A sysklogd update is available for Slackware Linux:
New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue.
An updated Kernel has been released for Slackware Linux:
New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages (including alsa-driver), and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x) kernel modules.
The most serious of the fixed issues is an overflow in ip_setsockopt(), which could allow a local attacker to gain root access, or to crash or reboot the machine. This bug affects 2.4 kernels from 2.4.22 - 2.4.25. Any sites running one of those kernel versions should upgrade right away. after installing the new kernel, be sure to run 'lilo'.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
An xine security update for Slackware Linux 9.1 has been released:
New xine packages are available for Slackware 9.1 and -current to fix security issues.
An utempter security update has been released for Slackware Linux 9.1
New utempter packages are available for Slackware 9.1 and -current to fix a security issue. (Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue)
The utempter package provides a utility and shared library that allows terminal applications such as xterm and screen to update /var/run/utmp and /var/log/wtmp without requiring root privileges. Steve Grubb has identified an issue with utempter-0.5.2 where under certain circumstances an attacker could cause it to overwrite files through a symlink. This has been addressed by upgrading the utempter package to use Dmitry V. Levin's new implementation of libutempter that does not have this bug.
A cvs security update has been released for Slackware Linux
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS.
A security problem which could allow a server to create arbitrary files on a client machine, and another security problem which may allow a client to view files outside of the CVS repository have been fixed with the release of cvs-1.11.15.
Any sites running CVS should upgrade to the new CVS package.
An updated tcpdump package has been released for Slackware Linux
[slackware-security] tcpdump denial of service (SSA:2004-108-01)
Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184The tcpdump advisory from Rapid7 may be found here:
http://www.rapid7.com/advisories/R7-0017.html
Ximian Evolution 1.5.6.2 (dev) is now available for Slackware Linux 9.1
Dropline GNOME 2.6.0 for Slackware has been released
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL.
We recommend sites that use OpenSSL upgrade to the fixed packages right away.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
Unofficial KDE 3.2.1 packages are available for Slackware Linux 9.1
DistroWatch reports that a new version of the Slackware-based SLAX live CD has been released.
KDE 3.2 has been released for Slackware Linux 9.0 and 9.1
Download
Dropline GNOME 2.4.2 for Slackware has been released
stpkg-0.5a for Slackware Linux has been released
From the author:
You can download stp on sourceforge:
http://prdownloads.sourceforge.net/ftpkg/stpkg-0.5a-noarch-1.tgz?download
note: "stp" means please 
it doesnt cost anything to be polite with your system.
one command to search, compare, download, build or install and update packages from slackware , linuxpackages.net, gnu.org and sourceforge.net mirrors, .deb .rpm and tar archives from anywhere, tracking dependencies (and much more)
using any livecd you can use stp to update machines from any distribution to slackware, or install a full slackware distribution with one command line
slacktrack, slapt-get, stp and swaret..
im not alone... although when i started stp in february 2003 it was less obvious
anyway (or maybe because of this) i'll continue to regulary spend some time for it as im free to spend as much time i want for it. Life is beautiful version 0.5 of the Slackware stp package manager is out !
i'll adapt it to another distribution. i want a unique command able to install all the main packages formats on any distribution. people could help me adapt it or extend it for what they are using. basically if there is a command to install/remove/update a package on your distribution that's easy to do so
mail me if you need assistance using stp
regards,
the author (luc.deschenaux@freesurf.ch)
Download
A port of gaim 0.75 is available for Slackware Linux 9.1
A new version of slapt-apt is now available for Slackware Linux 8.1, 9.0, and 9.1
Samba 3.0.1 is now available for Slackware Linux 9.1
DistroWatch reports that a new bug fix release of the SLAX live CD is now available
Saw over at DistroWatch that SLAX - Live CD (formerly known as Slackware - Live CD) 3.0.24 has been released
A new version of slapt-get is now available for Slackware Linux 8.1, 9.0, and 9.1
