Slackware Linux 12.1 RC1 has been released
New cups packages are available for Slackware 12.0, and -current to fix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here, but if you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet).
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
New seamonkey packages are available for Slackware 11.0, 12.0, and -current to fix security issues.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues.
New httpd packages are available for Slackware 12.0, and -current to fix security issues.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
New php-4.4.8 packages are available for Slackware 10.2 and 11.0 to fix security issues.
More details about the issues may be found here:
http://bugs.php.net/43010
More details about the issues may be found here:
http://bugs.php.net/43010
New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues.
A new matching mod_ssl package is also provided.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
A new matching mod_ssl package is also provided.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. New seamonkey updates are available for Slackware 11.0, 12.0, and -current to address similar issues.
GNOME SlackBuild RC1, a GNOME 2.20.3 Desktop for Slackware 12, has been released
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. A boundary failure in GETDC mailslot processing can result in a buffer overrun leading to possible code execution.
More details about the issue will become available in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
More details about the issue will become available in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
New rsync packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
More details about the issues may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://lists.samba.org/archive/rsync-announce/2007/000050.html
More details about the issues may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://lists.samba.org/archive/rsync-announce/2007/000050.html
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues.
New libpng packages are available for Slackware 10.1 and 10.2 that were left out of the last batch of updates. These fix the same security problems as the other 1.2.23 upgrades.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current.
These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF.
These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF.
These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
CUPS was found to contain errors in ipp.c which could allow a re
mote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware.
The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
mote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware.
The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
Howtoforge posted a tutorial about setting up Slackware 12 as Linux desktop
New glibc-zoneinfo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to update the timezone tables to the latest versions. If you've noticed your clock has wandered off, these packages should fix the problem.
This isn't really a "security issue" (or is a minor one), but it's an important fix nevertheless.
This isn't really a "security issue" (or is a minor one), but it's an important fix nevertheless.
