_slack13.37.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

seamonkey (SSA:2012-244-04)

seamonkey (SSA:2012-244-04)

New seamonkey packages are available for Slackware 13.37 and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-2.12-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-solibs-2.12-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-2.12-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-solibs-2.12-x86_64-1_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.12-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.12-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.12-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.12-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 13.37 packages:
b83936e11355a40d0b9fb2f947c4c265 seamonkey-2.12-i486-1_slack13.37.txz
b9a3664a35887fbfea54e0ef749f7089 seamonkey-solibs-2.12-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
cfd5158e38576d17684fee167dc3b127 seamonkey-2.12-x86_64-1_slack13.37.txz
94a4016f94aae60d1bf5d6818c27d8e6 seamonkey-solibs-2.12-x86_64-1_slack13.37.txz

Slackware -current packages:
f98c7ef08e8661f73e6d2e6e4730f4ba l/seamonkey-solibs-2.12-i486-1.txz
d8efafaa1b5709ef2599dd8c4ac3077f xap/seamonkey-2.12-i486-1.txz

Slackware x86_64 -current packages:
567ac165bad8b2ff3eb1b427128395f4 l/seamonkey-solibs-2.12-x86_64-1.txz
4b1c3b0f906fb18cc8ec037cc08adc98 xap/seamonkey-2.12-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg seamonkey-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-firefox (SSA:2012-244-02)

mozilla-firefox (SSA:2012-244-02)

New mozilla-firefox packages are available for Slackware 13.37 and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-15.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-15.0-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-15.0-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-15.0-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 13.37 package:
ab94bcc46dbfc67c9d96fe41c31b3e1a mozilla-firefox-15.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
057c1e1485ebda02e7eb770708e4e0a3 mozilla-firefox-15.0-x86_64-1_slack13.37.txz

Slackware -current package:
925560c4b555221658a24432084cb6e5 xap/mozilla-firefox-15.0-i486-1.txz

Slackware x86_64 -current package:
b8f9130fc83e910d60fda5620615d35f xap/mozilla-firefox-15.0-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-15.0-i486-1_slack13.37.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-thunderbird (SSA:2012-244-03)

mozilla-thunderbird (SSA:2012-244-03)

New mozilla-thunderbird packages are available for Slackware 13.37 and -current
to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-15.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-15.0-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-15.0-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-15.0-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 13.37 package:
163c7eb0770417120423d70842590db1 mozilla-thunderbird-15.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5fb661a660e23527104b6906616c391d mozilla-thunderbird-15.0-x86_64-1_slack13.37.txz

Slackware -current package:
99f15e526a8259cc8b866c9778ac45f7 xap/mozilla-thunderbird-15.0-i486-1.txz

Slackware x86_64 -current package:
3f32c7e8e31a9643666ff52591e72cba xap/mozilla-thunderbird-15.0-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-15.0-i486-1_slack13.37.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key