Entries categorized as ‘Security Updates’
Patrick was hard at work yesterday uploading new packages to slackware-current. Take note of the following ChangeLog entry:
xap/fluxbox-1.0rc-i486-1.tgz: Upgraded to fluxbox-1.0rc.
I considered using –prefix=/usr here since X.Org will be moving from
/usr/X11R6 to /usr when Slackware absorbs the modular release, but I
think it will be best to wait and make those changes all at once.
This, BTW, will be sometime after the 11.0 release. This current to
stable cycle has already taken too much time (10.2 is in need of
replacement), and introducing changes that might break things at this
point would be foolhardy. Although there’s still quite a bit in the
TODO queue here I’m making my steps carefully as -current is very
stable, and I think it should ship as a stable 11.0 soon so that we can
get back to the business of breaking things in -current. 
That’s exciting! Sounds like Pat is wanting to get 11.0 out the door so he can get back to breaking things in -current! Along with the upgrade to Fluxbox, yesterday saw a security update for Sendmail. The complete advisory from Sendmail can be found here. We also got new versions of XChat, ImageMagick, and nmap.
Categories: ChangeLogs · General · Security Updates · Slackware
Several updates were included in the -current tree recently, one notable change is a security fix to x11. This bug (which consists of a single missing bracket) would allow users to execute arbitrary code as root. It is suggested you upgrade your system, which can be done easily through swaret(my personal preference) or slapt-get.
Wed May 3 21:48:26 CDT 2006xap/mozilla-firefox-1.5.0.3-i686-1.tgz: Upgraded to firefox-1.5.0.3.
This upgrade fixes a crash bug that could possibly be used to
execute code as the Firefox user.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+————————–+
Wed May 3 00:01:38 CDT 2006
a/smartmontools-5.36-i486-1.tgz: Upgraded to smartmontools-5.36.
Thanks to Jonathan Woithe for letting me know that newer 2.6.x kernels
need this version to properly support SMART with SATA drives.
l/libpng-1.2.10-i486-1.tgz: Upgraded to libpng-1.2.10.
n/rsync-2.6.8-i486-1.tgz: Upgraded to rsync-2.6.8.
tcl/tcl-8.4.13-i486-1.tgz: Upgraded to tcl-8.4.13.
tcl/tk-8.4.13-i486-1.tgz: Upgraded to tk-8.4.13.
x/x11-6.9.0-i486-4.tgz: Patched with x11r6.9.0-mitri.diff and recompiled.
A typo in the X render extension allows an X client to crash the server
and possibly to execute arbitrary code as the X server user (typically
this is "root".)
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
The advisory from X.Org may be found here:
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
(* Security fix *)
x/x11-devel-6.9.0-i486-4.tgz: Patched and recompiled libXrender.
(* Security fix *)
Categories: ChangeLogs · Security Updates
Categories: Security Updates
A new xine-lib package, version 1.0.3a, is avilable for slackware. The new package is a security fix and can be downloaded from the Slackware package browser.
More info from the ChangeLog:
This fixes a format string bug where an attacker, if able to upload malicious information to a CDDB server and then get a local user to play a certain audio CD, may be able to run arbitrary code on the machine as the user running the xine-lib linked application. For more information, see:
http://xinehq.de/index.php/security/XSA-2005-1
See HTNet for more.
Categories: ChangeLogs · Security Updates
tyler
urbanzer0
dosnlinux
JamesB