Slackware 10.1 kdegraphics (SSA:2006-072-01)

Slackware 1231 Published by Philipp Esselbach 0

A new kdegraphics package is available for Slackware 10.1 to fix a security issue. A portion of the recent security patch was missing in the version that was applied to kdegraphics-3.3.2 in Slackware 10.1. Other versions of Slackware are not affected by this specific missing patch issue.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746

xpdf (SSA:2006-045-09)

Slackware 1231 Published by Philipp Esselbach 0

New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

elm mailer (SSA:2005-311-01)

Slackware 1231 Published by Philipp Esselbach 0

New Elm packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A buffer overflow in the parsing of the Expires header could allow arbitrary code to be executed as the user running Elm.

curl/wget (SSA:2005-310-01)

Slackware 1231 Published by Philipp Esselbach 0

New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current, and new wget packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current. These address a buffer overflow in NTLM handling which may present a security problem, though no public exploits are known at this time.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185

imapd (SSA:2005-310-06)

Slackware 1231 Published by Philipp Esselbach 0

New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix (an alleged) security issue. See the details below for more information. Also, new Pine packages are provided since these are built together... why not? Might as well upgrade that too, while I'm fixing the fake security problem. :):

apache (SSA:2005-310-04)

Slackware 1231 Published by Philipp Esselbach 0

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues:

* If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.

* Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.

It's hard to say how much real-world impact these have, as there's no more information about that in the announcement. The original Apache nnounement can be read here:

http://www.apache.org/dist/httpd/Announcement1.3.html

Note that if you use mod_ssl, you will also need a new mod_ssl package. These have been provided for the same releases of Slackware.

PHP (SSA:2005-310-05)

Slackware 1231 Published by Philipp Esselbach 0

New PHP packages are available for Slackware 10.2 and -current to fix minor security issues relating to the overwriting of the GLOBALS array.

It has been reported here that this new version of PHP also breaks squirrelmail and probably some other things. Given the vague nature of the security report, it's possible that the cure might be worse than the disease as far as this upgrade is concerned. If you encounter problems, you may wish to drop back to 4.4.0, and I believe that doing so is relatively safe. I understand at least some of the issues are fixed in CVS already, so perhaps another maintainance release is not far off.

Thanks to Gerardo Exequiel Pozzi for bringing the issues with 4.4.1 to my attention so that this additional information could be included here.

lynx (SSA:2005-310-03)

Slackware 1231 Published by Philipp Esselbach 0

New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. An overflow could result in the execution of arbitrary code when using Lynx to connect to a malicious NNTP server.

OpenSSL (SSA:2005-286-01)

Slackware 1231 Published by Philipp Esselbach 0

New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a "man in the middle" may force a client and server to fall back to the less-secure SSL 2.0 protocol.

xine-lib (SSA:2005-283-01)

Slackware 1231 Published by Philipp Esselbach 0

New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...