Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

Malware devs embrace open-source

A tale of two distros: Ubuntu and Linux Mint

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:Advisories, July 31, 2006
Advisories, July 31, 2006
Aug 1, 2006, 03 :45 UTC (0 Talkback[s]) (2827 reads)

Gentoo Linux

Gentoo Linux Security Advisory [UPDATE] GLSA 200605-08:02

http://security.gentoo.org/

Severity: High
Title: PHP: Multiple vulnerabilities
Date: May 08, 2006
Updated: July 24, 2006
Bugs: #127939, #128883, #131135, #133524
ID: 200605-08:02

Update

The initial fix did not properly fix the CVE-2006-1990 issue on 64 bit systems.

The updated sections appear below.

Affected packages


     Package       /  Vulnerable  /                         Unaffected




  1  dev-lang/php       < 5.1.4                               >= 5.1.4
                                                          *>= 4.4.2-r2
  2  dev-lang/php     < 5.1.4-r4                           >= 5.1.4-r4
                                                          *>= 4.4.2-r6
    -------------------------------------------------------------------
     # Package 1 only applies to ARM, HPPA, PPC, S390, SH, SPARC, x86
       and x86-FBSD users.
     # Package 2 only applies to ALPHA, AMD64, IA64 and PPC64 users.
    -------------------------------------------------------------------
     2 affected packages; please see the notes above...

Resolution

All PHP users should upgrade to the latest version: 

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-lang/php

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Slackware Linux

[slackware-security] mysql (SSA:2006-211-01)

New mysql packages are available for Slackware 10.2 to fix security issues (and other bugs). For complete details about the many fixes addressed by this release, you can find MySQL's news article about the MySQL 4.1.21 Community Edition release here:

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz:
Upgraded to mysql-4.1.21.
This is a bugfix and security release.
For more details, see MySQL's news page about MySQL 4.1.21:
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
The CVE entry may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
Thanks to Nino Petkov for pointing out this MySQL release to me. :-)
(* Security fix *)
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz

MD5 signatures:

Slackware 10.2 package:
36f6f7f158bf00953e5a0bd29737bc7c mysql-4.1.21-i486-1_slack10.2.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mysql-4.1.21-i486-1_slack10.2.tgz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP