New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
New kdenetwork packages are available for Slackware 10.0, 10.1, and -current to fix security issues. Overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution.
More details about this vulnerability may be found here:
http://www.kde.org/info/security/advisory-20050721-1.txt
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#MozillaNew versions of the mozilla-plugins symlink creation package are also out for Slackware 10.0 and 10.1, and a new version of the jre-symlink package for Slackware -current.
New emacs packages are available for Slackware 10.1 and -current to a security issue with the movemail utility for retrieving mail from a POP mail server. If used to connect to a malicious POP server, it is possible for the server to cause the execution of arbitrary code as the user running emacs.
New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache.
New tcpdump packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A specially crafted BGP packet can cause tcpdump to go into an infinite loop, creating a denial of service where network monitoring is disabled.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267
New XV image viewer packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. Format string and other issues could cause a crash or execution of arbitrary code if a specially crafted image is loaded with XV.
Sorry folks, I mistakenly used a build template that was too new to build the first round of PHP packages for Slackware 8.1, 9.0, and 9.1, which tried to place the module in /usr/libexec/apache (older versions of Slackware use /usr/libexec instead), and tried to link to incorrect libraries and features. These packages have been replaced with working ones. The packages for 10.0, 10.1, and -current were OK.
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with the PEAR XML_RPC class that allows a remote attacker to run arbitrary PHP code. Sites that make use of this PHP library should upgrade to the new PHP package right away, or may instead upgrade the XML_RPC PEAR class with the following command:
pear upgrade XML_RPC
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
New zlib packages are available for Slackware 10.0, 10.1, and -current to fix a denial of service security issue. zlib 1.1.x is not affected.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
New Sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A race condition could allow a user with Sudo privileges to run arbitrary commands.
For more details, see:
http://www.courtesan.com/sudo/alerts/path_race.html
Sun has released a couple of security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. These could allow applets to read or write to local files. For more details, Sun's advisories may be found here:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1Slackware repackage's Sun's Java(TM) binaries without changing them, so the packages from Slackware -current should be used for all glibc based Slackware versions.
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some minor security issues. Sites that use GAIM should upgrade to the new version.
From Slackware:
New ncftp packages are available for Slackware 10.0, 10.1, and -current to fix security issues.
More details about this issue may be found on the NcFTP site:
http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5
New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#MozillaAlso updated is Firefox in Slackware -current.
New versions of the mozilla-plugins symlink creation package are also out for Slackware 10.0 and 10.1, and a new version of the jre-symlink package for Slackware -current.
New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix several security issues. Sites that use GAIM should upgrade to the new version.
New infozip (zip/unzip) packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues.
New xine-lib packages are available for Slackware 10.0, 10.1, and -current to fix security issues. The xine frontends have also been upgraded.
For more details on the xine-lib security issues, see:
http://xinehq.de/index.php/security/XSA-2004-8
New CVS packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues.
