Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, July 27, 2006

Jul 28, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1125-2 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 27th, 2006 http://www.debian.org/security/faq


Package : drupal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833
Debian Bug : 368835

The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below:

Several remote vulnerabilities have been discovered in the Drupal web site platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2742

A SQL injection vulnerability has been discovered in the "count" and "from" variables of the database interface.

CVE-2006-2743

Multiple file extensions were handled incorrectly if Drupal ran on Apache with mod_mime enabled.

CVE-2006-2831

A variation of CVE-2006-2743 was adressed as well.

CVE-2006-2832

A Cross-Site-Scripting vulnerability in the upload module has been discovered.

CVE-2006-2833

A Cross-Site-Scripting vulnerability in the taxonomy module has been discovered.

For the stable distribution (sarge) these problems have been fixed in version 4.5.3-6.1sarge2.

For the unstable distribution (sid) these problems have been fixed in version 4.5.8-1.1.

We recommend that you upgrade your drupal packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2.dsc
      Size/MD5 checksum: 625 24ef680aad55f19a2d55243f1cc3b0e6
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2.diff.gz
      Size/MD5 checksum: 83921 9c523e0320c94d975626cecbeccc440c
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
      Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f

Architecture independent components:

    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2_all.deb
      Size/MD5 checksum: 503110 e9b642fcb28e0ccd797f38b598d3a756

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1126-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 27th, 2006 http://www.debian.org/security/faq


Package : asterisk
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2898
BugTraq ID : 18295

A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause au crash of the Asterisk server.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your asterisk packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3.dsc
      Size/MD5 checksum: 1259 cee8373afe6f44b36ea61e04d63b67ca
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3.diff.gz
      Size/MD5 checksum: 70172 5510f5699aee64b06f8d8db4e62ca275
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
      Size/MD5 checksum: 2929488 0d0f718ccd7a06ab998c3f637df294c0

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge3_all.deb
      Size/MD5 checksum: 61532 58e631534a5c34740dce182177a3e16b
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge3_all.deb
      Size/MD5 checksum: 83300 92e5c344ae1022fbb8264dfeda02d2c2
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge3_all.deb
      Size/MD5 checksum: 1577638 796103a2c2152b1da96ee557845c4ea0
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge3_all.deb
      Size/MD5 checksum: 1180198 3ffd1657b6ae3824d849107288bfd393
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge3_all.deb
      Size/MD5 checksum: 28290 bd1dca8dcf7dbe19614415d83454534b

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_alpha.deb
      Size/MD5 checksum: 1477586 e6f5a94ca3b89eb61f2b7cba32532b0f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_alpha.deb
      Size/MD5 checksum: 31326 76c73e029c258daab79db1c3e2fe87f9
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_alpha.deb
      Size/MD5 checksum: 21354 4f86990f289a85e40b07b83a1bfbbaeb

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_amd64.deb
      Size/MD5 checksum: 1333258 39d6b98db096bcf6fa4db45bc578450a
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_amd64.deb
      Size/MD5 checksum: 30738 1b542c9cf1701f3c74250135989a53fc
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_amd64.deb
      Size/MD5 checksum: 21348 162f687406dd17fba17f059310e9669b

ARM architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_arm.deb
      Size/MD5 checksum: 1262736 d88b5f4a1d7a1429f8ffd48da9f46816
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_arm.deb
      Size/MD5 checksum: 29466 d24a9a1f6f57b1b1b4f5eb3ecb44a70f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_arm.deb
      Size/MD5 checksum: 21356 440be66143a663f0698e0236fd92e164

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_i386.deb
      Size/MD5 checksum: 1171422 49ba67f54d8a1bdd331e5f383a0c260f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_i386.deb
      Size/MD5 checksum: 29758 6125fda845413e5785dbd5d7c679a392
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_i386.deb
      Size/MD5 checksum: 21354 f258d72d58eb640660e0efac297edc5f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_ia64.deb
      Size/MD5 checksum: 1771180 cc15c68a1a3551f3c6a3db01572fb872
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_ia64.deb
      Size/MD5 checksum: 32880 683dca0a82cadc16ad38c0c65fce4763
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_ia64.deb
      Size/MD5 checksum: 21354 9d3caf73141a753723050a52c7109047

