httpd (SSA:2011-252-01)

September 9, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] httpd (SSA:2011-252-01)

Not long ago, httpd package updates were issued to clamp down on a denial of
service bug that’s seen some action in the wild. New packages are available
for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/httpd-2.2.20-i486-1_slack13.37.txz: Upgraded.
SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.20-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.20-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.20-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.20-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.20-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.20-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.20-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.20-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.20-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.20-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.20-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 12.0 package:
1c5d2923bf5ee56ea5b26a14f4bef750 httpd-2.2.20-i486-1_slack12.0.tgz

Slackware 12.1 package:
1afa27da8d2d897f871fb5fe91832f04 httpd-2.2.20-i486-1_slack12.1.tgz

Slackware 12.2 package:
883d978f2eb2fa09e0094096860995ef httpd-2.2.20-i486-1_slack12.2.tgz

Slackware 13.0 package:
db6935f7ce78acd0cf63bfed97497334 httpd-2.2.20-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
8c976a586a885b33c910c71a4cb655c9 httpd-2.2.20-x86_64-1_slack13.0.txz

Slackware 13.1 package:
eab2ada5def61d8734a80e887b10edc7 httpd-2.2.20-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
378da86cc706426c68cb3404bceb146c httpd-2.2.20-x86_64-1_slack13.1.txz

Slackware 13.37 package:
ac06dfbefebd419d7bebf3f18ddd1304 httpd-2.2.20-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
c650ee26fde72c7e6524784fa63ff8b8 httpd-2.2.20-x86_64-1_slack13.37.txz

Slackware -current package:
7afbbaae7ed7605620ad76dc9ae1146b n/httpd-2.2.20-i486-1.txz

Slackware x86_64 -current package:
5ef29bd575c49645496cbfc4fe657c84 n/httpd-2.2.20-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg httpd-2.2.20-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5qHNUACgkQakRjwEAQIjMDKwCfS9jeJjQ2HaIe4olungW9IvyP
hdgAn2S77YlxuqGFMHOVq+PadSgpR/ck
=TX14
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

php (SSA:2011-237-01)

August 25, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] php (SSA:2011-237-01)

New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
For those upgrading from PHP 5.2.x, be aware that quite a bit has
changed, and it will very likely not ‘drop in’, but PHP 5.2.x is not
supported by php.net any longer, so there wasn’t a lot of choice
in the matter. We’re not able to support a security fork of
PHP 5.2.x here either, so you’ll have to just bite the bullet on
this. You’ll be better off in the long run. :)
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.8-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.8-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.8-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.8-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.8-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.8-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.8-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.8-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.8-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.8-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.8-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz

Slackware 12.0 package:
e87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz

Slackware 12.1 package:
83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz

Slackware 12.2 package:
68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz

Slackware 13.0 package:
ccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz

Slackware 13.1 package:
4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz

Slackware 13.37 package:
c44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz

Slackware -current package:
839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz

Slackware x86_64 -current package:
330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg php-5.3.8-i486-1_slack13.37.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5WE7oACgkQakRjwEAQIjMo4ACfQEjk63hAFDTcnCrnjl3qmqaT
T3QAn16JTA4XdXMv0IRdnIiklC10PQoO
=M4cG
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

bind (SSA:2011-224-01)

August 12, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] bind (SSA:2011-224-01)

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/bind-9.7.4-i486-1_slack13.37.txz: Upgraded.
This BIND update addresses a couple of security issues:
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4_ESV_R5-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4_ESV_R5-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.4-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.4-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.4-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.4-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 8.1 package:
dc89ecedef601f734fd45daa5bdcd7d9 bind-9.4_ESV_R5-i386-1_slack8.1.tgz

Slackware 9.0 package:
d3bfca586ce41793538cec589ec5e885 bind-9.4_ESV_R5-i386-1_slack9.0.tgz

Slackware 9.1 package:
f515e3b8a2b22e1ba39735951f384bfe bind-9.4_ESV_R5-i486-1_slack9.1.tgz

Slackware 10.0 package:
baefa4932cef962cd911dc4d963f014e bind-9.4_ESV_R5-i486-1_slack10.0.tgz

Slackware 10.1 package:
8dabc6e5022b1135a9ba8a0aca654233 bind-9.4_ESV_R5-i486-1_slack10.1.tgz

Slackware 10.2 package:
b956f174f5804d04afe9f922e6dce047 bind-9.4_ESV_R5-i486-1_slack10.2.tgz

Slackware 11.0 package:
71b7dea3e090840d319ee14bae47066e bind-9.4_ESV_R5-i486-1_slack11.0.tgz

Slackware 12.0 package:
a62f276534e0528ff72e619fd6693a9c bind-9.4_ESV_R5-i486-1_slack12.0.tgz

Slackware 12.1 package:
2687b1d88aa9098f8c2f17b0a2305922 bind-9.4_ESV_R5-i486-1_slack12.1.tgz

Slackware 12.2 package:
400f63e3904f17878ffcfb708dc2441e bind-9.4_ESV_R5-i486-1_slack12.2.tgz

Slackware 13.0 package:
09ef7f2dc543effe1c6867403f577c31 bind-9.4_ESV_R5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
54a40e83d4fbdc6ad5cb6a6f675c32a5 bind-9.4_ESV_R5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
892a69decaf20b0fdbb3c26e350f4091 bind-9.4_ESV_R5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
c0455392827bbab32f2f61efad86d306 bind-9.4_ESV_R5-x86_64-1_slack13.1.txz

Slackware 13.37 package:
dd9c61c7937d6962644f3ab3b6827e9c bind-9.7.4-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5b1a647dbb9650dfcaf60e17c9de5c6b bind-9.7.4-x86_64-1_slack13.37.txz

Slackware -current package:
8de3690d50448e07641ab56781809fb3 n/bind-9.7.4-i486-1.txz

Slackware x86_64 -current package:
052dc19a356df332d355581aa1d798f6 n/bind-9.7.4-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg bind-9.7.4-i486-1_slack13.37.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5FuTkACgkQakRjwEAQIjNolACdHHJwiTlSHtHL4rCjT4xK/TSX
GdQAnjYmgJrfgwJaiT1+smwFi6KG5o4Z
=T6y2
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , 1 Comment

samba (SSA:2011-210-03)

July 29, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] samba (SSA:2011-210-03)

New samba packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded.
Fixed cross-site request forgery and cross-site scripting vulnerability
in SWAT (the Samba Web Administration Tool).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.5.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-3.5.10-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.1 package:
9dd8c9e4a6881ea5b82cf8e3d59e0256 samba-3.5.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
a9364edef99d026831b38757de582109 samba-3.5.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9139d218c171399faf99c23f70ac755d samba-3.5.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
5e5757633918950d795280efb7a88d08 samba-3.5.10-x86_64-1_slack13.37.txz

Slackware -current package:
0e347b1e1648bcc94582392e573da4a4 samba-3.5.10-i486-1.txz

Slackware x86_64 -current package:
0c6a7ddf8633a1f3087b10397bea9abe samba-3.5.10-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg samba-3.5.10-i486-1_slack13.37.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4zP5gACgkQakRjwEAQIjNSCQCeOSxyNCG32n8E6AkSp1DjRmdw
tnsAn2MK6hVxOxTEhYxkPdNsOc/0+7pR
=nulJ
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

dhcpcd (SSA:2011-210-02)

July 29, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] dhcpcd (SSA:2011-210-02)

New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz: Upgraded.
Sanitize the host name provided by the DHCP server to insure that it does
not contain any shell metacharacters.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcpcd-3.2.3-i486-2_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcpcd-5.2.12-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcpcd-5.2.12-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcpcd-5.2.12-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcpcd-5.2.12-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
1029af8f686830f358e053ca2406b9a6 dhcpcd-3.2.3-i486-2_slack13.0.txz

Slackware x86_64 13.0 package:
5615c7feb96339495bf628ea248a6b76 dhcpcd-3.2.3-x86_64-2_slack13.0.txz

Slackware 13.1 package:
23211c76d60f18f568a44f76c6cbc2dc dhcpcd-5.2.12-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2b186bb623ee30926e54e11c5017ec14 dhcpcd-5.2.12-x86_64-1_slack13.1.txz

Slackware 13.37 package:
9b669fe2c0f4cd3267aad81a28e8302c dhcpcd-5.2.12-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
77564e0ba2daaa5066acd44cd33e8f40 dhcpcd-5.2.12-x86_64-1_slack13.37.txz

Slackware -current package:
8700b8a222d2cbc3564cd9d25b551ac1 dhcpcd-5.2.12-i486-1.txz

Slackware x86_64 -current package:
1d96860005547b5edfc55a4d79fb44cd dhcpcd-5.2.12-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg dhcpcd-5.2.12-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4zP5YACgkQakRjwEAQIjPtBwCeLurBPL1zOs2OjkjV01lF7dC2
fiAAn2hzQPnFw6dF269cYH9eRIJUKeSA
=pMF4
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

libpng (SSA:2011-210-01)

July 29, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] libpng (SSA:2011-210-01)

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current
to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/libpng-1.4.8-i486-1_slack13.37.txz: Upgraded.
Fixed uninitialized memory read in png_format_buffer()
(Bug report by Frank Busse, related to CVE-2004-0421).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.46-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.46-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.46-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.46-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.46-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.46-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.46-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.46-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.46-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.46-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.46-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.46-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.8-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.8-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.8-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.8-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.8-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.8-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 8.1 package:
ad0f8dc2b0b9269c342a0d61bd007c5e libpng-1.2.46-i386-1_slack8.1.tgz

Slackware 9.0 package:
365bea389c02fdc3b920b36b1f5f5a4d libpng-1.2.46-i386-1_slack9.0.tgz

Slackware 9.1 package:
b96cf4fb882decd82bba233b615df3ba libpng-1.2.46-i486-1_slack9.1.tgz

Slackware 10.0 package:
64b11f971f7379ed0af5dc766daf2dd4 libpng-1.2.46-i486-1_slack10.0.tgz

Slackware 10.1 package:
13927173b5ecc4a33a0290363e4e53cd libpng-1.2.46-i486-1_slack10.1.tgz

Slackware 10.2 package:
b32cb1ee9694579a42e47128323b0412 libpng-1.2.46-i486-1_slack10.2.tgz

Slackware 11.0 package:
bc0efc812d8b1a52bb5c480a5b2f9200 libpng-1.2.46-i486-1_slack11.0.tgz

Slackware 12.0 package:
c4fb87f7ecf7aebcd380765d25d0f751 libpng-1.2.46-i486-1_slack12.0.tgz

Slackware 12.1 package:
8f1d8ec6a325c95725b3740dbd41c311 libpng-1.2.46-i486-1_slack12.1.tgz

Slackware 12.2 package:
c846762291145276057dad5c58bb2f89 libpng-1.2.46-i486-1_slack12.2.tgz

Slackware 13.0 package:
e0bc86aa7eeed92f8f8734efa0b54483 libpng-1.2.46-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
3d2a8eb7474420519c947f666635ece8 libpng-1.2.46-x86_64-1_slack13.0.txz

Slackware 13.1 package:
406d411805cf2f99c567c97f53bce69b libpng-1.4.8-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
972fb84c00c4a0d7ab9134f6e65c657f libpng-1.4.8-x86_64-1_slack13.1.txz

Slackware 13.37 package:
a323c2d1ff04054ec8423710200c7682 libpng-1.4.8-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
a56d0776e600625505cc12e6853c50cc libpng-1.4.8-x86_64-1_slack13.37.txz

Slackware -current package:
ebf0f61c96738b840afa104e6ed3a71f libpng-1.4.8-i486-1.txz

Slackware x86_64 -current package:
c3ea775b59fde83c9e65a1d9648945c9 libpng-1.4.8-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg libpng-1.4.8-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4zP5QACgkQakRjwEAQIjPfegCbBnFw1QdOai4sesIY28bPFLYb
H7QAn3NXN3LynFA2nYNYy1mqFO01spcD
=tOZ9
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

mozilla-firefox (SSA:2011-195-02)

July 14, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] mozilla-firefox (SSA:2011-195-02)

New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to
fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/mozilla-firefox-3.6.19-i686-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.19-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.19-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.19-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.19-x86_64-1_slack13.1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
309909b61a49053c4e12e213287c7f5b mozilla-firefox-3.6.19-i686-1.txz

Slackware x86_64 13.0 package:
bbad9abc9da5ee386a68bedb5c9a5796 mozilla-firefox-3.6.19-x86_64-1_slack13.0.txz

Slackware 13.1 package:
4c3369ad77514cf4697b99a566ab0da1 mozilla-firefox-3.6.19-i686-1.txz

Slackware x86_64 13.1 package:
2a4ab812cf3d6e8d18304b53dadde2c0 mozilla-firefox-3.6.19-x86_64-1_slack13.1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg mozilla-firefox-3.6.19-i686-1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4fgmAACgkQakRjwEAQIjMlAQCfcsE1lb+cWajHdCgNy6CSfuZc
67AAnRuELlQF+KN8XRLl3rg0Wxdv3Ulu
=2+ta
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

seamonkey (SSA:2011-195-01)

July 14, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] seamonkey (SSA:2011-195-01)

New seamonkey packages are available for Slackware 13.37, and -current to
fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/seamonkey-2.2-i486-1_slack13.37.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/announce/
(* Security fix *)
patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/announce/
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-2.2-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-solibs-2.2-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-2.2-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-solibs-2.2-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.2-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.2-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.2-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.2-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.37 package:
b96aff564252e24662cd833df957587c seamonkey-2.2-i486-1_slack13.37.txz
e5aca9eec859b12b97047d87e80d8d72 seamonkey-solibs-2.2-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
49178faed12f0f3a190ad342021bc87d seamonkey-2.2-x86_64-1_slack13.37.txz
403b14137c521f8d385d11f252eaa100 seamonkey-solibs-2.2-x86_64-1_slack13.37.txz

Slackware -current package:
fc1987372842b610cc7f5cb0f280b65f l/seamonkey-solibs-2.2-i486-1.txz
71e14c6f70f1869a044021e4f2a03768 xap/seamonkey-2.2-i486-1.txz

Slackware x86_64 -current package:
a2d6bafed1cd6ee6c1fd3841df4b7ab9 l/seamonkey-solibs-2.2-x86_64-1.txz
7a4fe27ad0a5498cd87d43c61609cc83 xap/seamonkey-2.2-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg seamonkey-2.2-i486-1_slack13.37.txz seamonkey-solibs-2.2-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4fgl4ACgkQakRjwEAQIjP4nwCfeQHkMcu6Gdc0lorKZx/VOVkN
Ly8An1VdR1zB5mXsY3WpR8XiDXZ/Os5O
=Ks5Z
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

mozilla-thunderbird (SSA:2011-189-02)

July 8, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] mozilla-thunderbird (SSA:2011-189-02)

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-thunderbird-3.1.11-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-thunderbird-3.1.11-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-thunderbird-3.1.11-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-thunderbird-3.1.11-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-3.1.11-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-3.1.11-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-3.1.11-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
67b87516b8834e37caa3dd56ebd1eeb8 mozilla-thunderbird-3.1.11-i686-1.txz

Slackware x86_64 13.0 package:
fde85a7ccc837e773f776c04ef20fb0d mozilla-thunderbird-3.1.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
8301393fda44746777e9252ca0cd38ff mozilla-thunderbird-3.1.11-i686-1.txz

Slackware x86_64 13.1 package:
7087a2f4619a1f109146196f3c230e7f mozilla-thunderbird-3.1.11-x86_64-1_slack13.1.txz

Slackware 13.37 package:
085255140003a9155ec18b22fc6ad84d mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
ae412c6b31ba2f110d0f25bb74493f8a mozilla-thunderbird-3.1.11-x86_64-1_slack13.37.txz

Slackware -current package:
1e98a712858c9300da9113276f39d403 mozilla-thunderbird-3.1.11-i486-1.txz

Slackware x86_64 -current package:
03a1eea4cab85fa048c308b5f6acec03 mozilla-thunderbird-3.1.11-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-3.1.11-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4XV8QACgkQakRjwEAQIjNBpACghxdZTjtZZFg2jwhboQPnLuyk
jaMAnjkQ4SfN815nNWCN2KhFfLvOM42v
=5TsB
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

bind (SSA:2011-189-01)

July 8, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] bind (SSA:2011-189-01)

New bind packages are available for Slackware 13.37, and -current to
fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz: Upgraded.
A specially constructed packet will cause BIND 9 (“named”) to exit,
affecting DNS service. The issue exists in BIND 9.6.3 and newer.
“Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. This was fixed by disambiguating internal database
representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]“
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.3_P3-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.3_P3-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.3_P3-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.37 package:
6aa159ec74146d5794cd46075541405c bind-9.7.3_P3-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
08abf6bfffc52c0a392658ebd3fa046c bind-9.7.3_P3-x86_64-1_slack13.37.txz

Slackware -current package:
e5e1be017f8204ba3e3b4ad9e30f3714 n/bind-9.7.3_P3-i486-1.txz

Slackware x86_64 -current package:
3d1e556bc5a7646cf331398a8f09d582 n/bind-9.7.3_P3-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg bind-9.7.3_P3-i486-1_slack13.37.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4XV8EACgkQakRjwEAQIjOoiACfVoeAsXh6sqgfLPQryh6c1f5B
NM0An1NigRXBr2/waCYrMVMj7VDHy1ff
=K7Jq
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment