apr/apr-util (SSA:2011-145-01)

May 25, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] apr/apr-util (SSA:2011-145-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue in apr and
a crash bug in apr-util.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/apr-1.4.5-i486-1_slack13.37.txz: Upgraded.
This fixes a possible denial of service due to a problem with a loop in
the new apr_fnmatch() implementation consuming CPU.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
(* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz: Upgraded.
Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.5-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.5-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.12-i486-1_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.5-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.12-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.4.5-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.12-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-1.4.5-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.3.12-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-1.4.5-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.3.12-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-1.4.5-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.3.12-i486-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-1.4.5-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-1.4.5-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.3.12-x86_64-1_slack13.1.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-1.4.5-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.3.12-x86_64-1_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.4.5-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.12-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.4.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.12-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
9a057c739c57c2cf6b28137ec184c1d7 apr-1.4.5-i486-1_slack11.0.tgz
28e6fc4ad6154d5b36fef9bcf2ae3b0d apr-util-1.3.12-i486-1_slack11.0.tgz

Slackware 12.0 package:
ea91c341418d0b6053b72c71ce93467b apr-1.4.5-i486-1_slack12.0.tgz
7ec023aacd371fd64e54756907122cbe apr-util-1.3.12-i486-1_slack12.0.tgz

Slackware 12.1 package:
49be6cd89d47c84379ea30e6249e9d49 apr-1.4.5-i486-1_slack12.1.tgz
10f67a95896a8c84a167302fad5fcdfa apr-util-1.3.12-i486-1_slack12.1.tgz

Slackware 12.2 package:
187f96a16be96fa071657a3c94a1407c apr-1.4.5-i486-1_slack12.2.tgz
77a035ee720d915755ba309b1afcc75d apr-util-1.3.12-i486-1_slack12.2.tgz

Slackware 13.0 package:
48c4b2d5cd4304beaffb0b906267fb3e apr-1.4.5-i486-1_slack13.0.txz
37d6ee4d6d754daf5ef4b4aeea7a8de1 apr-util-1.3.12-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
24fd22fe3bf0470b5e0e6ad6d0de6821 apr-1.4.5-x86_64-1_slack13.0.txz
1b5ef4984af5c1c521a9bbf7f20fd3c7 apr-util-1.3.12-x86_64-1_slack13.0.txz

Slackware 13.1 package:
f19ef60074da3f0ab6bcd322b2bbaf73 apr-1.4.5-i486-1_slack13.1.txz
133980a1c64e0df52281c787cdd6ede0 apr-util-1.3.12-i486-1_slack13.1.txz

Slackware 13.37 package:
cc7dcb9cc1134038b419159424b37439 apr-1.4.5-i486-1_slack13.37.txz
573192de48352460635ee2c450548519 apr-util-1.3.12-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
e70b9855fad1766253e4450f6116c016 apr-1.4.5-x86_64-1_slack13.1.txz
56181dc8e34bfe60eafde44a0110e577 apr-util-1.3.12-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
a7f1de61bfe9b3cc20e6450cb502cbf5 apr-1.4.5-x86_64-1_slack13.37.txz
3bb4543e87ed8b7be0d52f67343f061a apr-util-1.3.12-x86_64-1_slack13.37.txz

Slackware -current package:
fbf028ab5a37872fb97bde61516082df apr-1.4.5-i486-1.txz
56d207c602e63937544d0cf9ce767826 apr-util-1.3.12-i486-1.txz

Slackware x86_64 -current package:
d5e5b70a662a4f8da87bd6bdefd655c4 apr-1.4.5-x86_64-1.txz
eba8994761fb58e291b0a9d813c078e3 apr-util-1.3.12-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg apr-1.4.5-i486-1_slack13.37.txz apr-util-1.3.12-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3ddEwACgkQakRjwEAQIjMAvwCghIamJV2Woq12EftKSe+XmBaC
+64AniYiOhA3iaZwPa1On0QaaKLbEzy4
=Phe+
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

httpd (SSA:2011-133-02)

May 14, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] httpd (SSA:2011-133-02)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current. These have been compiled against the new versions of
apr and apr-util, which were upgraded to fix a security issue that affects
Apache httpd. It is recommended that all three updates be applied.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/httpd-2.2.18-i486-1_slack13.37.txz: Upgraded.
This is a bug fix release, but since the upgrades to apr/apr-util require at
least an httpd recompile we opted to upgrade to the newest httpd.
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.18-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.18-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.18-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.18-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.18-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.18-i486-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.18-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.18-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.18-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.18-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.18-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 12.0 package:
b2f41b334ef0afc5967afa2efee634ac httpd-2.2.18-i486-1_slack12.0.tgz

Slackware 12.1 package:
ba2256fa457ade91ecda5f532c497509 httpd-2.2.18-i486-1_slack12.1.tgz

Slackware 12.2 package:
a3a0d6bceba76ff20007b43ac8c57897 httpd-2.2.18-i486-1_slack12.2.tgz

Slackware 13.0 package:
a6b6e23bc14b67e8523d23fec6ae9542 httpd-2.2.18-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
934b891d8400533d7edc0ca0c8f2b3f2 httpd-2.2.18-x86_64-1_slack13.0.txz

Slackware 13.1 package:
9bf416981a53169f037d614840d4b39f httpd-2.2.18-i486-1_slack13.1.txz

Slackware 13.37 package:
52912c8d8efb5ca5088a734af5f376cf httpd-2.2.18-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
21e916abbd0b0ffefb44a7729387498e httpd-2.2.18-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
aa205d1843be551eb8cd4a7c685142b5 httpd-2.2.18-x86_64-1_slack13.37.txz

Slackware -current package:
f1c1f32019e386afb471823fa93bc78b httpd-2.2.18-i486-1.txz

Slackware x86_64 -current package:
74e28506dd8b21ba4ccbff04920a32a8 httpd-2.2.18-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg httpd-2.2.18-i486-1_slack13.37.txz

Then, restart Apache httpd:

# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3NltkACgkQakRjwEAQIjNw1wCfeRYY1EBjoIRjTClth0OqoDyc
7FMAn1v+eI4RbwCegYDahpBhJh/w9usa
=8NGu
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , 1 Comment

apr/apr-util (SSA:2011-133-01)

May 14, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] apr/apr-util (SSA:2011-133-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/apr-1.4.4-i486-1_slack13.37.txz: Upgraded.
This fixes a possible denial of service due to an unconstrained, recursive
invocation of apr_fnmatch(). This function has been reimplemented using a
non-recursive algorithm. Thanks to William Rowe.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
(* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz: Upgraded.
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.4-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.11-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.4-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.11-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.4.4-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.11-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-1.4.4-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.3.11-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-1.4.4-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.3.11-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-1.4.4-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.3.11-i486-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-1.4.4-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-1.4.4-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.3.11-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-1.4.4-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.3.11-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.4.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.11-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.4.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.11-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
0b18b21f2709e592f2d829323c8db2bd apr-1.4.4-i486-1_slack11.0.tgz
6313ea5ec365a07c86eaaba2ae5a7696 apr-util-1.3.11-i486-1_slack11.0.tgz

Slackware 12.0 package:
b9b2c76b963a9dcba68c54172dbfd2e8 apr-1.4.4-i486-1_slack12.0.tgz
015ad6f362a378efd18f12cb9ecc7c9d apr-util-1.3.11-i486-1_slack12.0.tgz

Slackware 12.1 package:
9e80da5d7f8f823a2ed9936b3cd0269b apr-1.4.4-i486-1_slack12.1.tgz
00ab57f63b1c30c7cf6cfcea365badb1 apr-util-1.3.11-i486-1_slack12.1.tgz

Slackware 12.2 package:
aee097dbd39db150302d02f86d92609e apr-1.4.4-i486-1_slack12.2.tgz
e61f61b8723bd06da8275e015ea03eac apr-util-1.3.11-i486-1_slack12.2.tgz

Slackware 13.0 package:
023e7e77f01816d92a707546d570ec79 apr-1.4.4-i486-1_slack13.0.txz
e168ac8e42e201c7af87c3fd231ec95f apr-util-1.3.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
7343a01be2f8a38118c75aa5133a7958 apr-1.4.4-x86_64-1_slack13.0.txz
458a11c15ed52db5b510c7d1aea065d5 apr-util-1.3.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
39a284a31204f0572d9e732df2e51c92 apr-1.4.4-i486-1_slack13.1.txz
fd264ef731d61afa627489dec1ed6d37 apr-util-1.3.11-i486-1_slack13.1.txz

Slackware 13.37 package:
2afbb475a8a0e4b5f48d42d2ba49a668 apr-1.4.4-i486-1_slack13.37.txz
a0e0f77943e718f26c448f7da7590406 apr-util-1.3.11-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
232289470e6486f08f7b9ee3755c055e apr-1.4.4-x86_64-1_slack13.1.txz
777badbae85f141b55b370337967c55c apr-util-1.3.11-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
9a2d329a4cdabb9369e9ed7e78cdffcf apr-1.4.4-x86_64-1_slack13.37.txz
6ba07cc7e5cab3ac648d0012783fe455 apr-util-1.3.11-x86_64-1_slack13.37.txz

Slackware -current package:
4e010ab165a7504563f316db5b0e34ac apr-1.4.4-i486-1.txz
7c4c1d8febf9e51a95b627e6631ea2b2 apr-util-1.3.11-i486-1.txz

Slackware x86_64 -current package:
5707d225f07da633c67773f6cc6d3fd6 apr-1.4.4-x86_64-1.txz
31d3ce32a2e964ab3128804077cdccd0 apr-util-1.3.11-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg apr-1.4.4-i486-1_slack13.37.txz apr-util-1.3.11-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3NltYACgkQakRjwEAQIjOUnACbB9llwKkkSgxxbyjtWFOTMFJQ
QgcAnjSSItf5HV5AKy5Aw5n2gWI2cb6u
=+kY4
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

seamonkey (SSA:2011-122-03)

May 3, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] seamonkey (SSA:2011-122-03)

New seamonkey packages are available for Slackware 12.2, 13.0, and 13.1 to
fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/seamonkey-2.0.14-i486-1_slack13.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.0.14-i486-1_slack13.1.txz: Upgraded.
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-2.0.14-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-solibs-2.0.14-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-2.0.14-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-solibs-2.0.14-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-2.0.14-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-solibs-2.0.14-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-2.0.14-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-solibs-2.0.14-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-2.0.14-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-solibs-2.0.14-x86_64-1_slack13.1.txz

MD5 signatures:
+————-+

Slackware 12.2 packages:
e0c4f43d57b64d614af3bf0e105dc65a seamonkey-2.0.14-i486-1_slack12.2.tgz
3ba1b517181e99556bfba5a1fae2126c seamonkey-solibs-2.0.14-i486-1_slack12.2.tgz

Slackware 13.0 packages:
748ef9f0a30773bd7f317112fc42497e seamonkey-2.0.14-i486-1_slack13.0.txz
e5eb60583356e6d565920e8052b9e037 seamonkey-solibs-2.0.14-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
d2c4bb7f5cb6b3fbc48e2f3ce467c0a0 seamonkey-2.0.14-x86_64-1_slack13.0.txz
63e662b75b88ca0bdca9a1f477b566cb seamonkey-solibs-2.0.14-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
9c68ad9015ff2273e55361c82cbbf440 seamonkey-2.0.14-i486-1_slack13.1.txz
09e0d2576c76ecfce829db66d3bf0633 seamonkey-solibs-2.0.14-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
307962f494395af71f3a6c7d054f9cc8 seamonkey-2.0.14-x86_64-1_slack13.1.txz
593b116cfebed153f463d5ea5efc926c seamonkey-solibs-2.0.14-x86_64-1_slack13.1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg seamonkey-2.0.14-i486-1_slack13.1.txz seamonkey-solibs-2.0.14-i486-1_slack13.1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2/eNMACgkQakRjwEAQIjOY9QCffG9YhRfUUHCpRN2THxyA39q3
Cn4AnRMrB8u0elcMscA1XfX44ZHZUTov
=wz1k
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

mozilla-thunderbird (SSA:2011-122-02)

May 3, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] mozilla-thunderbird (SSA:2011-122-02)

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-thunderbird-3.1.10-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-thunderbird-3.1.10-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-thunderbird-3.1.10-i686-1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-thunderbird-3.1.10-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-3.1.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-3.1.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-3.1.10-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
8f57a64fcd2e12529436039527fc2279 mozilla-thunderbird-3.1.10-i686-1.txz

Slackware x86_64 13.0 package:
881d38737afca2b8e6b45264c1821ad3 mozilla-thunderbird-3.1.10-x86_64-1_slack13.0.txz

Slackware 13.1 package:
77b40c72eddd319d6745fcbdd91aa3f4 mozilla-thunderbird-3.1.10-i686-1.txz

Slackware 13.37 package:
9a9639e06a84bce7b3dbc1a5ecd6efb1 mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
a7c7958109306aa39d8c5444cd737619 mozilla-thunderbird-3.1.10-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
34afb21e2a6ae52b259c4bed593934c9 mozilla-thunderbird-3.1.10-x86_64-1_slack13.37.txz

Slackware -current package:
e81afa0618085d087a5e5de3a58166e0 xap/mozilla-thunderbird-3.1.10-i486-1.txz

Slackware x86_64 -current package:
9efaaacd355b87dd93e8b2a65eb7185a xap/mozilla-thunderbird-3.1.10-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-3.1.10-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2/eNAACgkQakRjwEAQIjM03ACeKOqYlnXGw4tnsvn0ftm9XPza
IA8An1g+Lk7zubXaahvqnCd9+CTaKf0C
=KZci
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

mozilla-firefox (SSA:2011-122-01)

May 3, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] mozilla-firefox (SSA:2011-122-01)

New mozilla-firefox packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+————————–+
patches/packages/mozilla-firefox-4.0.1-i486-1_slack13.37.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.17-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.17-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.17-i686-1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-4.0.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.17-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-4.0.1-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-4.0.1-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-4.0.1-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 13.0 package:
3ce3856e61eb20465bf376b3f28f28dc mozilla-firefox-3.6.17-i686-1.txz

Slackware x86_64 13.0 package:
66fb81e64b552764a7a3df6b1700846d mozilla-firefox-3.6.17-x86_64-1_slack13.0.txz

Slackware 13.1 package:
d5d3381739e9491ca16d80c7619564c8 mozilla-firefox-3.6.17-i686-1.txz

Slackware 13.37 package:
0aa04d4e72f6450a2a2b691bd490fbd9 mozilla-firefox-4.0.1-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
1316e68eeb9a7fe7d65db950109f57ac mozilla-firefox-3.6.17-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
787e3c90ef1469131b64184761b61fb5 mozilla-firefox-4.0.1-x86_64-1_slack13.37.txz

Slackware -current package:
b7e20ada7808468b4a1153a269464aed xap/mozilla-firefox-4.0.1-i486-1.txz

Slackware x86_64 -current package:
94ea1e087ddf96e5ee68205065f897c5 xap/mozilla-firefox-4.0.1-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg mozilla-firefox-4.0.1-i486-1_slack13.37.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2/eM4ACgkQakRjwEAQIjO4jACfa/v7QvlajWhn0R39Mx36Claw
u6UAmwVwwFtA5fib/Qyf2DkfJRxGP1RX
=NUZA
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

rdesktop (SSA:2011-110-01)

April 22, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] rdesktop (SSA:2011-110-01)

New rdesktop packages are available for Slackware 11.0, 12.0, 12.1, 12.2,
13.0, 13.1, and -current to fix a security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/rdesktop-1.6.0-i486-2_slack13.1.txz: Rebuilt.
Patched a traversal vulnerability (disallow /.. requests).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/rdesktop-1.6.0-i486-2_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/rdesktop-1.6.0-i486-2_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/rdesktop-1.6.0-i486-2_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/rdesktop-1.6.0-i486-2_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/rdesktop-1.6.0-i486-2_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/rdesktop-1.6.0-x86_64-2_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/rdesktop-1.6.0-i486-2_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/rdesktop-1.6.0-x86_64-2_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/rdesktop-1.6.0-i486-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/rdesktop-1.6.0-x86_64-2.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
38e5ac5c9c7f026d28c261639b823f5e rdesktop-1.6.0-i486-2_slack11.0.tgz

Slackware 12.0 package:
22fa31babfd7d91158e80bd0f1badf43 rdesktop-1.6.0-i486-2_slack12.0.tgz

Slackware 12.1 package:
f17d588243b3ec3921de3b7e4cf790ff rdesktop-1.6.0-i486-2_slack12.1.tgz

Slackware 12.2 package:
312d0969d23b349f3b424d49825176be rdesktop-1.6.0-i486-2_slack12.2.tgz

Slackware 13.0 package:
88411f9f9f95518c498b2039c9a15a81 rdesktop-1.6.0-i486-2_slack13.0.txz

Slackware x86_64 13.0 package:
e0228d49d403ba9bcd33ad06dba11794 rdesktop-1.6.0-x86_64-2_slack13.0.txz

Slackware 13.1 package:
56dcdce7c80d9b3abfd2247a429b8dbd rdesktop-1.6.0-i486-2_slack13.1.txz

Slackware x86_64 13.1 package:
723edd12f7cc7b929ae5e5a5ae4f91de rdesktop-1.6.0-x86_64-2_slack13.1.txz

Slackware -current package:
5e30e1e9ea0b73d3ed3c4e147bcb2b01 xap/rdesktop-1.6.0-i486-2.txz

Slackware x86_64 -current package:
afce9228bef5941881ee991ca61033be xap/rdesktop-1.6.0-x86_64-2.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg rdesktop-1.6.0-i486-2_slack13.1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2vn8gACgkQakRjwEAQIjNmoACgiyylJKk0P86rOjE9rVJ+TI0E
/CUAn0CcMK9ZBTZmJwmBBxGaRm28aqq1
=0gKG
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

polkit (SSA:2011-109-01)

April 20, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] polkit (SSA:2011-109-01)

New polkit packages are available for Slackware 13.1 and -current to
fix a security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/polkit-1_14bdfd8-i486-2_slack13.1.txz: Rebuilt.
Patched to fix a race condition that could allow a local user to execute
arbitrary code as root. Thanks to Neel Mehta of Google.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1485
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/polkit-1_14bdfd8-i486-2_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/polkit-1_14bdfd8-x86_64-2_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/polkit-0.101-i486-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/polkit-0.101-x86_64-2.txz

MD5 signatures:
+————-+

Slackware 13.1 package:
5637ba798181d2f8c1eb5e4f7e475a94 polkit-1_14bdfd8-i486-2_slack13.1.txz

Slackware x86_64 13.1 package:
373e6d2d9cee6ad83e21e5cdc35ec491 polkit-1_14bdfd8-x86_64-2_slack13.1.txz

Slackware -current package:
48c255cc39a00a85adb8013463876a29 l/polkit-0.101-i486-2.txz

Slackware x86_64 -current package:
b8c5e45ba82d6b36fd1b7a6574016493 l/polkit-0.101-x86_64-2.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg polkit-1_14bdfd8-i486-2_slack13.1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2uYR0ACgkQakRjwEAQIjMKZgCcCjr2LamqlUIYTy7V1Oh2XU+S
ELcAn0rArJqRjnq8o4Dq4F8OvoljoCR7
=FsAT
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

acl (SSA:2011-108-01)

April 18, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] acl (SSA:2011-108-01)

New acl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, and -current to fix a security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/acl-2.2.50-i486-1_slack13.1.txz: Upgraded.
Fix the –physical option in setfacl and getfacl to prevent symlink attacks.
Thanks to Martijn Dekker for the notification.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
(* Security fix *)
+————————–+

Where to find the new packages:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/acl-2.2.50-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/acl-2.2.50-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/acl-2.2.50-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/acl-2.2.50-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/acl-2.2.50-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/acl-2.2.50-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/acl-2.2.50-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/acl-2.2.50-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/acl-2.2.50-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/acl-2.2.50-x86_64-1.txz

MD5 signatures:
+————-+

Slackware 11.0 package:
d30a67b28019f96cdb9fde78564b0338 acl-2.2.50-i486-1_slack11.0.tgz

Slackware 12.0 package:
fd3071de0015e36ce6dd15035d67a60a acl-2.2.50-i486-1_slack12.0.tgz

Slackware 12.1 package:
9775cc97f24ee94b62da02f44ee68a3a acl-2.2.50-i486-1_slack12.1.tgz

Slackware 12.2 package:
67add881c7cc12b47cddf60423d282bc acl-2.2.50-i486-1_slack12.2.tgz

Slackware 13.0 package:
dbef85a994c8c70332b8f3dce90cbf95 acl-2.2.50-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
28d74a221c8a4cbc6ab08205bbdde1f1 acl-2.2.50-x86_64-1_slack13.0.txz

Slackware 13.1 package:
11e21c1a878cbcf4bef85a37ba2ebc80 acl-2.2.50-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
37ae456acafd28ccec14ffee46c3b1da acl-2.2.50-x86_64-1_slack13.1.txz

Slackware -current package:
ceacbe4b1a09f595d8e446e7e13bf1e7 a/acl-2.2.50-i486-1.txz

Slackware x86_64 -current package:
0f2842fa027f90b3206888a65d001854 a/acl-2.2.50-x86_64-1.txz

Installation instructions:
+————————+

Upgrade the package as root:
# upgradepkg acl-2.2.50-i486-1_slack13.1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2sojAACgkQakRjwEAQIjPu4wCff+PUn8w6eruUq9FjqK05JINa
oXIAnAmzTAqINxx/ctXWJhn8txUs7Uzp
=F50c
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment

kdelibs (SSA:2011-101-02)

April 11, 2011 Slackware Security Team
Descargar artículo en formato PDF

[slackware-security] kdelibs (SSA:2011-101-02)

A new kdelibs package is available for Slackware 13.1 to fix a security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+————————–+
patches/packages/kdelibs-4.4.3-i486-2_slack13.1.txz: Rebuilt.
Patched CVE-2011-1168.
For more information, see:
http://www.kde.org/info/security/advisory-20110411-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1168
(* Security fix *)
+————————–+

Where to find the new package:
+—————————–+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/kdelibs-4.4.3-i486-2_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/kdelibs-4.4.3-x86_64-2_slack13.1.txz

MD5 signatures:
+————-+

Slackware 13.1 package:
f63e406339bcd61df6b2e972f6e60a15 kdelibs-4.4.3-i486-2_slack13.1.txz

Slackware x86_64 13.1 package:
c469e425ac93330cba15bd1fb2f34af2 kdelibs-4.4.3-x86_64-2_slack13.1.txz

Installation instructions:
+————————+

Upgrade the packages as root:
# upgradepkg kdelibs-4.4.3-i486-2_slack13.1.txz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+————————————————————————+
| To leave the slackware-security mailing list: |
+————————————————————————+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+————————————————————————+
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2jXD0ACgkQakRjwEAQIjMgbgCfbbk7ljgBjmvrWTxvveNHnFvH
GhMAnj4aGQFnVXvYXqu+w6lTdcemBPMF
=djMt
—–END PGP SIGNATURE—–

Slackware-Security , , , , , , , Leave a comment