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_hppa.deb
      Size/MD5 checksum: 1448108 4e2074b1ca5ba9dffdda252e0a829ee4
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_hppa.deb
      Size/MD5 checksum: 31384 3f5a1bd65ee55389445b0487eac8c368
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_hppa.deb
      Size/MD5 checksum: 21352 ce35dfb46609b19f617472396e552e72

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_m68k.deb
      Size/MD5 checksum: 1184680 3f73cbf0c391fc41c04d67cfe29e0001
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_m68k.deb
      Size/MD5 checksum: 30130 4e7f290a74e7b682073718e8edc1cc8a
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_m68k.deb
      Size/MD5 checksum: 21356 62ce31ac95d033e589f42a015fddf66b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_mips.deb
      Size/MD5 checksum: 1263882 52bca4c81f91b8eecb6e557a769e8d64
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_mips.deb
      Size/MD5 checksum: 29342 b9d7659f65d8a4d6f9fad86073a72b9f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_mips.deb
      Size/MD5 checksum: 21354 0a69634f046b529d1b72d49746a138b2

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_mipsel.deb
      Size/MD5 checksum: 1270240 2aa0c58b551845a4a2a5b07b4660432c
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_mipsel.deb
      Size/MD5 checksum: 29276 b3e996a206805436b280aa1c7468a311
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_mipsel.deb
      Size/MD5 checksum: 21356 845710e845334fe95bd53b34259fecf3

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_powerpc.deb
      Size/MD5 checksum: 1425078 29e124b6584659daf5ae62400961b065
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_powerpc.deb
      Size/MD5 checksum: 31080 409b172a4b64d79765a9b481c25c43c7
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_powerpc.deb
      Size/MD5 checksum: 21356 09f7bab0bc72f03ff52a7ad77614ffd8

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_s390.deb
      Size/MD5 checksum: 1312432 de1a22506fd0d5e30be34db44095fc77
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_s390.deb
      Size/MD5 checksum: 30762 ade33ddd646fca9653a31598df8aa9ce
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_s390.deb
      Size/MD5 checksum: 21354 63662843c514334226737f60d1b5cab6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_sparc.deb
      Size/MD5 checksum: 1274188 3aa3d901a56583bd0ef815761e9bf34d
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_sparc.deb
      Size/MD5 checksum: 29728 71656321b8a63a875d56edb760cbf385
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_sparc.deb
      Size/MD5 checksum: 21350 f96215e4d19ef628a057a8e6dbe9716f

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: seamonkey security update
Advisory ID: RHSA-2006:0608-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0608.html
Issue date: 2006-07-27
Updated on: 2006-07-27
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3801 CVE-2006-3677 CVE-2006-3113 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812


1. Summary:

Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 3.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)

Several denial of service flaws were found in the way SeaMonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811)

A buffer overflow flaw was found in the way SeaMonkey Messenger displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard, it was possible to execute arbitrary code as the user running SeaMonkey Messenger. (CVE-2006-3804)

Several flaws were found in the way SeaMonkey processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810)

A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808)

Users of SeaMonkey are advised to upgrade to this update, which contains SeaMonkey version 1.0.3 that corrects these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

200253 - CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812)

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.3-0.el3.1.src.rpm
5700fda497d3d6e09cb99bd0160cae1c seamonkey-1.0.3-0.el3.1.src.rpm

i386:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
10bccb0c6f61cc913a5cee11e4525282
seamonkey-chat-1.0.3-0.el3.1.i386.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
4e0d353982d9c7c7779b394047a1cfd9
seamonkey-devel-1.0.3-0.el3.1.i386.rpm
9b47bc7c27efe287cfa0c07792ccc01e seamonkey-dom-inspector-1.0.3-0.el3.1.i386.rpm
0ca5d34ca0b6db2c734ad126b6cb7b87
seamonkey-js-debugger-1.0.3-0.el3.1.i386.rpm
80e793f420547aa0ffc9f55a5d6c790a seamonkey-mail-1.0.3-0.el3.1.i386.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
7b016fbdf8977d24272a6a9bf5c549eb seamonkey-nspr-devel-1.0.3-0.el3.1.i386.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
0b0f7b284d7a43c701b8357a0636147a seamonkey-nss-devel-1.0.3-0.el3.1.i386.rpm

ia64:
b54f3e53c45f910fa925c78a3f85a830 seamonkey-1.0.3-0.el3.1.ia64.rpm
a54b5aa4c3aca436c9dea299d6f6a084
seamonkey-chat-1.0.3-0.el3.1.ia64.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
6f6f74fe222bdc7f46d8ac7dcd7fa39c
seamonkey-debuginfo-1.0.3-0.el3.1.ia64.rpm
165d173c204d1194d809a01550477bb2 seamonkey-devel-1.0.3-0.el3.1.ia64.rpm
04c06e71a1e01ec3fb1b6d4921cf8e72
seamonkey-dom-inspector-1.0.3-0.el3.1.ia64.rpm
e7533e4ee79017f973b5efd8c263fbb8 seamonkey-js-debugger-1.0.3-0.el3.1.ia64.rpm
6934faf2b40b265306fafa09eb7e2bdb
seamonkey-mail-1.0.3-0.el3.1.ia64.rpm
dd0da039d35805b601e785791230b1b5 seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
97ffb9cdeaa8c375248d7338e081705a
seamonkey-nspr-1.0.3-0.el3.1.ia64.rpm
15746c43e276091cca7b22e149968eec seamonkey-nspr-devel-1.0.3-0.el3.1.ia64.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
3fa583ba5193eb5022a1492207af373e seamonkey-nss-1.0.3-0.el3.1.ia64.rpm
430532e2827047ec6e95bd5fad698c98
seamonkey-nss-devel-1.0.3-0.el3.1.ia64.rpm

ppc:
3557460aa7a520cf3ae737e97a23cabf seamonkey-1.0.3-0.el3.1.ppc.rpm
5da4d6c953c2375ea944da5bbc6d65d7
seamonkey-chat-1.0.3-0.el3.1.ppc.rpm
66bcc3654a08f94f34fb68f4af2fd8b3 seamonkey-debuginfo-1.0.3-0.el3.1.ppc.rpm
4a13b4766810a93c338c6e61eb7c2878
seamonkey-devel-1.0.3-0.el3.1.ppc.rpm
43af0613aef928839f9953be9275976e seamonkey-dom-inspector-1.0.3-0.el3.1.ppc.rpm
47c3640748bb8028f99fdc8df7143726
seamonkey-js-debugger-1.0.3-0.el3.1.ppc.rpm
8b0ac20bf0eb1665c48503c1e0be2190 seamonkey-mail-1.0.3-0.el3.1.ppc.rpm
81048df18d14782470b2191138ca1d1d
seamonkey-nspr-1.0.3-0.el3.1.ppc.rpm
b086f5ca564b9dc92f7cb42d05cfe152 seamonkey-nspr-devel-1.0.3-0.el3.1.ppc.rpm
9bfb86324ed33e65b75a222e4f4d594c
seamonkey-nss-1.0.3-0.el3.1.ppc.rpm
8ead6a1dbcf7127d1be215be9386315f seamonkey-nss-devel-1.0.3-0.el3.1.ppc.rpm

s390:
484c596e85d071c16b60a4ff7b588cb2 seamonkey-1.0.3-0.el3.1.s390.rpm
1d19478fe278e8810d37d0e53b843bdd
seamonkey-chat-1.0.3-0.el3.1.s390.rpm
1209d9652acacb8f5443477c8762f1f0 seamonkey-debuginfo-1.0.3-0.el3.1.s390.rpm
1cdd722aaf5be9fde448c5f6572af567
seamonkey-devel-1.0.3-0.el3.1.s390.rpm
1271e3bd7a31e1a61ed06ea92700316b seamonkey-dom-inspector-1.0.3-0.el3.1.s390.rpm
c48f29a1788d2724a0242b9905f4257f
seamonkey-js-debugger-1.0.3-0.el3.1.s390.rpm
2cdab0ae5eac44b1ce498dd30b7bbc37 seamonkey-mail-1.0.3-0.el3.1.s390.rpm
b846008adfbdad2b17be5016674c7bae
seamonkey-nspr-1.0.3-0.el3.1.s390.rpm
bd9ddc4a63442bca42902f1ba24f36af seamonkey-nspr-devel-1.0.3-0.el3.1.s390.rpm
bcb5e6d4273210272de5885cd4493df5
seamonkey-nss-1.0.3-0.el3.1.s390.rpm
4931ae4f6b847dc3e9ad4e6a7cbff616 seamonkey-nss-devel-1.0.3-0.el3.1.s390.rpm

s390x:
d575784f960eae10569f23e9b960539f seamonkey-1.0.3-0.el3.1.s390x.rpm
13515109a27470d1473382feed63ac85
seamonkey-chat-1.0.3-0.el3.1.s390x.rpm
1209d9652acacb8f5443477c8762f1f0 seamonkey-debuginfo-1.0.3-0.el3.1.s390.rpm
2b922024c20037dc4e4e70c9e93da048
seamonkey-debuginfo-1.0.3-0.el3.1.s390x.rpm
dca79815a7bf6b1abc31c3d1da3f8b7d seamonkey-devel-1.0.3-0.el3.1.s390x.rpm
69658420caf319c4a87f9d08cb1f8b63
seamonkey-dom-inspector-1.0.3-0.el3.1.s390x.rpm
b3084333c4285c43b1e7f98d121459d4 seamonkey-js-debugger-1.0.3-0.el3.1.s390x.rpm
b1c98f83174a4294e6442fd85cc54c1e
seamonkey-mail-1.0.3-0.el3.1.s390x.rpm
b846008adfbdad2b17be5016674c7bae seamonkey-nspr-1.0.3-0.el3.1.s390.rpm
94825bce286f505d30157ed388ec0851
seamonkey-nspr-1.0.3-0.el3.1.s390x.rpm
bd5db4932cf91db2e1ab44543bf88b24 seamonkey-nspr-devel-1.0.3-0.el3.1.s390x.rpm
bcb5e6d4273210272de5885cd4493df5
seamonkey-nss-1.0.3-0.el3.1.s390.rpm
bd25f904c8651f3339c6fb4110209673 seamonkey-nss-1.0.3-0.el3.1.s390x.rpm
0317b5cc38abe9e5d753407e6053724f
seamonkey-nss-devel-1.0.3-0.el3.1.s390x.rpm

x86_64:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
d4c9f6d7193e758c20eaed2351bb2d91
seamonkey-1.0.3-0.el3.1.x86_64.rpm
f54fe75baa2c2fa5907cd0a8737efd11 seamonkey-chat-1.0.3-0.el3.1.x86_64.rpm
6c48ebe61fd49a8049c8f7d860609006
seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
107d17cf6eacfc8d82903a7b52722c66 seamonkey-debuginfo-1.0.3-0.el3.1.x86_64.rpm
7762f692b3d621e8c47c392bd2c8031c
seamonkey-devel-1.0.3-0.el3.1.x86_64.rpm
e510b5446448432ba00053432c8a8d37 seamonkey-dom-inspector-1.0.3-0.el3.1.x86_64.rpm
299196ad7affc2b288423aaa1e92829e
seamonkey-js-debugger-1.0.3-0.el3.1.x86_64.rpm
959424ae886ecf449f8cd657de5cf46a seamonkey-mail-1.0.3-0.el3.1.x86_64.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
267086e1803aa3a62035f747cbbdb659 seamonkey-nspr-1.0.3-0.el3.1.x86_64.rpm
7c636ad447bbd128e651262084d62bee
seamonkey-nspr-devel-1.0.3-0.el3.1.x86_64.rpm
b76d2bf3a842876e218395172a9390ee seamonkey-nss-1.0.3-0.el3.1.i386.rpm
03897b6821a7edfc3d9116a0b64a2845
seamonkey-nss-1.0.3-0.el3.1.x86_64.rpm
1c0a8543ac1dd50e69bf5ac03c5f1d1f seamonkey-nss-devel-1.0.3-0.el3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.3-0.el3.1.src.rpm
5700fda497d3d6e09cb99bd0160cae1c seamonkey-1.0.3-0.el3.1.src.rpm

