bind DoS (SSA:2006-257-01)

Slackware 1215 Published by Philipp Esselbach 0

New bind packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a Denial of Service issue.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096

As well as here:
http://www.isc.org/sw/bind/bind-security.php

There are no known active exploits at this time.

libtiff (SSA:2006-230-01)

Slackware 1215 Published by Philipp Esselbach 0

New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user.

Thanks to Tavis Ormandy and the Google Security Team.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465

mysql (SSA:2006-211-01)

Slackware 1215 Published by Philipp Esselbach 0

New mysql packages are available for Slackware 10.2 to fix security issues (and other bugs). For complete details about the many fixes addressed by this release, you can find MySQL's news article about the MySQL 4.1.21 Community Edition release here:

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469

firefox/thunderbird/seamonkey (SSA:2006-208-01)

Slackware 1215 Published by Philipp Esselbach 0

New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new Seamonkey package is available for Slackware -current to fix similar issues.

More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey

x11 (SSA:2006-207-02)

Slackware 1215 Published by Philipp Esselbach 0

New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages.

More details about the issues may be found here:

http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

Samba 2.0.23 repackaged (SSA:2006-200-01)

Slackware 1215 Published by Philipp Esselbach 0

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current.

In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the machine if the xfsprogs package (from the A series but marked "optional") was installed. Sorry -- this was not intentional, though I do know that I'm taking the chance of this kind of issue when trying to get security related problems fixed quickly (hopefully balanced with reasonable testing), and when the fix is achieved by upgrading to a new version rather than with the smallest patch possible to fix the known issue. However, I tend to trust that by following upstream sources as much as possible I'm also fixing some problems that aren't yet public.

So, all of the the 10.0, 10.1, and 10.2 packages have been rebuilt on systems without the dm library, and should be able to directly upgrade older samba packages without additional requirements. Well, unless they are also under /patches. ;-)

Samba DoS (SSA:2006-195-01)

Slackware 1215 Published by Philipp Esselbach 0

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba's team member who made their WHATSNEW.txt entry, "minor") denial of service issue.

sendmail (SSA:2006-166-01)

Slackware 1215 Published by Philipp Esselbach 0

New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix a possible denial-of-service issue.

Sendmail's complete advisory may be found here:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

Sendmail has also provided an FAQ about this issue:
http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml

The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

mysql (SSA:2006-155-01)

Slackware 1215 Published by Philipp Esselbach 0

New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues.

The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages, and was already patched in Slackware 10.2 and -current. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...