Linux Today - Slackware Linux Advisories: Mozilla, GTK+, CUPS, xine-lib

search.internet.com

Become a Marketplace Partner

internet.commerce

Be a Commerce Partner

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Subscribe News
Subscribe PR
Subscribe Security

internet.com

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Ksplice debuts zero downtime service for Linux

BM Ups Its Processor Power to 7

KDE.org Relaunched for Software Compilation 4.4

The application is the new the operating system

Linux can compete with the iPad on price, but where�s the magic?

The Bruno Knaapen Technology Learning Center is Established

Anjal: GNOME's Evolution for Netbooks

Linux Mint 8 KDE Community Edition

Open source means freedom from 'anti-features'

GTalX - Google Voice Chat has arrived in Ubuntu 9.10 (Karmic)

UNIX Systems Administrator (IL)
Next Step Systems
US-IL-Chicago

Post A Job | Post A Resume

:Slackware Linux Advisories: Mozilla, GTK+, CUPS, xine-lib

Slackware Linux Advisories: Mozilla, GTK+, CUPS, xine-lib
Sep 23, 2004, 15 :59 UTC (0 Talkback[s]) (2439 reads)

[slackware-security] Mozilla (SSA:2004-266-03)

New Mozilla 1.7.3 packages are available for Slackware 10.0 and -current to fix security issues.

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-1.7.3-i486-1.tgz: Upgraded to mozilla-1.7.3.
The Mozilla page says this fixes some "minor security holes". It also breaks Galeon and Epiphany, and new versions of these have still not appeared. In light of this, I think it's time to remove these Gecko-based browsers. The future is going to be Firefox and Thunderbird anyway, and I don't believe Galeon and Epiphany can be compiled against Firefox's libraries.
(* Security fix *)
+--------------------------+

[ Philip Langdale of the Galeon project was kind enough to write to tell me that Galeon can be compiled against Mozilla 1.7.3 if this option is used: --with-mozilla-snapshot=1.7.2 The point about Firefox remains though. I don't intend to support the Mozilla suite, a number of browsers that depend on it, and Firefox and Thunderbird. While these are all great projects the goal will be to choose the best one and go with it. ]

Where to find the new packages:

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.3-noarch-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-plugins-1.7.3-noarch-1.tgz

MD5 signatures:

Slackware 10.0 packages:
b94d6165e6412ce17113d57b8f4fa326 mozilla-1.7.3-i486-1.tgz
25f1b0a8b66dc21cff2ca8107184a33c mozilla-plugins-1.7.3-noarch-1.tgz

Slackware -current packages:
6e5a0460aa32b4d1014d068868cc616b mozilla-1.7.3-i486-1.tgz
d930901e1ab613f492349833a15934ff mozilla-plugins-1.7.3-noarch-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg mozilla-1.7.3-i486-1.tgz mozilla-plugins-1.7.3-noarch-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] GTK+ image loading flaws (SSA:2004-266-02)

New GTK+ (version 2) packages are available for Slackware 10.0 and -current to fix issues in the image loader routines that can crash applications.

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
l/gtk+2-2.4.10-i486-1.tgz: Upgraded to gtk+-2.4.10. This fixes security issues in the image loader routines that can crash applications.
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gtk+2-2.4.10-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gtk+2-2.4.10-i486-1.tgz

MD5 signatures:

Slackware 10.0 package:
44546bc140e5ea47ca2e6d314169951c gtk+2-2.4.10-i486-1.tgz

Slackware -current package:
cada53174c06fc621713300a817ad76a gtk+2-2.4.10-i486-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg gtk+2-2.4.10-i486-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] CUPS DoS (SSA:2004-266-01)

New CUPS packages are available for Slackware 9.1, 10.0, and -current to fix a denial of service issue where a malformed packet can crash the CUPS server.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558

Here are the details from the Slackware 10.0 ChangeLog:

+--------------------------+
patches/packages/cups-1.1.21-i486-1.tgz: Upgraded to cups-1.1.21.
This fixes a flaw where a remote attacker can crash the CUPS server causing a denial of service.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cups-1.1.21-i486-1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/cups-1.1.21-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.1.21-i486-1.tgz

MD5 signatures:

Slackware 9.1 package:
b3f16be12546c626071281bc17e11739 cups-1.1.21-i486-1.tgz

Slackware 10.0 package:
6cca53545b2ea2d260a3ad4f55e22153 cups-1.1.21-i486-1.tgz

Slackware -current package:
01cc7de97fd7f6d51c3803b5c286dcff cups-1.1.21-i486-1.tgz

Installation instructions:

First, if the CUPS server (cupsd) is running, stop it: . /etc/rc.d/rc.cups stop

Then upgrade using upgradepkg (as root):
upgradepkg cups-1.1.21-i486-1.tgz

Finally, restart cupsd (if needed):
. /etc/rc.d/rc.cups start

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] xine-lib (SSA:2004-266-04)

New xine-lib packages are available for Slackware 10.0 and -current to fix security issues.

For more details, see:
http://www.xinehq.de/index.php/security/XSA-2004-4
http://www.xinehq.de/index.php/security/XSA-2004-5

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
patches/packages/xine-lib-1rc6a-i686-1.tgz: Upgraded to xine-lib-1-rc6a.
This release fixes a few overflows that could have security implications.
(* Security fix *)
+--------------------------+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK
Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES