libpng for Slackware 10.1 and 10.2 (SSA:2007-325-01a)

Slackware 1215 Published by Philipp Esselbach 0

New libpng packages are available for Slackware 10.1 and 10.2 that were left out of the last batch of updates. These fix the same security problems as the other 1.2.23 upgrades.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269

xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)

Slackware 1215 Published by Philipp Esselbach 0

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current.

These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF.

These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt

cups (SSA:2007-305-01)

Slackware 1215 Published by Philipp Esselbach 0

CUPS was found to contain errors in ipp.c which could allow a re
mote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware.

The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351

glibc-zoneinfo (SSA:2007-283-01)

Slackware 1215 Published by Philipp Esselbach 0

New glibc-zoneinfo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to update the timezone tables to the latest versions. If you've noticed your clock has wandered off, these packages should fix the problem.

This isn't really a "security issue" (or is a minor one), but it's an important fix nevertheless.

php (SSA:2007-255-03)

Slackware 1215 Published by Philipp Esselbach 0

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs."

Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 (being in the /testing directory), and was not the default version of PHP for Slackware 11.0 (being in the /extra directory), but updates are being provided anyway.

firefox (SSA:2007-213-01)

Slackware 1215 Published by Philipp Esselbach 0

New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues.

Note that Firefox 1.5.x has reached its EOL (end of life) and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox binaries, these packages should work equally well on earlier Slackware systems.

More details about the security issues may be found at this link:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox

bind (SSA:2007-207-01)

Slackware 1215 Published by Philipp Esselbach 0

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues.

The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

The second issue is the discovery that BIND9's query IDs are cryptographically weak. This issue affects the versions of BIND9 in all supported Slackware versions. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

seamonkey (SSA:2007-205-02)

Slackware 1215 Published by Philipp Esselbach 0

New SeaMonkey packages are available for Slackware 11.0 and 12.0 to fix possible security issues. While this update has been reported to MozillaZine to "fix several security issues", details are not yet available. Presumably the issues are similar to the ones that were recently addressed in Firefox and Thunderbird.

More details about the issues may (eventually) be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...