i386:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
10bccb0c6f61cc913a5cee11e4525282
seamonkey-chat-1.0.3-0.el3.1.i386.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
4e0d353982d9c7c7779b394047a1cfd9
seamonkey-devel-1.0.3-0.el3.1.i386.rpm
9b47bc7c27efe287cfa0c07792ccc01e seamonkey-dom-inspector-1.0.3-0.el3.1.i386.rpm
0ca5d34ca0b6db2c734ad126b6cb7b87
seamonkey-js-debugger-1.0.3-0.el3.1.i386.rpm
80e793f420547aa0ffc9f55a5d6c790a seamonkey-mail-1.0.3-0.el3.1.i386.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
7b016fbdf8977d24272a6a9bf5c549eb seamonkey-nspr-devel-1.0.3-0.el3.1.i386.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
0b0f7b284d7a43c701b8357a0636147a seamonkey-nss-devel-1.0.3-0.el3.1.i386.rpm

x86_64:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
d4c9f6d7193e758c20eaed2351bb2d91
seamonkey-1.0.3-0.el3.1.x86_64.rpm
f54fe75baa2c2fa5907cd0a8737efd11 seamonkey-chat-1.0.3-0.el3.1.x86_64.rpm
6c48ebe61fd49a8049c8f7d860609006
seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
107d17cf6eacfc8d82903a7b52722c66 seamonkey-debuginfo-1.0.3-0.el3.1.x86_64.rpm
7762f692b3d621e8c47c392bd2c8031c
seamonkey-devel-1.0.3-0.el3.1.x86_64.rpm
e510b5446448432ba00053432c8a8d37 seamonkey-dom-inspector-1.0.3-0.el3.1.x86_64.rpm
299196ad7affc2b288423aaa1e92829e
seamonkey-js-debugger-1.0.3-0.el3.1.x86_64.rpm
959424ae886ecf449f8cd657de5cf46a seamonkey-mail-1.0.3-0.el3.1.x86_64.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
267086e1803aa3a62035f747cbbdb659 seamonkey-nspr-1.0.3-0.el3.1.x86_64.rpm
7c636ad447bbd128e651262084d62bee
seamonkey-nspr-devel-1.0.3-0.el3.1.x86_64.rpm
b76d2bf3a842876e218395172a9390ee seamonkey-nss-1.0.3-0.el3.1.i386.rpm
03897b6821a7edfc3d9116a0b64a2845
seamonkey-nss-1.0.3-0.el3.1.x86_64.rpm
1c0a8543ac1dd50e69bf5ac03c5f1d1f seamonkey-nss-devel-1.0.3-0.el3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.3-0.el3.1.src.rpm
5700fda497d3d6e09cb99bd0160cae1c seamonkey-1.0.3-0.el3.1.src.rpm

i386:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
10bccb0c6f61cc913a5cee11e4525282
seamonkey-chat-1.0.3-0.el3.1.i386.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
4e0d353982d9c7c7779b394047a1cfd9
seamonkey-devel-1.0.3-0.el3.1.i386.rpm
9b47bc7c27efe287cfa0c07792ccc01e seamonkey-dom-inspector-1.0.3-0.el3.1.i386.rpm
0ca5d34ca0b6db2c734ad126b6cb7b87
seamonkey-js-debugger-1.0.3-0.el3.1.i386.rpm
80e793f420547aa0ffc9f55a5d6c790a seamonkey-mail-1.0.3-0.el3.1.i386.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
7b016fbdf8977d24272a6a9bf5c549eb seamonkey-nspr-devel-1.0.3-0.el3.1.i386.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
0b0f7b284d7a43c701b8357a0636147a seamonkey-nss-devel-1.0.3-0.el3.1.i386.rpm

ia64:
b54f3e53c45f910fa925c78a3f85a830 seamonkey-1.0.3-0.el3.1.ia64.rpm
a54b5aa4c3aca436c9dea299d6f6a084
seamonkey-chat-1.0.3-0.el3.1.ia64.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
6f6f74fe222bdc7f46d8ac7dcd7fa39c
seamonkey-debuginfo-1.0.3-0.el3.1.ia64.rpm
165d173c204d1194d809a01550477bb2 seamonkey-devel-1.0.3-0.el3.1.ia64.rpm
04c06e71a1e01ec3fb1b6d4921cf8e72
seamonkey-dom-inspector-1.0.3-0.el3.1.ia64.rpm
e7533e4ee79017f973b5efd8c263fbb8 seamonkey-js-debugger-1.0.3-0.el3.1.ia64.rpm
6934faf2b40b265306fafa09eb7e2bdb
seamonkey-mail-1.0.3-0.el3.1.ia64.rpm
dd0da039d35805b601e785791230b1b5 seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
97ffb9cdeaa8c375248d7338e081705a
seamonkey-nspr-1.0.3-0.el3.1.ia64.rpm
15746c43e276091cca7b22e149968eec seamonkey-nspr-devel-1.0.3-0.el3.1.ia64.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
3fa583ba5193eb5022a1492207af373e seamonkey-nss-1.0.3-0.el3.1.ia64.rpm
430532e2827047ec6e95bd5fad698c98
seamonkey-nss-devel-1.0.3-0.el3.1.ia64.rpm

x86_64:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
d4c9f6d7193e758c20eaed2351bb2d91
seamonkey-1.0.3-0.el3.1.x86_64.rpm
f54fe75baa2c2fa5907cd0a8737efd11 seamonkey-chat-1.0.3-0.el3.1.x86_64.rpm
6c48ebe61fd49a8049c8f7d860609006
seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
107d17cf6eacfc8d82903a7b52722c66 seamonkey-debuginfo-1.0.3-0.el3.1.x86_64.rpm
7762f692b3d621e8c47c392bd2c8031c
seamonkey-devel-1.0.3-0.el3.1.x86_64.rpm
e510b5446448432ba00053432c8a8d37 seamonkey-dom-inspector-1.0.3-0.el3.1.x86_64.rpm
299196ad7affc2b288423aaa1e92829e
seamonkey-js-debugger-1.0.3-0.el3.1.x86_64.rpm
959424ae886ecf449f8cd657de5cf46a seamonkey-mail-1.0.3-0.el3.1.x86_64.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
267086e1803aa3a62035f747cbbdb659 seamonkey-nspr-1.0.3-0.el3.1.x86_64.rpm
7c636ad447bbd128e651262084d62bee
seamonkey-nspr-devel-1.0.3-0.el3.1.x86_64.rpm
b76d2bf3a842876e218395172a9390ee seamonkey-nss-1.0.3-0.el3.1.i386.rpm
03897b6821a7edfc3d9116a0b64a2845
seamonkey-nss-1.0.3-0.el3.1.x86_64.rpm
1c0a8543ac1dd50e69bf5ac03c5f1d1f seamonkey-nss-devel-1.0.3-0.el3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.3-0.el3.1.src.rpm
5700fda497d3d6e09cb99bd0160cae1c seamonkey-1.0.3-0.el3.1.src.rpm

i386:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
10bccb0c6f61cc913a5cee11e4525282
seamonkey-chat-1.0.3-0.el3.1.i386.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
4e0d353982d9c7c7779b394047a1cfd9
seamonkey-devel-1.0.3-0.el3.1.i386.rpm
9b47bc7c27efe287cfa0c07792ccc01e seamonkey-dom-inspector-1.0.3-0.el3.1.i386.rpm
0ca5d34ca0b6db2c734ad126b6cb7b87
seamonkey-js-debugger-1.0.3-0.el3.1.i386.rpm
80e793f420547aa0ffc9f55a5d6c790a seamonkey-mail-1.0.3-0.el3.1.i386.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
7b016fbdf8977d24272a6a9bf5c549eb seamonkey-nspr-devel-1.0.3-0.el3.1.i386.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
0b0f7b284d7a43c701b8357a0636147a seamonkey-nss-devel-1.0.3-0.el3.1.i386.rpm

ia64:
b54f3e53c45f910fa925c78a3f85a830 seamonkey-1.0.3-0.el3.1.ia64.rpm
a54b5aa4c3aca436c9dea299d6f6a084
seamonkey-chat-1.0.3-0.el3.1.ia64.rpm
6c48ebe61fd49a8049c8f7d860609006 seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
6f6f74fe222bdc7f46d8ac7dcd7fa39c
seamonkey-debuginfo-1.0.3-0.el3.1.ia64.rpm
165d173c204d1194d809a01550477bb2 seamonkey-devel-1.0.3-0.el3.1.ia64.rpm
04c06e71a1e01ec3fb1b6d4921cf8e72
seamonkey-dom-inspector-1.0.3-0.el3.1.ia64.rpm
e7533e4ee79017f973b5efd8c263fbb8 seamonkey-js-debugger-1.0.3-0.el3.1.ia64.rpm
6934faf2b40b265306fafa09eb7e2bdb
seamonkey-mail-1.0.3-0.el3.1.ia64.rpm
dd0da039d35805b601e785791230b1b5 seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
97ffb9cdeaa8c375248d7338e081705a
seamonkey-nspr-1.0.3-0.el3.1.ia64.rpm
15746c43e276091cca7b22e149968eec seamonkey-nspr-devel-1.0.3-0.el3.1.ia64.rpm
b76d2bf3a842876e218395172a9390ee
seamonkey-nss-1.0.3-0.el3.1.i386.rpm
3fa583ba5193eb5022a1492207af373e seamonkey-nss-1.0.3-0.el3.1.ia64.rpm
430532e2827047ec6e95bd5fad698c98
seamonkey-nss-devel-1.0.3-0.el3.1.ia64.rpm

x86_64:
edf47c00458eabb9a145b3a2d6211712 seamonkey-1.0.3-0.el3.1.i386.rpm
d4c9f6d7193e758c20eaed2351bb2d91
seamonkey-1.0.3-0.el3.1.x86_64.rpm
f54fe75baa2c2fa5907cd0a8737efd11 seamonkey-chat-1.0.3-0.el3.1.x86_64.rpm
6c48ebe61fd49a8049c8f7d860609006
seamonkey-debuginfo-1.0.3-0.el3.1.i386.rpm
107d17cf6eacfc8d82903a7b52722c66 seamonkey-debuginfo-1.0.3-0.el3.1.x86_64.rpm
7762f692b3d621e8c47c392bd2c8031c
seamonkey-devel-1.0.3-0.el3.1.x86_64.rpm
e510b5446448432ba00053432c8a8d37 seamonkey-dom-inspector-1.0.3-0.el3.1.x86_64.rpm
299196ad7affc2b288423aaa1e92829e
seamonkey-js-debugger-1.0.3-0.el3.1.x86_64.rpm
959424ae886ecf449f8cd657de5cf46a seamonkey-mail-1.0.3-0.el3.1.x86_64.rpm
dd0da039d35805b601e785791230b1b5
seamonkey-nspr-1.0.3-0.el3.1.i386.rpm
267086e1803aa3a62035f747cbbdb659 seamonkey-nspr-1.0.3-0.el3.1.x86_64.rpm
7c636ad447bbd128e651262084d62bee
seamonkey-nspr-devel-1.0.3-0.el3.1.x86_64.rpm
b76d2bf3a842876e218395172a9390ee seamonkey-nss-1.0.3-0.el3.1.i386.rpm
03897b6821a7edfc3d9116a0b64a2845
seamonkey-nss-1.0.3-0.el3.1.x86_64.rpm
1c0a8543ac1dd50e69bf5ac03c5f1d1f seamonkey-nss-devel-1.0.3-0.el3.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Slackware Linux

