Linux Today - Advisories: May 2, 2005

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories: May 2, 2005

Advisories: May 2, 2005
May 3, 2005, 04 :45 UTC (0 Talkback[s]) (2934 reads)

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : kernel
SUMMARY : Kernel update
DATE : 2005-05-02 17:48:00
ID : CLA-2005:952
RELEVANT RELEASES : 10

DESCRIPTION
The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system.

The following security vulnerabilities are being fixed via this update:

Integer overflow (CAN-2005-0736)[1]
Georgi Guninski reported[2] an integer overflow in sys_epoll_wait in eventpoll.c which allows local users to overwrite kernel memory via a large number of events.
PPP DoS (CAN-2005-0384)[3]
Ben Martel and Stephen Blackheath have discovered a denial-of-service attack where a pppd client can cause a DoS condition on the server.
ISO9660 range checking flaws (CAN-2005-0815)[4]
Michal Zalewski reported[5] multiple "range checking flaws" in the ISO9660 filesystem handler which may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
Bluetooth vulnerability (CAN-2005-0750)[6]
The suresec team reported[7] a vulnerability in the bluez_sock_create function in the Bluetooth stack which allows allows local users to gain privileges via a socket or socketpair call with a negative protocol value.
Information leak in the ext2 filesystem (CAN-2005-0400)[8]
The Arkoon Security Team reported[9] an information leak vulnerability in the ext2_make_empty function call. It does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
Local DoS (CAN-2005-0749)[10]
The load_elf_library function in the Linux kernel allows local users to cause a denial of service condition via a crafted ELF library or executable, which causes a free of an invalid pointer.

The following additional fixes have also been made:

the NVidia driver has been updated to version 7174
the slmodem driver received a patch[12] to work with kernel versions 2.6.10 and higher

SOLUTION
It is recommended that all Conectiva Linux users perform the upgrade.

IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. More detailed instructions are available in Portuguese at our Q&A page[11].

REFERENCES
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0736
2.http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0815
5.http://marc.theaimsgroup.com/?l=bugtraq&m=111110067304783&w=2
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
7.http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
8.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400
9.http://arkoon.net/advisories/ext2-make-empty-leak.txt
10.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
11.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html
12.http://www.datiku.com/documents/2610_migration.php

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

Fedora Core

Fedora Update Notification
FEDORA-2005-350
2005-05-02

Product : Fedora Core 3
Name : kdelibs
Version : 3.3.1
Release : 2.12.FC3
Summary : K Desktop Environment - Libraries

Description :
Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).

Update Information:

A buffer overflow was found in the kimgio library for KDE 3.3.1. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-1046 to this issue.

All users of kdelibs should upgrade to these updated packages, which contain a backported security patch to correct these issues.

Tue Apr 19 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.12.FC3
- apply patch to fix gcc warning #117938
Tue Apr 19 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.11.FC3
- add missing kde documents #152307
- apply patch to fix kimgio input validation vulnerabilities, CAN-2005-1046
- add hack for loading of *.so shared object files #142244
Mon Apr 18 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.10.FC3
- backport the patch to fix kimgio input validation vulnerabilities, CAN-2005-1046, #152093, thanks to KDE security team

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1023f08e9573cd579ed4d978b8f7a7fb SRPMS/kdelibs-3.3.1-2.12.FC3.src.rpm
be28a562a1d99f4530ac1866ab332199 x86_64/kdelibs-3.3.1-2.12.FC3.x86_64.rpm
784b411818c9a1a3d28811e814b9880a x86_64/kdelibs-devel-3.3.1-2.12.FC3.x86_64.rpm
c81fb52aa13551ffb233f9ecc9ea72df x86_64/debug/kdelibs-debuginfo-3.3.1-2.12.FC3.x86_64.rpm
0e6fdd04807160ee7571bcfb098d4c79 x86_64/kdelibs-3.3.1-2.12.FC3.i386.rpm
0e6fdd04807160ee7571bcfb098d4c79 i386/kdelibs-3.3.1-2.12.FC3.i386.rpm
f14c330fcc3f2c9618dc88550d4dd307 i386/kdelibs-devel-3.3.1-2.12.FC3.i386.rpm
bf6808e504ace10edb9da8b6f71efc5f i386/debug/kdelibs-debuginfo-3.3.1-2.12.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2005-351
2005-05-02

Product : Fedora Core 3
Name : tcpdump
Version : 3.8.2
Release : 8.FC3
Summary : A network traffic monitoring tool.

Description :
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria.

Install tcpdump if you need a program to monitor network traffic.

Fri Apr 29 2005 Martin Stransky <stransky@redhat.com> - 14:3.8.2-8.FC3
- fix for CAN-2005-1280 Multiple DoS issues in tcpdump (CAN-2005-1279 CAN-2005-1278), #156040

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4b740bfe93581978552145842e23898d SRPMS/tcpdump-3.8.2-8.FC3.src.rpm
380ab25ad5a4908c2b8bf8461c29317a x86_64/tcpdump-3.8.2-8.FC3.x86_64.rpm
e25dadaa9ab7e602ab6c9b4aee51b536 x86_64/libpcap-0.8.3-8.FC3.x86_64.rpm
f0bcba7f52b8a0c10a5b11488313cb3e x86_64/arpwatch-2.1a13-8.FC3.x86_64.rpm
0f7d020a9e50561b9fbb41ccc135ab24 x86_64/debug/tcpdump-debuginfo-3.8.2-8.FC3.x86_64.rpm
a50375f8e7edf7a88dea70dcb5df98c4 x86_64/libpcap-0.8.3-8.FC3.i386.rpm
031f3ec5c206b4616f2b30f4949ad345 i386/tcpdump-3.8.2-8.FC3.i386.rpm
a50375f8e7edf7a88dea70dcb5df98c4 i386/libpcap-0.8.3-8.FC3.i386.rpm
7fcb261a49f062939946d84a7816b864 i386/arpwatch-2.1a13-8.FC3.i386.rpm
c5006240d5c4c6e4f9c892c882a1ca7b i386/debug/tcpdump-debuginfo-3.8.2-8.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2005-353
2005-05-02

Product : Fedora Core 3
Name : perl
Version : 5.8.5
Release : 12.FC3
Summary : The Perl programming language.

Description :
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts.

Install this package if you want to program in Perl or enable your system to handle Perl scripts.

Update Information:

Security and packaging fixes.

Thu Apr 28 2005 Ville Skyttäville.skytta at iki.fi> - 3:5.8.5-12.FC3
- Apply fix for CAN-2004-0452 (#156128, #146774).
- Drop incorrect provides from the main package and release tag munging from the suidperl subpackage (#148847, Jos&eactute; Pedro Oliveira).
Fri Apr 1 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-11.FC3
- Do not link with libbind... (backported patch from devel).
Wed Mar 31 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-10.FC3
- Fix for CAN-2005-0155, CAN-2005-0156.
- Work around a FTBFS (fails to build from source) in fc3 buildroots.

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1509fe0fadb22b69b5f878341b34d767 SRPMS/perl-5.8.5-12.FC3.src.rpm
c90f95a4aacf003d94d2420dd6629650 x86_64/perl-5.8.5-12.FC3.x86_64.rpm
c46fe5d5db1ca845e67b39f21ea37d99 x86_64/perl-suidperl-5.8.5-12.FC3.x86_64.rpm
32a2972a6d1d56a60a213249e70ac7ff x86_64/debug/perl-debuginfo-5.8.5-12.FC3.x86_64.rpm
fb672eecfac3216363fae01b52cb1fd8 i386/perl-5.8.5-12.FC3.i386.rpm
c54d4bb985501c643eb7be1309543779 i386/perl-suidperl-5.8.5-12.FC3.i386.rpm
dbbc18ba952c8df14788658dcf13d014 i386/debug/perl-debuginfo-5.8.5-12.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200504-30

http://security.gentoo.org/

Severity: Normal
Title: phpMyAdmin: Insecure SQL script installation
Date: April 30, 2005
Bugs: #88831
ID: 200504-30

Synopsis

phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise.

Background

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user.

Affected packages


     Package            /  Vulnerable  /                    Unaffected

  1  dev-db/phpmyadmin     < 2.6.2-r1                      >= 2.6.2-r1

Description

The phpMyAdmin installation process leaves the SQL install script with insecure permissions.

Impact

A local attacker could exploit this vulnerability to obtain the initial phpMyAdmin password and from there obtain information about databases accessible by phpMyAdmin.

Workaround

Change the password for the phpMyAdmin MySQL user (pma):

    mysql -u root -p
    SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword');

Update your phpMyAdmin config.inc.php/:

    $cfg['Servers'][$i]['controlpass']   = 'MyNewPassword';

Resolution

All phpMyAdmin users should change password for the pma user as described above and upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-30.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200505-01

http://security.gentoo.org/

Severity: Low
Title: Horde Framework: Multiple XSS vulnerabilities
Date: May 01, 2005
Bugs: #90365
ID: 200505-01

Synopsis

Various modules of the Horde Framework are vulnerable to multiple cross-site scripting (XSS) vulnerabilities.

Background

The Horde Framework is a PHP based framework for building web applications. It provides many modules including calendar, address book, CVS viewer and Internet Messaging Program.

Affected packages


     Package                   /  Vulnerable  /             Unaffected


  1  www-apps/horde-vacation        < 2.2.2                   >= 2.2.2
  2  www-apps/horde-turba           < 1.2.5                   >= 1.2.5
  3  www-apps/horde-passwd          < 2.2.2                   >= 2.2.2
  4  www-apps/horde-nag             < 1.1.3                   >= 1.1.3
  5  www-apps/horde-mnemo           < 1.1.4                   >= 1.1.4
  6  www-apps/horde-kronolith       < 1.1.4                   >= 1.1.4
  7  www-apps/horde-imp             < 3.2.8                   >= 3.2.8
  8  www-apps/horde-accounts        < 2.1.2                   >= 2.1.2
  9  www-apps/horde-forwards        < 2.2.2                   >= 2.2.2
 10  www-apps/horde-chora           < 1.2.3                   >= 1.2.3
 11  www-apps/horde                 < 2.2.8                   >= 2.2.8
    -------------------------------------------------------------------
     11 affected packages on all of their supported architectures.

