Fri Sep 29 00:21:27 CDT 2006 patches/packages/openssl-0.9.7l-i486-1_slack10.0.tgz: Upgraded to shared libraries from openssl-0.9.7l. See openssl package update below. (* Security fix *) patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Thanks to Manuel Reimer for pointing out that upgrading openssh would enable a previously disabled sshd daemon. Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. Thanks to Menno Duursma. (* Security fix *) patches/packages/openssl-0.9.7l-i486-1_slack10.0.tgz: Upgraded to openssl-0.9.7l. This fixes a few security related issues: During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) Thanks to Dr S. N. Henson of Open Network Security and NISCC. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Thanks to Dr S. N. Henson of Open Network Security and NISCC. A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (CVE-2006-3738) Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 (* Security fix *) +--------------------------+ Tue Sep 19 14:07:49 CDT 2006 patches/packages/gzip-1.3.5-i486-1_slack10.0.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 (* Security fix *) +--------------------------+ Thu Sep 14 05:30:50 CDT 2006 patches/packages/openssl-0.9.7d-i486-3_slack10.0.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 patches/packages/openssl-solibs-0.9.7d-i486-3_slack10.0.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 (* Security fix *) +--------------------------+ Thu Sep 7 23:41:37 CDT 2006 patches/packages/bind-9.2.6_P1-i486-1_slack10.0.tgz Upgraded to bind-9.2.6_P1. This update addresses a denial of service vulnerability. BIND's CHANGES file says this: 2066. [security] Handle SIG queries gracefully. [RT #16300] The best discussion I've found is in FreeBSD's advisory, so here's a link: http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks) (* Security fix *) +--------------------------+ Fri Aug 18 00:27:05 CDT 2006 patches/packages/libtiff-3.8.2-i486-1_slack10.0.tgz: Patched vulnerabilities in libtiff which were found by Tavis Ormandy of the Google Security Team. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user. A low risk command-line overflow in tiffsplit was also patched. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 (* Security fix *) +--------------------------+ Wed Aug 2 22:03:08 CDT 2006 patches/packages/gnupg-1.4.5-i486-1_slack10.0.tgz: Upgraded to gnupg-1.4.5. From the gnupg-1.4.5 NEWS file: * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible. (* Security fix *) +--------------------------+ Fri Jul 28 17:37:42 CDT 2006 patches/packages/apache-1.3.37-i486-1_slack10.0.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+ Wed Jul 26 23:18:13 CDT 2006 patches/packages/tcpip-0.17-i486-29c_slack10.0.tgz: Repatched the telnet client with the official OpenBSD patch that had already replaced the original security fix in Slackware 9.1, 10.2 and -current. Thanks to Dragan Simic for reporting the issue, and my apologies for taking so long to address the insufficiencies of the original patch in Slackware 10.0 and 10.1. +--------------------------+ Mon Jul 24 15:44:39 CDT 2006 patches/packages/mutt-1.4.2.2i-i486-1_slack10.0.tgz: Upgraded to mutt-1.4.2.2i. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server. [Connecting to malicious IMAP servers must be common, right? -- Ed.] For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 (* Security fix *) +--------------------------+ Tue Jul 18 22:44:53 CDT 2006 patches/packages/samba-3.0.23-i486-2_slack10.0.tgz: Patched a problem in nsswitch/wins.c that caused crashes in the wins and/or winbind libraries. Thanks to Mikhail Kshevetskiy for pointing out the issue and offering a reference to the patch in Samba's source repository. Also, this version of Samba evidently created a new dependency on libdm.so (found in the xfsprogs package in non -current Slackware versions). This additional dependency was not intentional, and has been corrected. +--------------------------+ Fri Jul 14 17:17:17 CDT 2006 patches/packages/samba-3.0.23-i486-1_slack10.0.tgz: Upgraded to samba-3.0.23. This fixes a minor memory exhaustion DoS in smbd. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403 (* Security fix *) +--------------------------+ Tue Jun 27 18:48:22 CDT 2006 patches/packages/arts-1.2.3-i486-2_slack10.0.tgz: Patched to fix a possible exploit if artswrapper is setuid root (which, by default, it is not) and the system is running a 2.6 kernel. Systems running 2.4 kernels are not affected. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-2.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 (* Security fix *) patches/packages/gnupg-1.4.4-i486-1_slack10.0.tgz: This version fixes a memory allocation issue that could allow an attacker to crash GnuPG creating a denial-of-service. The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 patches/packages/kdebase-3.2.3-i486-4_slack10.0.tgz: Patched a problem with kdm where it could be abused to read any file on the system. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-1.txt The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 (* Security fix *) +--------------------------+ Thu Jun 15 02:03:05 CDT 2006 patches/packages/sendmail-8.13.7-i486-1_slack10.0.tgz: Upgraded to sendmail-8.13.7. Fixes a potential denial of service problem caused by excessive recursion leading to stack exhaustion when attempting delivery of a malformed MIME message. This crashes sendmail's queue processing daemon, which in turn can lead to two problems: depending on the settings, these crashed processes may create coredumps which could fill a drive partition; and such a malformed message in the queue will cause queue processing to cease when the message is reached, causing messages that are later in the queue to not be processed. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this issue: http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 (* Security fix *) patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.0.tgz: Upgraded to sendmail-8.13.7 configs. +--------------------------+ Sat Jun 3 17:19:45 CDT 2006 patches/packages/mysql-4.0.27-i486-1_slack10.0.tgz: Upgraded to mysql-4.0.27. This fixes some minor security issues with possible information leakage. Note that the information leakage bugs require that the attacker have access to an account on the database. Also note that by default, Slackware's rc.mysqld script does *not* allow access to the database through the outside network (it uses the --skip-networking option). If you've enabled network access to MySQL, it is a good idea to filter the port (3306) to prevent access from unauthorized machines. For more details, see the MySQL 4.0.27 release announcement here: http://lists.mysql.com/announce/359 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 (* Security fix *) +--------------------------+ Wed May 10 15:07:18 CDT 2006 patches/packages/apache-1.3.35-i486-2_slack10.0.tgz: Patched to fix totally broken Include behavior. Thanks to Francesco Gringoli for reporting this bug. +--------------------------+ Tue May 9 00:50:56 CDT 2006 patches/packages/apache-1.3.35-i486-1_slack10.0.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 (* Security fix *) patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35. +--------------------------+ Mon Apr 24 14:36:46 CDT 2006 patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla This release marks the end-of-life of the Mozilla 1.7.x series: http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/ Mozilla Corporation is recommending that users think about migrating to Firefox and Thunderbird. (* Security fix *) patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz: Updated for mozilla-1.7.13. +--------------------------+ Wed Mar 22 13:01:23 CST 2006 patches/packages/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6. This new version of sendmail contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. From sendmail's advisory: Sendmail was notified by security researchers at ISS that, under some specific timing conditions, this vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. Sendmail is not aware of any public exploit code for this vulnerability. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. Sendmail's complete advisory may be found here: http://www.sendmail.com/company/advisory/index.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 (* Security fix *) patches/packages/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration files. +--------------------------+ Mon Mar 13 20:42:48 CST 2006 patches/packages/gnupg-1.4.2.2-i486-1.tgz: Upgraded to gnupg-1.4.2.2. There have been two security related issues reported recently with GnuPG. From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files: Noteworthy changes in version 1.4.2.2 (2006-03-08) * Files containing several signed messages are not allowed any longer as there is no clean way to report the status of such files back to the caller. To partly revert to the old behaviour the new option --allow-multisig-verification may be used. Noteworthy changes in version 1.4.2.1 (2006-02-14) * Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. Thanks to the taviso from Gentoo for reporting this problem. (* Security fix *) +--------------------------+ Thu Feb 9 15:09:26 CST 2006 patches/packages/fetchmail-6.3.2-i486-1.tgz: Upgraded to fetchmail-6.3.2. Presumably this replaces all the known security problems with a batch of new unknown ones. (fetchmail is improving, really ;-) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321 (* Security fix *) patches/packages/kdegraphics-3.2.3-i486-2.tgz: Patched integer and heap overflows in kpdf to fix possible security bugs with malformed PDF files. For more information, see: http://www.kde.org/info/security/advisory-20051207-2.txt http://www.kde.org/info/security/advisory-20060202-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301 (* Security fix *) patches/packages/kdelibs-3.2.3-i486-3.tgz: Patched a heap overflow vulnerability in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. For more information, see: http://www.kde.org/info/security/advisory-20060119-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019 (* Security fix *) patches/packages/openssh-4.3p1-i486-1.tgz: Upgraded to openssh-4.3p1. This fixes a security issue when using scp to copy files that could cause commands embedded in filenames to be executed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 (* Security fix *) patches/packages/sudo-1.6.8p12-i486-1.tgz: Upgraded to sudo-1.6.8p12. This fixes an issue where a user able to run a Python script through sudo may be able to gain root access. IMHO, running any kind of scripting language from sudo is still not safe... For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151 (* Security fix *) patches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to fix integer and heap overflows in xpdf triggered by malformed PDF files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301 (* Security fix *) +--------------------------+ Mon Nov 7 19:54:57 CST 2005 patches/packages/elm-2.5.8-i486-1.tgz: Upgraded to elm2.5.8. This fixes a buffer overflow in the parsing of the Expires header that could be used to execute arbitrary code as the user running Elm. Thanks to Ulf Harnhammar for finding the bug and reminding me to get out updated packages to address the issue. A reference to the original advisory: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html +--------------------------+ Sat Nov 5 22:15:34 CST 2005 patches/packages/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34. Fixes this minor security bug: "If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks." (* Security fix *) patches/packages/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in libcurl's NTLM function that could have possible security implications. For more details, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) patches/packages/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *) patches/packages/koffice-1.3.1-i486-4.tgz: Patched. Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971 (* Security fix *) patches/packages/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5. Fixes an issue where the handling of Asian characters when using lynx to connect to an NNTP server (is this a common use?) could result in a buffer overflow causing the execution of arbitrary code. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 (* Security fix *) patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34. patches/packages/pine-4.64-i486-1.tgz: Upgraded to pine-4.64. patches/packages/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2. This addresses a buffer overflow in wget's NTLM handling function that could have possible security implications. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 (* Security fix *) +--------------------------+ Thu Oct 13 13:57:25 PDT 2005 patches/packages/openssl-0.9.7d-i486-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *) patches/packages/openssl-solibs-0.9.7d-i486-2.tgz: Patched. (* Security fix *) +--------------------------+ Mon Oct 10 15:14:22 PDT 2005 patches/packages/xine-lib-1.0.3a-i686-1.tgz: Upgraded to xine-lib-1.0.3a. This fixes a format string bug where an attacker, if able to upload malicious information to a CDDB server and then get a local user to play a certain audio CD, may be able to run arbitrary code on the machine as the user running the xine-lib linked application. For more information, see: http://xinehq.de/index.php/security/XSA-2005-1 (* Security fix *) +--------------------------+ Sun Sep 25 22:11:57 PDT 2005 patches/packages/x11-6.7.0-i486-5.tgz: Patched a pixmap overflow issue. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495 (* Security fix *) patches/packages/x11-xdmx-6.7.0-i486-5.tgz: Patched and rebuilt. patches/packages/x11-xnest-6.7.0-i486-5.tgz: Patched and rebuilt. patches/packages/x11-xvfb-6.7.0-i486-5.tgz: Patched and rebuilt. patches/packages/mozilla-1.7.12-i486-1.tgz: Upgraded to mozilla-1.7.12. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla (* Security fix *) patches/packages/mozilla-firefox-1.0.7-i686-1.tgz: Upgraded to firefox-1.0.7. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox (* Security fix *) +--------------------------+ Mon Sep 12 23:38:33 PDT 2005 patches/packages/util-linux-2.12a-i486-2.tgz: Patched an issue with umount where if the umount failed when the '-r' option was used, the filesystem would be remounted read-only but without any extra flags specified in /etc/fstab. This could allow an ordinary user able to mount a floppy or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a setuid binary from removable media and gain root privileges. Reported to BugTraq by David Watson: http://www.securityfocus.com/archive/1/410333 (* Security fix *) +--------------------------+ Mon Sep 12 12:49:39 PDT 2005 patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz: Patched an issue where a remote attacker can cause dhcpcd to crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848 (* Security fix *) +--------------------------+ Wed Sep 7 13:33:05 PDT 2005 patches/packages/kdebase-3.2.3-i486-3.tgz: Patched a security bug in kcheckpass that could allow a local user to gain root privileges. For more information, see: http://www.kde.org/info/security/advisory-20050905-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494 (* Security fix *) patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33. From the CHANGES file: Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 (* Security fix *) +--------------------------+ Tue Aug 30 12:58:36 PDT 2005 patches/packages/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0. This fixes some more security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370 (* Security fix *) patches/packages/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3. This fixes a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Theoretically this could be a security issue if regular expressions are accepted from untrusted users to be processed by a user with greater privileges, but this doesn't seem like a common scenario (or, for that matter, a good idea). However, if you are using an application that links to the shared PCRE library and accepts outside input in such a manner, you will want to update to this new package. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) patches/packages/php-4.3.11-i486-3.tgz: Relinked with the system PCRE library, as the builtin library has a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Note that this change requires the pcre package to be installed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 (* Security fix *) Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the insecure eval() function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 (* Security fix *) +--------------------------+ Fri Jul 29 11:41:50 PDT 2005 patches/packages/tcpip-0.17-i486-29b.tgz: Patched two overflows in the telnet client that could allow the execution of arbitrary code when connected to a malicious telnet server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 (* Security fix *) +--------------------------+ Tue Jul 26 23:37:15 PDT 2005 patches/packages/mozilla-1.7.10-i486-2.tgz: Fixed a folder switching bug. Thanks to Peter Santoro for pointing out the patch. +--------------------------+ Fri Jul 22 13:50:25 PDT 2005 patches/packages/fetchmail-6.2.5.2-i486-1.tgz: Upgraded to fetchmail-6.2.5.2. This fixes an overflow by which malicious or compromised POP3 servers may overflow fetchmail's stack. For more information, see: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt (* Security fix *) patches/packages/gxine-0.4.6-i486-1.tgz: Upgraded to gxine-0.4.6. This fixes a format string vulnerability that allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692 (* Security fix *) patches/packages/zlib-1.2.3-i486-1.tgz: Upgraded to zlib-1.2.3. This fixes an additional crash not fixed by the patch to zlib-1.2.2. (* Security fix *) +--------------------------+ Fri Jul 22 10:33:15 PDT 2005 patches/packages/kdenetwork-3.2.3-i486-2.tgz: Patched overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. For more information, see: http://www.kde.org/info/security/advisory-20050721-1.txt (* Security fix *) patches/packages/mozilla-1.7.10-i486-1.tgz: Upgraded to mozilla-1.7.10. This fixes several security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla (* Security fix *) patches/packages/mozilla-plugins-1.7.10-noarch-1.tgz: Upgraded Java(TM) symlink for Mozilla. +--------------------------+ Tue Jul 19 20:16:16 PDT 2005 patches/packages/dnsmasq-2.22-i486-1.tgz: Upgraded to dnsmasq-2.22. This fixes an off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877 (* Security fix *) +--------------------------+ Thu Jul 14 15:22:27 PDT 2005 patches/packages/tcpdump-3.9.3-i486-1.tgz: Upgraded to libpcap-0.9.3 and tcpdump-3.9.3. This fixes an issue where an invalid BGP packet can cause tcpdump to go into an infinate loop, effectively disabling network monitoring. (* Security fix *) patches/packages/xv-3.10a-i486-4.tgz: Upgraded to the latest XV jumbo patches, xv-3.10a-jumbo-fix-patch-20050410 and xv-3.10a-jumbo-enh-patch-20050501. These fix a number of format string and other possible security issues in addition to providing many other bugfixes and enhancements. (Thanks to Greg Roelofs) (* Security fix *) +--------------------------+ Mon Jul 11 15:02:11 PDT 2005 patches/packages/php-4.3.11-i486-2.tgz: Upgraded PEAR XML_RPC class. This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use this PEAR class should upgrade to the new PHP package, or as a minimal fix may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC (* Security fix *) +--------------------------+ Fri Jul 8 12:05:43 PDT 2005 patches/packages/zlib-1.2.2-i486-2.tgz: Patched an overflow in zlib that could cause applications using zlib to crash. The overflow does not involve user supplied data, and therefore does not allow the execution of arbitrary code. However, it could still be used by a remote attacker to create a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 (* Security fix *) +--------------------------+ Tue Jun 21 22:32:29 PDT 2005 patches/packages/sudo-1.6.8p9-i486-1.tgz: Upgraded to sudo-1.6.8p9. This new version of Sudo fixes a race condition in command pathname handling that could allow a user with Sudo privileges to run arbitrary commands. For full details, see the Sudo site: http://www.courtesan.com/sudo/alerts/path_race.html (* Security fix *) +--------------------------+ Sat Jun 11 22:03:00 PDT 2005 patches/packages/gaim-1.3.1-i486-1.tgz: Upgraded to gaim-1.3.1 and gaim-encryption-2.38. This fixes a couple of remote crash bugs, so users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1. (* Security fix *) +--------------------------+ Sun May 15 20:29:09 PDT 2005 patches/packages/ncftp-3.1.9-i486-1.tgz: Upgraded to ncftp-3.1.9. This corrects a vulnerability where a download from a hostile FTP server might be written to an unintended location potentially compromising system security or causing a denial of service. For more details, see: http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5 (* Security fix *) patches/packages/mozilla-plugins-1.7.8-noarch-1.tgz: Upgraded Java(TM) symlink for Mozilla. patches/packages/mozilla-1.7.8-i486-1.tgz: Upgraded to mozilla-1.7.8. Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only partially vulnerable. For more details, see: http://www.mozilla.org/security/announce/mfsa2005-42.html (* Security fix *) +--------------------------+ Fri May 13 12:48:53 PDT 2005 patches/packages/gaim-1.3.0-i486-1.tgz: Upgraded to gaim-1.3.0. This fixes a few bugs which could be used by a remote attacker to annoy a GAIM user by crashing GAIM and creating a denial of service. (* Security fix *) +--------------------------+ Sun May 1 22:04:43 PDT 2005 patches/packages/infozip-5.52-i486-1.tgz: Upgraded to unzip552.tar.gz and zip231.tar.gz. These fix some buffer overruns if deep directory paths are packed into a Zip archive which could be a security vulnerability (for example, in a case of automated archiving or backups that use Zip). However, it also appears that these now use certain assembly instructions that might not be available on older CPUs, so if you have an older machine you may wish to take this into account before deciding whether you should upgrade. (* Security fix *) patches/packages/gxine-0.4.4-i486-1.tgz: Upgraded to gxine-0.4.4. patches/packages/xine-lib-1.0.1-i686-1.tgz: Upgraded to xine-lib-1.0.1. This fixes some bugs in the MMS and Real RTSP streaming client code. While the odds of this vulnerability being usable to a remote attacker are low (but see the xine advisory), if you stream media from sites using these protocols (and you think the sites might be "hostile" and will try to hack into your xine client), then you might want to upgrade to this new version of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1 are a better rationale to do so, though. For more details on the xine-lib security issues, see: http://xinehq.de/index.php/security/XSA-2004-8 (* Security fix *) patches/packages/xine-ui-0.99.3-i686-1.tgz: Upgraded to xine-ui-0.99.3. +--------------------------+ Thu Apr 21 14:19:49 PDT 2005 patches/packages/cvs-1.11.20-i486-1.tgz: Upgraded to cvs-1.11.20. From cvshome.org: "This version fixes many minor security issues in the CVS server executable including a potentially serious buffer overflow vulnerability with no known exploit. We recommend this upgrade for all CVS servers!" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 (* Security fix *) patches/packages/gaim-1.2.1-i486-1.tgz: Upgraded to gaim-1.2.1. According to gaim.sf.net, this fixes a few denial-of-service flaws. (* Security fix *) patches/packages/mozilla-1.7.7-i486-1.tgz: Upgraded to mozilla-1.7.7. This fixes some security issues. For complete details, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html (* Security fix *) patches/packages/mozilla-plugins-1.7.7-noarch-1.tgz: Upgraded Java(TM) symlink for Mozilla. patches/packages/python-2.3.5-i486-1.tgz: Upgraded to python-2.3.5. From the python.org site: "The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected." For more details, see: http://python.org/security/PSF-2005-001/ (* Security fix *) patches/packages/python-demo-2.3.5-noarch-1.tgz: Upgraded to python-2.3.5 demos. patches/packages/python-tools-2.3.5-noarch-1.tgz: Upgraded to python-2.3.5 tools. +--------------------------+ Sun Apr 3 21:20:07 PDT 2005 patches/packages/php-4.3.11-i486-1.tgz: Upgraded to php-4.3.11. "This is a maintenance release that in addition to over 70 non-critical bug fixes addresses several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly() and getimagesize() functions." (* Security fix *) +--------------------------+ Sat Mar 26 15:04:15 PST 2005 patches/packages/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and gaim-encryption-2.36 (compiled against mozilla-1.7.6). patches/packages/mozilla-1.7.6-i486-1.tgz: Upgraded to mozilla-1.7.6. Fixes some security issues. Please see mozilla.org for a complete list. (* Security fix *) patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin symlinks for Mozilla 1.7.6. +--------------------------+ Sun Oct 31 19:20:49 PST 2004 patches/packages/apache-1.3.33-i486-1.tgz: Upgraded to apache-1.3.33. This fixes one new security issue (the first issue, CAN-2004-0492, was fixed in apache-1.3.32). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a local user who can create SSI documents to become "nobody". The amount of mischief they could cause as nobody seems low at first glance, but it might allow them to use kill or killall as nobody to try to create a DoS. Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski). (* Security fix *) patches/packages/libtiff-3.7.0-i486-1.tgz: Upgraded to libtiff-3.7.0. This fixes several bugs that could lead to crashes, or could possibly allow arbitrary code to be executed. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 (* Security fix *) patches/packages/mod_ssl-2.8.22_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.22_1.3.33. +--------------------------+ Mon Oct 25 16:36:28 PDT 2004 patches/packages/apache-1.3.32-i486-1.tgz: Upgraded to apache-1.3.32. This addresses a heap-based buffer overflow in mod_proxy by rejecting responses from a remote server with a negative Content-Length. The flaw could crash the Apache child process, or possibly allow code to be executed as the Apache user (but only if mod_proxy is actually in use on the server). For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 (* Security fix *) patches/packages/mod_ssl-2.8.21_1.3.32-i486-1.tgz: Upgraded to mod_ssl-2.8.21-1.3.32. Don't allow clients to bypass cipher requirements, possibly negotiating a connection that the server does not consider secure enough. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 (* Security fix *) patches/packages/php-4.3.9-i486-1.tgz: Upgraded to php-4.3.9. +--------------------------+ Fri Oct 22 16:26:38 PDT 2004 patches/packages/gaim-1.0.2-i486-1.tgz: Upgraded to gaim-1.0.2 and gaim-encryption-2.32. A buffer overflow in the MSN protocol handler for GAIM 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and may allow the execution of arbitrary code. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891 (* Security fix *) +--------------------------+ Mon Oct 11 19:32:39 PDT 2004 patches/packages/rsync-2.6.3-i486-1.tgz: Upgraded to rsync-2.6.3. From the rsync NEWS file: A bug in the sanitize_path routine (which affects a non-chrooted rsync daemon) could allow a user to craft a pathname that would get transformed into an absolute path for certain options (but not for file-transfer names). If you're running an rsync daemon with chroot disabled, *please upgrade*, ESPECIALLY if the user privs you run rsync under is anything above "nobody". Note that rsync, in daemon mode, sets the "use chroot" to true by default, and (in this default mode) is not vulnerable to this issue. I would strongly recommend against setting "use chroot" to false even if you've upgraded to this new package. (* Security fix *) +--------------------------+ Mon Oct 4 11:54:19 PDT 2004 patches/packages/getmail-4.2.0-noarch-1.tgz: Upgraded to getmaii-4.2.0. Earlier versions contained a local security flaw when used in an insecure fashion (surprise, running something as root that writes to user-controlled files or directories could allow the old symlink attack to clobber system files! :-) From the getmail CHANGELOG: This vulnerability is not exploitable if the administrator does not deliver mail to the maildirs/mbox files of untrusted local users, or if getmail is configured to use an external unprivileged MDA. This vulnerability is not remotely exploitable. Most users would not use getmail in such as way as to be vulnerable to this flaw, but if your site does this package closes the hole. I'd also recommend not using getmail like this. Either run it as the user that owns the target mailbox, or deliver through an external MDA. (* Security fix *) patches/packages/zlib-1.2.2-i486-1.tgz: Upgraded to zlib-1.2.2. This fixes a possible DoS in earlier versions of zlib-1.2.x. (* Security fix *) +--------------------------+ Sun Sep 19 18:28:24 PDT 2004 patches/packages/cups-1.1.21-i486-1.tgz: Upgraded to cups-1.1.21. This fixes a flaw where a remote attacker can crash the CUPS server causing a denial of service. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558 (* Security fix *) patches/packages/gtk+2-2.4.10-i486-1.tgz: Upgraded to gtk+-2.4.10. This fixes security issues in the image loader routines that can crash applications. (* Security fix *) patches/packages/mozilla-1.7.3-i486-1.tgz: Upgraded to mozilla-1.7.3. The Mozilla page says this fixes some "minor security holes". It also breaks Galeon and Epiphany, and new versions of these have still not appeared. In light of this, I think it's time to remove these Gecko-based browsers. The future is going to be Firefox and Thunderbird anyway, and I don't believe Galeon and Epiphany can be compiled against Firefox's libraries. (* Security fix *) patches/packages/mozilla-plugins-1.7.3-noarch-1.tgz: Changed plugin symlinks for Mozilla 1.7.3. patches/packages/xine-lib-1rc6a-i686-1.tgz: Upgraded to xine-lib-1-rc6a. This release fixes a few overflows that could have security implications. (* Security fix *) +--------------------------+ Mon Sep 13 17:07:20 PDT 2004 patches/packages/samba-3.0.5-i486-3.tgz: Patched two Denial of Service vulnerabilities in samba-3.0.5. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808 (* Security fix *) +--------------------------+ Fri Sep 10 15:33:55 PDT 2004 patches/packages/proftpd-1.2.10-i486-1.tgz: Upgraded to proftpd-1.2.10. +--------------------------+ Fri Sep 3 13:13:09 PDT 2004 patches/packages/glibc-2.3.2-i486-7.tgz: Recompiled using 'strip -g' rather than 'strip --strip-unneeded' to avoid stripping symbols that are needed for debugging threads. Thanks to those who reported this bug, especially Ricardo Nabinger Sanchez who sent in a sample thread program that made it easy to test for the problem (and confirm the fix worked). patches/packages/glibc-solibs-2.3.2-i486-7.tgz: Recompiled using 'strip -g'. patches/packages/kdebase-3.2.3-i486-2.tgz: Patched frame injection vulnerability in Konqueror. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 (* Security fix *) patches/packages/kdelibs-3.2.3-i486-2.tgz: Patched unsafe temporary directory usage, cross-domain cookie injection vulnerability for certain country specific domains, and frame injection vulnerability in Konqueror. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 (* Security fix *) +--------------------------+ Fri Aug 27 14:25:53 PDT 2004 patches/packages/gaim-0.82.1-i486-1.tgz: Upgraded to gaim-0.82.1 to fix a couple of bugs in the gaim-0.82 release. Also, gaim-encryption-2.29 did not work with gaim-0.82 (or 0.82.1), so that has been upgraded to gaim-encryption-2.30. +--------------------------+ Thu Aug 26 17:14:09 PDT 2004 patches/packages/gaim-0.82-i486-1.tgz: Upgraded to gaim-0.82 and gaim-encryption-2.29. Fixes several security issues: Content-length DOS (malloc error) (no CAN ID on this one) MSN strncpy buffer overflow (CAN-2004-0500) Groupware message receive integer overflow (CAN-2004-0754) Smiley theme installation lack of escaping (CAN-2004-0784) RTF message buffer overflow, Local hostname resolution buffer overflow, URL decode buffer overflow (these 3 are CAN-2004-0785) For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 (* Security fix *) +--------------------------+ Mon Aug 23 12:12:58 PDT 2004 patches/packages/qt-3.3.3-i486-1.tgz: Upgraded to qt-3.3.3. This fixes bugs in the image loading routines which could be used by an attacker to run unauthorized code or create a denial-of-service. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 (* Security fix *) +--------------------------+ Mon Aug 9 01:56:43 PDT 2004 patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7. (compiled against Mozilla 1.7.2) patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81. (compiled against Mozilla 1.7.2) patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17. (compiled against Mozilla 1.7.2) patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This fixes three security vulnerabilities. For details, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2 (* Security fix *) patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks for Mozilla 1.7.2. +--------------------------+ Sat Aug 7 17:17:20 AKDT 2004 patches/packages/sox-12.17.4-i486-3.tgz: Patched buffer overflows that could allow a malicious WAV file to execute arbitrary code. (* Security fix *) patches/packages/imagemagick-6.0.4_3-i486-1.tgz: Upgraded to ImageMagick-6.0.4-3. Fixes PNG security issues. (* Security fix *) patches/packages/libpng-1.2.5-i486-3.tgz: Patched possible security issues including buffer and integer overflows and null pointer references. These issues could cause program crashes, or possibly allow arbitrary code embedded in a malicious PNG image to execute. The PNG library is widely used within the system, so all sites should upgrade to the new libpng package. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 (* Security fix *) +--------------------------+ Mon Jul 26 14:10:01 PDT 2004 patches/packages/samba-3.0.5-i486-2.tgz: Rebuilt using --with-acl-support=no to avoid a dependency on libattr (found in the xfsprogs package). Thanks to Fredrik, Naresh Donti, and Dimitar Katerinski for pointing this out. It wasn't intentional (only the version number changed in the build script). +--------------------------+ Sun Jul 25 14:17:29 PDT 2004 patches/packages/mod_ssl-2.8.19_1.3.31-i486-1.tgz: Upgraded to mod_ssl-2.8.19-1.3.31. This fixes a security hole (ssl_log() related format string vulnerability in mod_proxy hook functions), so sites using mod_ssl should upgrade to the new version. Be sure to back up your existing key files first. (* Security fix *) patches/packages/samba-3.0.5-i486-1.tgz: Upgraded to samba-3.0.5. This fixes a buffer overflow in SWAT and another in the code supporting the 'mangling method = hash' smb.conf option (which is not the default). For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686 (* Security fix *) +--------------------------+ Tue Jul 20 19:35:16 PDT 2004 patches/packages/php-4.3.8-i486-1.tgz: Upgraded to php-4.3.8. This release fixes two security problems in PHP (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 (* Security fix *) +--------------------------+ Sat Jun 26 16:05:36 PDT 2004 patches/packages/vim-6.3.007-i486-1.tgz: Upgraded to patchlevel 007, fixed missing vim.mo files (sorry about that!!). patches/packages/gaim-0.79-i486-1.tgz: Upgraded to gaim-0.79 and gaim-encryption-2.27. patches/packages/gnuchess-4.0.pl80-i486-4.tgz: Fixed missing files. (thanks to grk) patches/packages/xvim-6.3.007-i486-1.tgz: Upgraded to patchlevel 007, fixed missing vim.mo files. +--------------------------+ Tue Jun 22 01:34:56 PDT 2004 Slackware 10.0 is released. Thanks to everyone who helped out!