xorg server overflow (SSA:2006-123-01)

Slackware 1215 Published by Philipp Esselbach 0

New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is "root".)

mozilla security/EOL (SSA:2006-114-01)

Slackware 1215 Published by Philipp Esselbach 0

New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

Also note that this release marks the EOL (End Of Life) for the Mozilla Suite series. It's been a great run, so thanks to everyone who put in so much effort to make Mozilla a great browser suite. In the next Slackware release fans of the Mozilla Suite will be able to look forward to browsing with SeaMonkey, the Suite's successor. Anyone using an older version of Slackware may want to start thinking about migrating to another browser -- if not now, when the next problems with Mozilla are found.

Although the "sunset announcement" states that mozilla-1.7.13 is the final mozilla release, I wouldn't be too surprised to see just one more since there's a Makefile.in bug that needed to be patched here before Mozilla 1.7.13 would build. If a new release comes out and fixes only that issue, don't look for a package release on that as it's already fixed in these packages. If additional issues are fixed, then there will be new packages. Basically, if upstream un-EOLs this for a good reason, so will we.

Slackware 10.1 kdegraphics (SSA:2006-072-01)

Slackware 1215 Published by Philipp Esselbach 0

A new kdegraphics package is available for Slackware 10.1 to fix a security issue. A portion of the recent security patch was missing in the version that was applied to kdegraphics-3.3.2 in Slackware 10.1. Other versions of Slackware are not affected by this specific missing patch issue.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746

xpdf (SSA:2006-045-09)

Slackware 1215 Published by Philipp Esselbach 0

New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

elm mailer (SSA:2005-311-01)

Slackware 1215 Published by Philipp Esselbach 0

New Elm packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A buffer overflow in the parsing of the Expires header could allow arbitrary code to be executed as the user running Elm.

curl/wget (SSA:2005-310-01)

Slackware 1215 Published by Philipp Esselbach 0

New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current, and new wget packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer overflow in NTLM handling which may present a security problem, though no public exploits are known at this time.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185

imapd (SSA:2005-310-06)

Slackware 1215 Published by Philipp Esselbach 0

New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix (an alleged) security issue. See the details below for more information. Also, new Pine packages are provided since these are built together... why not? Might as well upgrade that too, while I'm fixing the fake security problem. :):

apache (SSA:2005-310-04)

Slackware 1215 Published by Philipp Esselbach 0

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues:

* If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.

* Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.

It's hard to say how much real-world impact these have, as there's no more information about that in the announcement. The original Apache nnounement can be read here:

http://www.apache.org/dist/httpd/Announcement1.3.html

Note that if you use mod_ssl, you will also need a new mod_ssl package. These have been provided for the same releases of Slackware.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...