Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 AKDT 2004
patches/packages/imagemagick-6.0.4_3-i486-1.tgz: Upgraded to
ImageMagick-6.0.4-3. Fixes PNG security issues.
(* Security fix *)
+--------------------------+
New Mozilla packages are available for Slackware 9.1, 10.0, and -current
to fix a number of security issues. Slackware 10.0 and -current were
upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.
As usual, new versions of Mozilla require new versions of things that link
with the Mozilla libraries, so for Slackware 10.0 and -current new versions
of epiphany, galeon, gaim, and mozilla-plugins have also been provided.
There don't appear to be epiphany and galeon versions that are compatible
with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not
provided and Epiphany and Galeon will be broken on Slackware 9.1 if the
new Mozilla package is installed. Furthermore, earlier versions of
Mozilla (such as the 1.3 series) were not fixed upstream, so versions
of Slackware earlier than 9.1 will remain vulnerable to these browser
issues. If you still use Slackware 9.0 or earlier, you may want to
consider removing Mozilla or upgrading to a newer version.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug 9 01:56:43 PDT 2004
patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.
(compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.
(compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.
(compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This
fixes three security vulnerabilities. For details, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
(* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks
for Mozilla 1.7.2.
+--------------------------+
New sox packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current
to fix buffer overflow security issues that could allow a malicious WAV file
to execute arbitrary code.
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 AKDT 2004
patches/packages/sox-12.17.4-i486-3.tgz: Patched buffer overflows
that could allow a malicious WAV file to execute arbitrary code.
(* Security fix *)
+--------------------------+
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
and -current to fix security issues. These issues could cause program crashes,
or possibly allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites should upgrade
to the new libpng package.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 PDT 2004
patches/packages/libpng-1.2.5-i486-3.tgz: Patched possible security
issues including buffer and integer overflows and null pointer
references. These issues could cause program crashes, or possibly
allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites
should upgrade to the new libpng package.
For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
(* Security fix *)
+--------------------------+
