Slackware 1133 Published by

The following updates has been released for Slackware: bind (SSA:2012-166-01), seamonkey (SSA:2012-166-04), mozilla-thunderbird (SSA:2012-166-03), and mozilla-firefox (SSA:2012-166-02)



bind (SSA:2012-166-01)
[slackware-security] bind (SSA:2012-166-01)

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This release fixes an issue that could crash BIND, leading to a denial of
service. It also fixes the so-called "ghost names attack" whereby a
remote attacker may trigger continued resolvability of revoked domain names.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
(* Security fix *)
+--------------------------+

On Slackware 8.1, only CVE-2012-1667 was patched (see ChangeLog).

IMPORTANT NOTE FOR ON SLACKWARE 9.0 - 13.1:

These versions were upgraded with a new version of BIND, _not_ a patched one.
It is likely to be more strict about the correctness of configuration files.
Care should be taken about deploying this upgrade on production servers to
avoid an unintended interruption of service.


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4_ESV_R5-i386-2_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.7.6_P1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.7.6_P1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.7.6_P1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.7.6_P1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.7.6_P1-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.7.6_P1-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.7.6_P1-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.7.6_P1-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.7.6_P1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.7.6_P1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.7.6_P1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.7.6_P1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.6_P1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.6_P1-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.1_P1-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.1_P1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 8.1 package:
368676b58d45aeb44bb2709fef9b9dc9 bind-9.4_ESV_R5-i386-2_slack8.1.tgz

Slackware 9.0 package:
496c543f5cead74b532701c4a5ce2e9a bind-9.7.6_P1-i386-1_slack9.0.tgz

Slackware 9.1 package:
c2fa98d41c6192f9dee90fbf20087f74 bind-9.7.6_P1-i486-1_slack9.1.tgz

Slackware 10.0 package:
6f6d80d82bfad02b31c6cf978f9c4eb3 bind-9.7.6_P1-i486-1_slack10.0.tgz

Slackware 10.1 package:
3b044cb5268b5aa2a730e6023cd51dbe bind-9.7.6_P1-i486-1_slack10.1.tgz

Slackware 10.2 package:
5bcc0624a83bdb6a7624a951df8d9ac1 bind-9.7.6_P1-i486-1_slack10.2.tgz

Slackware 11.0 package:
5f5bef76e32dff698093f4d40aaf9e22 bind-9.7.6_P1-i486-1_slack11.0.tgz

Slackware 12.0 package:
e9cdeb8717363e648008890bde6f1cac bind-9.7.6_P1-i486-1_slack12.0.tgz

Slackware 12.1 package:
cdcadbc6cae03b16e39a222f24e3786b bind-9.7.6_P1-i486-1_slack12.1.tgz

Slackware 12.2 package:
77ce739695fd60507628410bb629df7a bind-9.7.6_P1-i486-1_slack12.2.tgz

Slackware 13.0 package:
52eb3c84976d1047dc82b0a7d306a59e bind-9.7.6_P1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
dfebcdf94ff058fe5a78cd41bedddc4f bind-9.7.6_P1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
f15ec3e442c950c0c0ab9a63b80a1f26 bind-9.7.6_P1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
47f1ed3d833c223ad29331d6d38535b7 bind-9.7.6_P1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
f6c28f56889b14020b2c3d034a3ea889 bind-9.7.6_P1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
6d177613e029056f533c2f4abddbfb0d bind-9.7.6_P1-x86_64-1_slack13.37.txz

Slackware -current package:
04a8c4613863017b632c92b93732834c n/bind-9.9.1_P1-i486-1.txz

Slackware x86_64 -current package:
8abe838febee6d569e52d7b2e7812cc8 n/bind-9.9.1_P1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.7.6_P1-i486-1_slack13.37.txz

Ensure that the configuration files are compatible with the upgraded
version of BIND, and then restart the nameserver:

# /etc/rc.d/rc.bind restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

seamonkey (SSA:2012-166-04)
[slackware-security] seamonkey (SSA:2012-166-04)

New seamonkey packages are available for Slackware 13.37, and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-2.10-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-solibs-2.10-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-2.10-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-solibs-2.10-x86_64-1_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.10-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.10-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.10-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.10-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.37 package:
e074fabb534d481a9d389b098560d6e4 seamonkey-2.10-i486-1_slack13.37.txz
d77c4a74d1e3e1829f2255a9dd84783d seamonkey-solibs-2.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
73a6e178284568b1c525fe06885bad20 seamonkey-2.10-x86_64-1_slack13.37.txz
cedadd701646cb97d06c50905222b1c1 seamonkey-solibs-2.10-x86_64-1_slack13.37.txz

Slackware -current package:
203d5dc7784c86aa7862082e5d7b1385 l/seamonkey-solibs-2.10-i486-1.txz
342d26f367064edae5727a1710d38b80 xap/seamonkey-2.10-i486-1.txz

Slackware x86_64 -current package:
84f70de16436b369b748e2b014f248e5 l/seamonkey-solibs-2.10-x86_64-1.txz
437c3afe1718243f2368a2dbb1ef0d2c xap/seamonkey-2.10-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg seamonkey-2.10-i486-1_slack13.37.txz seamonkey-solibs-2.10-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-thunderbird (SSA:2012-166-03)
[slackware-security] mozilla-thunderbird (SSA:2012-166-03)

New mozilla-thunderbird packages are available for Slackware 13.37,
and -current to fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-13.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-13.0-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-13.0-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-13.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.37 package:
4f24470dbdad582e8e11fdaf12c2c43d mozilla-thunderbird-13.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
40a1091b5ede6aab3e00370bd5e546ca mozilla-thunderbird-13.0-x86_64-1_slack13.37.txz

Slackware -current package:
0b374ed6606ce0b27da6010d634586b7 xap/mozilla-thunderbird-13.0-i486-1.txz

Slackware x86_64 -current package:
a3b7194b9f2d1ac3537404b7f7a151b4 xap/mozilla-thunderbird-13.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg mozilla-thunderbird-13.0-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

mozilla-firefox (SSA:2012-166-02)
[slackware-security] mozilla-firefox (SSA:2012-166-02)

New mozilla-firefox packages are available for Slackware 13.37, and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-13.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-13.0-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-13.0-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-13.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.37 package:
f293e4f3583af23a32d1b22adfe12c2a mozilla-firefox-13.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
f52b465c5adc7491ab1895ea5f00dde4 mozilla-firefox-13.0-x86_64-1_slack13.37.txz

Slackware -current package:
b2f93bdc87b3bfbd45626f11cc644db0 xap/mozilla-firefox-13.0-i486-1.txz

Slackware x86_64 -current package:
a859bfd9db83deee5a26d953429d07be xap/mozilla-firefox-13.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-13.0-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key