vsftpd (SSA:2012-041-05)

February 10, 2012 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] vsftpd (SSA:2012-041-05)

New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, 13.37, and -current to work around a vulnerability in glibc.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz: Upgraded.
Minor version bump, this also works around a hard to trigger heap overflow
in glibc (glibc zoneinfo caching vuln). For there to be any possibility
to trigger the glibc bug within vsftpd, the non-default option
“chroot_local_user” must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
Nevertheless:
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/vsftpd-2.3.5-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/vsftpd-2.3.5-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/vsftpd-2.3.5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/vsftpd-2.3.5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/vsftpd-2.3.5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/vsftpd-2.3.5-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/vsftpd-2.3.5-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
57e7a8e7249e5f7ff256e5089204c1b3 vsftpd-2.3.5-i486-1_slack11.0.tgz

Slackware 12.0 package:
f8e31f944896414466de6bf67b4ce6e4 vsftpd-2.3.5-i486-1_slack12.0.tgz

Slackware 12.1 package:
e01a5f12f75d2c973a252dee7ccfb90e vsftpd-2.3.5-i486-1_slack12.1.tgz

Slackware 12.2 package:
035bf8ca7f57e9b87cbe1d23bbfa448f vsftpd-2.3.5-i486-1_slack12.2.tgz

Slackware 13.0 package:
4d076b4ab6a1540819ac95daaec66b96 vsftpd-2.3.5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
aa9be4d90e86c4a12b19c4145e7dbfd9 vsftpd-2.3.5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
496775bb9c50507fd92beb99dd189283 vsftpd-2.3.5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
3b15394f16c65c7998032a0e5ffb5dd2 vsftpd-2.3.5-x86_64-1_slack13.1.txz

Slackware 13.37 package:
5774d8e93d9af86cf6caa8561205da5d vsftpd-2.3.5-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
a0f2af29cb0c3fb1fc906a3e1bd15fdf vsftpd-2.3.5-x86_64-1_slack13.37.txz

Slackware -current package:
e30ad11db30ef7d745ec15b3d5e6d9b2 n/vsftpd-2.3.5-i486-1.txz

Slackware x86_64 -current package:
0d2e9323eec38bd7dc7bc55ef2dd3639 n/vsftpd-2.3.5-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg vsftpd-2.3.5-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VeEACgkQakRjwEAQIjNjpQCghABEYaIsRmUi+Y6WjKvwirvd
A0EAoIfG9+eEC4pmNXlcY7ZS4EQScSGM
=VVJw
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

proftpd (SSA:2012-041-04)

February 10, 2012 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] proftpd (SSA:2012-041-04)

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz: Upgraded.
This update fixes a use-after-free() memory corruption error,
and possibly other unspecified issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/proftpd-1.3.4a-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/proftpd-1.3.4a-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/proftpd-1.3.4a-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.4a-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.4a-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.4a-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.4a-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
07257d37b1708251a2a3871dd87c6be6 proftpd-1.3.4a-i486-1_slack11.0.tgz

Slackware 12.0 package:
6a1773e304fb56f433f6651d15a83080 proftpd-1.3.4a-i486-1_slack12.0.tgz

Slackware 12.1 package:
f439c8d0c8dcad1947cdfc27774ae757 proftpd-1.3.4a-i486-1_slack12.1.tgz

Slackware 12.2 package:
5007c64cfb653341a20aac54844962ad proftpd-1.3.4a-i486-1_slack12.2.tgz

Slackware 13.0 package:
b4c65dc4b953d54dfcbc963cfefde842 proftpd-1.3.4a-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
bdf2bd5539abeb25da7c9000d570b946 proftpd-1.3.4a-x86_64-1_slack13.0.txz

Slackware 13.1 package:
c6f98a0fa8f1cbdc47268aade1b62b29 proftpd-1.3.4a-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
a40c013d52e807e5de691cda8156af03 proftpd-1.3.4a-x86_64-1_slack13.1.txz

Slackware 13.37 package:
13309d7eba5b374664e7c616e951d382 proftpd-1.3.4a-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
74b653449b982a9e498888f6d8705039 proftpd-1.3.4a-x86_64-1_slack13.37.txz