[slackware-security] mutt (SSA:2006-207-01)

New mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible security issue.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mutt-1.4.2.2i-i486-1_slack10.2.tgz:
Upgraded to mutt-1.4.2.2i.
This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server.
[Connecting to malicious IMAP servers must be common, right? -- Ed.]
For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
(* Security fix *)
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mutt-1.4.2.2i-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mutt-1.4.2.2i-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mutt-1.4.2.2i-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mutt-1.4.2.2i-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mutt-1.4.2.2i-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mutt-1.4.2.2i-i486-1_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mutt-1.4.2.2i-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
a28e088efe980f3b629fd291b3281eae mutt-1.4.2.2i-i386-1_slack8.1.tgz

Slackware 9.0 package:
2069ff5d3635106fc6f70f649a4ea51c mutt-1.4.2.2i-i386-1_slack9.0.tgz

Slackware 9.1 package:
f662f9f3580261cf99e9c77a7386e8a0 mutt-1.4.2.2i-i486-1_slack9.1.tgz

Slackware 10.0 package:
550564cd80a3618ee80f30d2242c795e mutt-1.4.2.2i-i486-1_slack10.0.tgz

Slackware 10.1 package:
c59433c5ca44d48d27ea29bcaabcf56e mutt-1.4.2.2i-i486-1_slack10.1.tgz

Slackware 10.2 package:
60561d151533a69efe59542db807bdcb mutt-1.4.2.2i-i486-1_slack10.2.tgz

Slackware -current package:
579d5974efdd071804ad5fbed5f1ab22 mutt-1.4.2.2i-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mutt-1.4.2.2i-i486-1_slack10.2.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] x11 (SSA:2006-207-02)

New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages.

More details about the issues may be found here:

http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/x11-6.8.2-i486-6_slack10.2.tgz:
Patched some more possible linux 2.6.x setuid() related bugs:
    http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2. (* Security fix *)
patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz: Patched as above. (* Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz: Rebuilt.
patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz: Rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz: Rebuilt.
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/fontconfig-2.2.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/freetype-2.1.9-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-devel-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xdmx-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xnest-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xvfb-6.9.0-i486-5.tgz

MD5 signatures:

Slackware 10.2 packages:
0cf87318d76c36906dcd5fb5bc718444 x11-6.8.2-i486-6_slack10.2.tgz
bea4188bde1da241595e91bae2c76c11 x11-devel-6.8.2-i486-6_slack10.2.tgz
3286ca1e2dd171577927a31c1a327601 x11-xdmx-6.8.2-i486-6_slack10.2.tgz
27eca3d63e056ac4553c0196161405f4 x11-xnest-6.8.2-i486-6_slack10.2.tgz
e208de9bbe2a830b6f161e0ae3301d3b x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Slackware -current packages:
3cfe905c595a7ff72810834cba17fb40 fontconfig-2.2.3-i486-1.tgz
d796910b7b481086b9569488a07ca257 freetype-2.1.9-i486-1.tgz
abec810fe0662c05b527e815a164b29d x11-6.9.0-i486-5.tgz
dd3d53f59bdd24a2df459cd086659887 x11-devel-6.9.0-