Advisories, October 26, 2006Oct 27, 2006, 03:45 (0 Talkback[s])
rPath Security Advisory: 2006-0195-2
Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.
rPath Security Advisory: 2006-0198-1
In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.
[slackware-security] qt (SSA:2006-298-01)
New qt packages are available for Slackware 10.0, 10.1, 10.2, and 11.0 to fix a possible security issue.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
Trolltech has put out a press release which may be found here:
Here are the details from the Slackware 11.0 ChangeLog:
HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated packages for Slackware 11.0:
Slackware 10.0 package:
Slackware 10.1 package:
Slackware 10.2 package:
Slackware 11.0 packages:
Upgrade the package as root:
If you are running Slackware 11.0, you will also need to upgrade the qca-tls package to put the plugin in the new qt-3.3.7 plugin directory. Earlier versions of Slackware do not include the qca-tls package. # upgradepkg qca-tls-1.0-i486-3_slack11.0.tgz
0 Talkback[s] (click to add your comment)