Slackware -current package:
3cfb497c816c56a3cd80a850c30fc0bf n/proftpd-1.3.4a-i486-1.txz

Slackware x86_64 -current package:
90acd5c6075d01b013704b1b8aedfcf3 n/proftpd-1.3.4a-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg proftpd-1.3.4a-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81Vd4ACgkQakRjwEAQIjOtsgCfYI4PqAuY038V+twcgOLfQgfX
H6IAn3gHhThRo4nEHnTk+89Jv/STodzd
=KXNR
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

glibc (SSA:2012-041-03)

February 10, 2012 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] glibc (SSA:2012-041-03)

New glibc packages are available for Slackware 13.1, 13.37, and -current to
fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
(* Security fix *)
patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.
patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.
(* Security fix *)
patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.
(* Security fix *)
patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-6_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-5_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.14.1-i486-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.14.1-i486-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.14.1-i486-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.14.1-i486-4.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.14.1-x86_64-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.14.1-x86_64-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.14.1-x86_64-4.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.14.1-x86_64-4.txz

MD5 signatures:
+————-+

Slackware 13.1 packages:
c7f0d5af7b32d6259272956bf1621ce0 glibc-2.11.1-i486-6_slack13.1.txz
d80c53f769a30b407e303eb440e326e3 glibc-i18n-2.11.1-i486-6_slack13.1.txz
6b9eb872a8368a13d71cecf8e031d2be glibc-profile-2.11.1-i486-6_slack13.1.txz
ba34c30c27d42c61190979884e8b8697 glibc-solibs-2.11.1-i486-6_slack13.1.txz
74afbffcfb20ac6235945930a8a0ac57 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Slackware x86_64 13.1 packages:
a9bfcb4a0fde94a9355ecce905bb3ba4 glibc-2.11.1-x86_64-6_slack13.1.txz
6f7df8a5ac48f364fff364f679430ea5 glibc-i18n-2.11.1-x86_64-6_slack13.1.txz
1590ae7b50153b2d28489b9192126120 glibc-profile-2.11.1-x86_64-6_slack13.1.txz
067bcd52acc3552bf2a77126fd12605e glibc-solibs-2.11.1-x86_64-6_slack13.1.txz
ce56ec387a50c00425d4dcf88ba71ee2 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Slackware 13.37 packages:
dacaa396b83346f0313e85356ba496ad glibc-2.13-i486-5_slack13.37.txz
e6238c92c6a97a56274d91e342e2ef07 glibc-i18n-2.13-i486-5_slack13.37.txz
aca444c2c834c1bbbb1fdcd08f381f5d glibc-profile-2.13-i486-5_slack13.37.txz
04db99e0770b06af713322daa35f9463 glibc-solibs-2.13-i486-5_slack13.37.txz
fe22b8ba56e8a14d025943d6a53f0a22 glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Slackware x86_64 13.37 packages:
ab90f9581621a4b9e1f41fdd1c583a25 glibc-2.13-x86_64-5_slack13.37.txz
d82fef5b1e734c9fd9aee358139dccaa glibc-i18n-2.13-x86_64-5_slack13.37.txz
f26848e2ef7a2ed367a73fded8d51e2a glibc-profile-2.13-x86_64-5_slack13.37.txz
1f4b8e716764c98c7c261fb7d7c19557 glibc-solibs-2.13-x86_64-5_slack13.37.txz
553c32ce3937c8700dde84bad4b5467c glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Slackware -current packages:
cc98a5b0a120a3350b17d087af3a2163 a/glibc-solibs-2.14.1-i486-4.txz
b549864a76c55b71f385eaf9077cf6ac a/glibc-zoneinfo-2011i_2011n-noarch-4.txz
8522cbc56aec9af6c9c8e58fb5ee71c4 l/glibc-2.14.1-i486-4.txz
98561de06536ce17b221774f39316933 l/glibc-i18n-2.14.1-i486-4.txz
8a7ac4e4796eaefc6447222f7ce6eedf l/glibc-profile-2.14.1-i486-4.txz