Description

Cross-site scripting vulnerabilities have been discovered in various modules of the Horde Framework.

Impact

These vulnerabilities could be exploited by an attacker to execute arbitrary HTML and script code in context of the victim's browser.

Workaround

There is no known workaround at this time.

Resolution

All Horde users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8"

All Horde Vacation users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-vacation-2.2.2"

All Horde Turba users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-turba-1.2.5"

All Horde Passwd users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-2.2.2"

All Horde Nag users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-1.1.3"

All Horde Mnemo users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-1.1.4"

All Horde Kronolith users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
    # ">=www-apps/horde-kronolith-1.1.4"

All Horde IMP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-3.2.8"

All Horde Accounts users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-accounts-2.1.2"

All Horde Forwards users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-forwards-2.2.2"

All Horde Chora users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3"

References

[ 1 ] Horde Announcement

http://marc.theaimsgroup.com/?l=horde-announce&r=1&b=200504&w=2

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200505-01.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Slackware Linux

[slackware-security] infozip (SSA:2005-121-01)

New infozip (zip/unzip) packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues.

From the www.info-zip.org site:
Zip 2.3 and (presumably) all previous versions have a buffer- overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). See the FAQ page for details. All versions of UnZip through 5.50 have a number of directory- traversal vulnerabilities, and version 5.50 also has a textmode data- corruption bug that affects 16-bit ports such as MS-DOS. See the FAQ page for details.

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/infozip-5.52-i486-1.tgz: Upgraded to unzip552.tar.gz and zip231.tar.gz. These fix some buffer overruns if deep directory paths are packed into a Zip archive which could be a security vulnerability (for example, in a case of automated archiving or backups that use Zip). However, it also appears that these now use certain assembly instructions that might not be available on older CPUs, so if you have an older machine you may wish to take this into account before deciding whether you should upgrade. (* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/infozip-5.52-i486-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/infozip-5.52-i486-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/infozip-5.52-i486-1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/infozip-5.52-i486-1.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/infozip-5.52-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/infozip-5.52-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
d3fd87796f1303bf17b94611b4827d60 infozip-5.52-i486-1.tgz

Slackware 9.0 package:
af5f763f9dadadd473032bdebd76f085 infozip-5.52-i486-1.tgz

Slackware 9.1 package:
8d8e78360cd13b2a0f7f0db9a538d031 infozip-5.52-i486-1.tgz

Slackware 10.0 package:
c8ab2971135894313f241a91f11ff02b infozip-5.52-i486-1.tgz

Slackware 10.1 package:
0a94f56bc134975d5fff2f259121b9ad infozip-5.52-i486-1.tgz

Slackware -current package:
e90e33f4fbd2c312faa556bea61e123e infozip-5.52-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg infozip-5.52-i486-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] xine-lib (SSA:2005-121-02)

New xine-lib packages are available for Slackware 10.0, 10.1, and -current to fix security issues. The xine frontends have also been upgraded.

For more details on the xine-lib security issues, see: http://xinehq.de/index.php/security/XSA-2004-8

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/xine-lib-1.0.1-i686-1.tgz: Upgraded to xine-lib-1.0.1. This fixes some bugs in the MMS and Real RTSP streaming client code. While the odds of this vulnerability being usable to a remote attacker are low (but see the xine advisory), if you stream media from sites using these protocols (and you think the sites might be "hostile" and will try to hack into your xine client), then you might want to upgrade to this new version of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1 are a better rationale to do so, though. For more details on the xine-lib security issues, see:
http://xinehq.de/index.php/security/XSA-2004-8
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gxine-0.4.4-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.0.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-ui-0.99.3-i686-1.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gxine-0.4.4-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.0.1-i686-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gxine-0.4.4-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.0.1-i686-1.tgz

MD5 signatures:

Slackware 10.0 packages:
5d4aa5dda0ae61ccec4ffb170a85de64 gxine-0.4.4-i486-1.tgz 8be40e61d91bee8d79d0da5693fd663f xine-lib-1.0.1-i686-1.tgz 935e7d9c8da3ac159aaf5ca44bfb4d2e xine-ui-0.99.3-i686-1.tgz

Slackware 10.1 packages:
12181793dd01d778368df28a1e889264 gxine-0.4.4-i486-1.tgz 22bff793d373875ac9e8377733e3186e xine-lib-1.0.1-i686-1.tgz

Slackware -current packages:
a0b0754ad3767c4bdfd76b1cf23862c7 gxine-0.4.4-i486-1.tgz c17c93bcfe461956d0b38b13836afeab xine-lib-1.0.1-i686-1.tgz

Installation instructions:

Upgrade the xine-lib package as root:
# upgradepkg xine-lib-1.0.1-i686-1.tgz

The xine-lib frontends (xine-ui and gxine) have been upgraded as well (but these are optional upgrades that do not fix any known security issues.) Upgrade these in the same way:

# upgradepkg gxine-0.4.4-i486-1.tgz xine-ui-0.99.3-i686-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise