libtiff (SSA:2006-230-01)

Slackware 1231 Published by Philipp Esselbach 0

New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user.

Thanks to Tavis Ormandy and the Google Security Team.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465

mysql (SSA:2006-211-01)

Slackware 1231 Published by Philipp Esselbach 0

New mysql packages are available for Slackware 10.2 to fix security issues (and other bugs). For complete details about the many fixes addressed by this release, you can find MySQL's news article about the MySQL 4.1.21 Community Edition release here:

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469

firefox/thunderbird/seamonkey (SSA:2006-208-01)

Slackware 1231 Published by Philipp Esselbach 0

New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new Seamonkey package is available for Slackware -current to fix similar issues.

More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey

x11 (SSA:2006-207-02)

Slackware 1231 Published by Philipp Esselbach 0

New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages.

More details about the issues may be found here:

http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

Samba 2.0.23 repackaged (SSA:2006-200-01)

Slackware 1231 Published by Philipp Esselbach 0

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current.

In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the machine if the xfsprogs package (from the A series but marked "optional") was installed. Sorry -- this was not intentional, though I do know that I'm taking the chance of this kind of issue when trying to get security related problems fixed quickly (hopefully balanced with reasonable testing), and when the fix is achieved by upgrading to a new version rather than with the smallest patch possible to fix the known issue. However, I tend to trust that by following upstream sources as much as possible I'm also fixing some problems that aren't yet public.

So, all of the the 10.0, 10.1, and 10.2 packages have been rebuilt on systems without the dm library, and should be able to directly upgrade older samba packages without additional requirements. Well, unless they are also under /patches. ;-)

Samba DoS (SSA:2006-195-01)

Slackware 1231 Published by Philipp Esselbach 0

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba's team member who made their WHATSNEW.txt entry, "minor") denial of service issue.

sendmail (SSA:2006-166-01)

Slackware 1231 Published by Philipp Esselbach 0

New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix a possible denial-of-service issue.

Sendmail's complete advisory may be found here:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

Sendmail has also provided an FAQ about this issue:
http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml

The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

mysql (SSA:2006-155-01)

Slackware 1231 Published by Philipp Esselbach 0

New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues.

The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages, and was already patched in Slackware 10.2 and -current. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.

xorg server overflow (SSA:2006-123-01)

Slackware 1231 Published by Philipp Esselbach 0

New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is "root".)

mozilla security/EOL (SSA:2006-114-01)

Slackware 1231 Published by Philipp Esselbach 0

New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

Also note that this release marks the EOL (End Of Life) for the Mozilla Suite series. It's been a great run, so thanks to everyone who put in so much effort to make Mozilla a great browser suite. In the next Slackware release fans of the Mozilla Suite will be able to look forward to browsing with SeaMonkey, the Suite's successor. Anyone using an older version of Slackware may want to start thinking about migrating to another browser -- if not now, when the next problems with Mozilla are found.

Although the "sunset announcement" states that mozilla-1.7.13 is the final mozilla release, I wouldn't be too surprised to see just one more since there's a Makefile.in bug that needed to be patched here before Mozilla 1.7.13 would build. If a new release comes out and fixes only that issue, don't look for a package release on that as it's already fixed in these packages. If additional issues are fixed, then there will be new packages. Basically, if upstream un-EOLs this for a good reason, so will we.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...