Slackware x86_64 -current packages:
83121e8a4e8e46d2faa58221382f914c a/glibc-solibs-2.14.1-x86_64-4.txz
8245bc6fb5e59fa905df708391bd3f89 a/glibc-zoneinfo-2011i_2011n-noarch-4.txz
ca3c22ff543e900bfd4516ba4af7cf34 l/glibc-2.14.1-x86_64-4.txz
e2650c24a1a69138f544e98d8653f2a9 l/glibc-i18n-2.14.1-x86_64-4.txz
23c2f013552e8a0561168897866fcb53 l/glibc-profile-2.14.1-x86_64-4.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg glibc-2.13-i486-5_slack13.37.txz glibc-i18n-2.13-i486-5_slack13.37.txz glibc-profile-2.13-i486-5_slack13.37.txz glibc-solibs-2.13-i486-5_slack13.37.txz glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81Vd0ACgkQakRjwEAQIjPtSQCdGQYC3dBwmp2R1+2HSrDvA3Lb
2P0AoIl58u7f8OON1Fbcz6E52VdgrcnD
=0Hae
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

php (SSA:2012-041-02)

February 10, 2012 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] php (SSA:2012-041-02)

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded.
Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.10-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.10-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.10-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.10-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.10-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.10-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 12.0 package:
bf5512a57e0e7ba3c9d836636f056036 php-5.3.10-i486-1_slack12.0.tgz

Slackware 12.1 package:
474400e31f8701a07aa97aeee956226e php-5.3.10-i486-1_slack12.1.tgz

Slackware 12.2 package:
f359c739e8db9130806c3cb256990804 php-5.3.10-i486-1_slack12.2.tgz

Slackware 13.0 package:
5b38767541b0367dd64539537ca3cfc5 php-5.3.10-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
bcccb9fdde0e548d999447b352f4b322 php-5.3.10-x86_64-1_slack13.0.txz

Slackware 13.1 package:
7bdee84117e3cd1ac8e6087d9c936355 php-5.3.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2d05770a236fdc52754e1ba9d657d6d7 php-5.3.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:
7555e89aa4dc5a6b68c2fcfd1b8a6dc3 php-5.3.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
cf6a47e0046b13b2adba13466b3b5e7e php-5.3.10-x86_64-1_slack13.37.txz

Slackware -current package:
1191d7d49f21f0dba3c4f35cc19e6b88 n/php-5.3.10-i486-1.txz

Slackware x86_64 -current package:
25a12f2407be6f03ff1dc50ad1b3c80b n/php-5.3.10-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg php-5.3.10-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VdsACgkQakRjwEAQIjOXUwCfezXUNa574h+RebDKgoGHoWoF
ofoAniEEEENlY4sa2T1+N8KKJPS23J4D
=gwHE
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

httpd (SSA:2012-041-01)

February 10, 2012 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] httpd (SSA:2012-041-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current to fix security issues. The apr-util package has also been
updated to the latest version.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded.
Version bump for httpd upgrade.
patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded.
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
*) SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the ‘%{cookiename}C’ log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. PR 52256.
[Rainer Canavan ]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose “httpOnly” cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 12.0 packages:
3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz
86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz

Slackware 12.1 packages:
aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz
1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz

Slackware 12.2 packages:
f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz
18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz

Slackware 13.0 packages:
d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz
0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz
1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz
49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz
1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz
783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz
8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz

Slackware -current packages:
e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz
97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz

Slackware x86_64 -current packages:
55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz
09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VdkACgkQakRjwEAQIjOGhgCfWdrAq0pHF50KIH1oTMM8nxyv
1p0AniI9T9MxtNtJtXuLAhBS4429MOa9
=NH0B
—–END PGP SIGNATURE—–

Slackware-Security , , , Leave a comment

httpd (SSA:2011-252-01)

September 9, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] httpd (SSA:2011-252-01)

Not long ago, httpd package updates were issued to clamp down on a denial of
service bug that’s seen some action in the wild. New packages are available
for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/httpd-2.2.20-i486-1_slack13.37.txz: Upgraded.
SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.20-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.20-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.20-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.20-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.20-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.20-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.20-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.20-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.20-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.20-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.20-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 12.0 package:
1c5d2923bf5ee56ea5b26a14f4bef750 httpd-2.2.20-i486-1_slack12.0.tgz

Slackware 12.1 package:
1afa27da8d2d897f871fb5fe91832f04 httpd-2.2.20-i486-1_slack12.1.tgz

Slackware 12.2 package:
883d978f2eb2fa09e0094096860995ef httpd-2.2.20-i486-1_slack12.2.tgz

Slackware 13.0 package:
db6935f7ce78acd0cf63bfed97497334 httpd-2.2.20-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
8c976a586a885b33c910c71a4cb655c9 httpd-2.2.20-x86_64-1_slack13.0.txz

Slackware 13.1 package:
eab2ada5def61d8734a80e887b10edc7 httpd-2.2.20-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
378da86cc706426c68cb3404bceb146c httpd-2.2.20-x86_64-1_slack13.1.txz

Slackware 13.37 package:
ac06dfbefebd419d7bebf3f18ddd1304 httpd-2.2.20-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
c650ee26fde72c7e6524784fa63ff8b8 httpd-2.2.20-x86_64-1_slack13.37.txz

Slackware -current package:
7afbbaae7ed7605620ad76dc9ae1146b n/httpd-2.2.20-i486-1.txz

Slackware x86_64 -current package:
5ef29bd575c49645496cbfc4fe657c84 n/httpd-2.2.20-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg httpd-2.2.20-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5qHNUACgkQakRjwEAQIjMDKwCfS9jeJjQ2HaIe4olungW9IvyP
hdgAn2S77YlxuqGFMHOVq+PadSgpR/ck
=TX14
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

php (SSA:2011-237-01)

August 25, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] php (SSA:2011-237-01)

New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
For those upgrading from PHP 5.2.x, be aware that quite a bit has
changed, and it will very likely not ‘drop in’, but PHP 5.2.x is not
supported by php.net any longer, so there wasn’t a lot of choice
in the matter. We’re not able to support a security fork of
PHP 5.2.x here either, so you’ll have to just bite the bullet on
this. You’ll be better off in the long run. :)
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.8-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.8-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.8-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.8-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.8-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.8-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.8-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.8-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.8-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.8-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.8-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz

Slackware 12.0 package:
e87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz

Slackware 12.1 package:
83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz

Slackware 12.2 package:
68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz

Slackware 13.0 package:
ccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz

Slackware 13.1 package:
4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz

Slackware 13.37 package:
c44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz

Slackware -current package:
839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz

Slackware x86_64 -current package:
330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg php-5.3.8-i486-1_slack13.37.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5WE7oACgkQakRjwEAQIjMo4ACfQEjk63hAFDTcnCrnjl3qmqaT
T3QAn16JTA4XdXMv0IRdnIiklC10PQoO
=M4cG
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

bind (SSA:2011-224-01)

August 12, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] bind (SSA:2011-224-01)

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/bind-9.7.4-i486-1_slack13.37.txz: Upgraded.
This BIND update addresses a couple of security issues:
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4_ESV_R5-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4_ESV_R5-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.4-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.4-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.4-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.4-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 8.1 package:
dc89ecedef601f734fd45daa5bdcd7d9 bind-9.4_ESV_R5-i386-1_slack8.1.tgz

Slackware 9.0 package:
d3bfca586ce41793538cec589ec5e885 bind-9.4_ESV_R5-i386-1_slack9.0.tgz

Slackware 9.1 package:
f515e3b8a2b22e1ba39735951f384bfe bind-9.4_ESV_R5-i486-1_slack9.1.tgz

Slackware 10.0 package:
baefa4932cef962cd911dc4d963f014e bind-9.4_ESV_R5-i486-1_slack10.0.tgz

Slackware 10.1 package:
8dabc6e5022b1135a9ba8a0aca654233 bind-9.4_ESV_R5-i486-1_slack10.1.tgz

Slackware 10.2 package:
b956f174f5804d04afe9f922e6dce047 bind-9.4_ESV_R5-i486-1_slack10.2.tgz

Slackware 11.0 package:
71b7dea3e090840d319ee14bae47066e bind-9.4_ESV_R5-i486-1_slack11.0.tgz

Slackware 12.0 package:
a62f276534e0528ff72e619fd6693a9c bind-9.4_ESV_R5-i486-1_slack12.0.tgz

Slackware 12.1 package:
2687b1d88aa9098f8c2f17b0a2305922 bind-9.4_ESV_R5-i486-1_slack12.1.tgz

Slackware 12.2 package:
400f63e3904f17878ffcfb708dc2441e bind-9.4_ESV_R5-i486-1_slack12.2.tgz

Slackware 13.0 package:
09ef7f2dc543effe1c6867403f577c31 bind-9.4_ESV_R5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
54a40e83d4fbdc6ad5cb6a6f675c32a5 bind-9.4_ESV_R5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
892a69decaf20b0fdbb3c26e350f4091 bind-9.4_ESV_R5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
c0455392827bbab32f2f61efad86d306 bind-9.4_ESV_R5-x86_64-1_slack13.1.txz

Slackware 13.37 package:
dd9c61c7937d6962644f3ab3b6827e9c bind-9.7.4-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5b1a647dbb9650dfcaf60e17c9de5c6b bind-9.7.4-x86_64-1_slack13.37.txz

Slackware -current package:
8de3690d50448e07641ab56781809fb3 n/bind-9.7.4-i486-1.txz

Slackware x86_64 -current package:
052dc19a356df332d355581aa1d798f6 n/bind-9.7.4-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg bind-9.7.4-i486-1_slack13.37.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5FuTkACgkQakRjwEAQIjNolACdHHJwiTlSHtHL4rCjT4xK/TSX
GdQAnjYmgJrfgwJaiT1+smwFi6KG5o4Z
=T6y2
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , 1 Comment

samba (SSA:2011-210-03)

July 29, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] samba (SSA:2011-210-03)

New samba packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded.
Fixed cross-site request forgery and cross-site scripting vulnerability
in SWAT (the Samba Web Administration Tool).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.5.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-3.5.10-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.1 package:
9dd8c9e4a6881ea5b82cf8e3d59e0256 samba-3.5.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
a9364edef99d026831b38757de582109 samba-3.5.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9139d218c171399faf99c23f70ac755d samba-3.5.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5e5757633918950d795280efb7a88d08 samba-3.5.10-x86_64-1_slack13.37.txz

Slackware -current package:
0e347b1e1648bcc94582392e573da4a4 samba-3.5.10-i486-1.txz

Slackware x86_64 -current package:
0c6a7ddf8633a1f3087b10397bea9abe samba-3.5.10-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg samba-3.5.10-i486-1_slack13.37.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4zP5gACgkQakRjwEAQIjNSCQCeOSxyNCG32n8E6AkSp1DjRmdw
tnsAn2MK6hVxOxTEhYxkPdNsOc/0+7pR
=nulJ
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

dhcpcd (SSA:2011-210-02)

July 29, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] dhcpcd (SSA:2011-210-02)

New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz: Upgraded.
Sanitize the host name provided by the DHCP server to insure that it does
not contain any shell metacharacters.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcpcd-3.2.3-i486-2_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcpcd-5.2.12-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcpcd-5.2.12-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcpcd-5.2.12-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
1029af8f686830f358e053ca2406b9a6 dhcpcd-3.2.3-i486-2_slack13.0.txz

Slackware x86_64 13.0 package:
5615c7feb96339495bf628ea248a6b76 dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Slackware 13.1 package:
23211c76d60f18f568a44f76c6cbc2dc dhcpcd-5.2.12-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2b186bb623ee30926e54e11c5017ec14 dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9b669fe2c0f4cd3267aad81a28e8302c dhcpcd-5.2.12-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
77564e0ba2daaa5066acd44cd33e8f40 dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Slackware -current package:
8700b8a222d2cbc3564cd9d25b551ac1 dhcpcd-5.2.12-i486-1.txz

Slackware x86_64 -current package:
1d96860005547b5edfc55a4d79fb44cd dhcpcd-5.2.12-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg dhcpcd-5.2.12-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4zP5YACgkQakRjwEAQIjPtBwCeLurBPL1zOs2OjkjV01lF7dC2
fiAAn2hzQPnFw6dF269cYH9eRIJUKeSA
=pMF4
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment