|
|
| Top White Papers
Current Newswire:
Slackware Linux Advisories: sysklogd, libpng, xine-lib, rsyncMay 03, 2004, 21:14 (0 Talkback[s])[slackware-security] sysklogd update (SSA:2004-124-02) New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue. Here are the details from the Slackware 9.1 ChangeLog: Where to find the new packages:Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 signatures:Slackware 8.1 package: Slackware 9.0 package: Slackware 9.1 package: Slackware -current package: Installation instructions:First, stop syslogd/klogd: Next, upgrade the package as root: Finally, restart the logging system: +-----+ Slackware Linux Security Team [slackware-security] libpng update (SSA:2004-124-04) New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 Here are the details from the Slackware 9.1 ChangeLog: Where to find the new packages:Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 signatures:Slackware 9.0 package: Slackware 9.1 package: Slackware -current package: Installation instructions:Upgrade the package as root: +-----+ Slackware Linux Security Team [slackware-security] xine-lib update (SSA:2004-124-03) New xine-lib packages are available for Slackware 9.1 and -current to fix a security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream. More details about this issue may be found in this advisory: http://www.xinehq.de/index.php/security/XSA-2004-3 Here are the details from the Slackware 9.1 ChangeLog: Where to find the new packages:Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 signatures:Slackware 9.1 package: Slackware -current package: Installation instructions:Upgrade the package as root: +-----+ Slackware Linux Security Team [slackware-security] rsync update (SSA:2004-124-01) New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well). More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 Here are the details from the Slackware 9.1 ChangeLog: Where to find the new packages:Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 signatures:Slackware 8.1 package: Slackware 9.0 package: Slackware 9.1 package: Slackware -current package: Installation instructions:If rsync is running as a server, shut it down first. Then, upgrade the packages as root: Finally, restart the rsync server if needed. +-----+ Slackware Linux Security Team
0 Talkback[s]
(click to add your comment)
|
