http://readlist.com Slackware-security Mailing List - New Threads feed en http://readlist.com/readlist-logo-tiny.gif http://readlist.com/ 156 30 http://readlist.com/lists/slackware.com/slackware-security/0/194.html Thu, 8 May 2008 05:19:04 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2008-128-01) New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is or you'll (by definition) run into problems. More details ... http://readlist.com/lists/slackware.com/slackware-security/0/193.html Thu, 8 May 2008 05:19:04 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2008-128-02) New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw. More details about these issues may be found here: ... http://readlist.com/lists/slackware.com/slackware-security/0/192.html Tue, 29 Apr 2008 08:29:44 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2008-119-01) New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 Additional ... http://readlist.com/lists/slackware.com/slackware-security/0/191.html Sat, 26 Apr 2008 06:10:44 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kdelibs (SSA:2008-116-01) New kdelibs packages are available for Slackware 12.0 and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671 As well as from the KDE web site: ... http://readlist.com/lists/slackware.com/slackware-security/0/190.html Tue, 22 Apr 2008 02:53:33 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xine-lib (SSA:2008-111-01) New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code. Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based buffer overflow in ... http://readlist.com/lists/slackware.com/slackware-security/0/189.html Thu, 17 Apr 2008 23:53:09 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2008-108-01) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug. More details about this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox ... http://readlist.com/lists/slackware.com/slackware-security/0/188.html Mon, 7 Apr 2008 20:12:59 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bzip2 (SSA:2008-098-02) New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 Here are the ... http://readlist.com/lists/slackware.com/slackware-security/0/187.html Mon, 7 Apr 2008 20:11:37 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] m4 (SSA:2008-098-01) New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 ... http://readlist.com/lists/slackware.com/slackware-security/0/186.html Fri, 4 Apr 2008 21:20:32 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2008-095-01) New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 Here ... http://readlist.com/lists/slackware.com/slackware-security/0/185.html Thu, 3 Apr 2008 09:04:49 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] cups (SSA:2008-094-01) New cups packages are available for Slackware 12.0, and -current to fix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here, but if you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as ... http://readlist.com/lists/slackware.com/slackware-security/0/184.html Tue, 1 Apr 2008 11:33:29 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xine-lib (SSA:2008-092-01) New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 Here are the details ... http://readlist.com/lists/slackware.com/slackware-security/0/183.html Sun, 30 Mar 2008 01:25:52 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xine-lib (SSA:2008-089-03) New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 Here are the details ... http://readlist.com/lists/slackware.com/slackware-security/0/182.html Sun, 30 Mar 2008 01:25:51 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2008-089-02) New seamonkey packages are available for Slackware 11.0, 12.0, and -current to fix security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ ... http://readlist.com/lists/slackware.com/slackware-security/0/181.html Sun, 30 Mar 2008 01:25:50 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2008-089-01) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox Here are the details from the Slackware 12.0 ChangeLog: ... http://readlist.com/lists/slackware.com/slackware-security/0/180.html Sun, 2 Mar 2008 11:11:51 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] espgs/ghostscript (SSA:2008-062-01) New espgs or ghostscript packages are available for 11.0, 12.0, and -current to fix a buffer overflow. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/espgs-8.15.4-i486-3_slack12.0.tgz: This patched version of ESP Ghostscript fixes a buffer overflow. ... http://readlist.com/lists/slackware.com/slackware-security/0/179.html Sun, 2 Mar 2008 00:52:39 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2008-061-01) New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz: Upgraded to thunderbird-2.0.0.12. ... http://readlist.com/lists/slackware.com/slackware-security/0/178.html Fri, 15 Feb 2008 03:38:22 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2008-045-03) New php-4.4.8 packages are available for Slackware 10.2 and 11.0 to fix security issues. More details about the issues may be found here: http://bugs.php.net/43010 Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/php-4.4.8-i486-1_slack11.0.tgz: ... http://readlist.com/lists/slackware.com/slackware-security/0/177.html Fri, 15 Feb 2008 03:38:22 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apache (SSA:2008-045-02) New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching mod_ssl package is also provided. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: ... http://readlist.com/lists/slackware.com/slackware-security/0/176.html Fri, 15 Feb 2008 03:38:21 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2008-045-01) New httpd packages are available for Slackware 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 ... http://readlist.com/lists/slackware.com/slackware-security/0/175.html Wed, 13 Feb 2008 08:01:37 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] firefox, seamonkey (SSA:2008-043-01) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. New seamonkey updates are available for Slackware 11.0, 12.0, and -current to address similar issues. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ ...