Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 AKDT 2004
patches/packages/imagemagick-6.0.4_3-i486-1.tgz: Upgraded to
ImageMagick-6.0.4-3. Fixes PNG security issues.
(* Security fix *)
+--------------------------+
New Mozilla packages are available for Slackware 9.1, 10.0, and
-current to fix a number of security issues. Slackware 10.0 and
-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was
upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla
require new versions of things that link with the Mozilla
libraries, so for Slackware 10.0 and -current new versions of
epiphany, galeon, gaim, and mozilla-plugins have also been
provided. There don't appear to be epiphany and galeon versions
that are compatible with Mozilla 1.4.3 and the GNOME in Slackware
9.1, so these are not provided and Epiphany and Galeon will be
broken on Slackware 9.1 if the new Mozilla package is installed.
Furthermore, earlier versions of Mozilla (such as the 1.3 series)
were not fixed upstream, so versions of Slackware earlier than 9.1
will remain vulnerable to these browser issues. If you still use
Slackware 9.0 or earlier, you may want to consider removing Mozilla
or upgrading to a newer version.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug 9 01:56:43 PDT 2004
patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to
epiphany-1.2.7.
(compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.
(compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to
galeon-1.3.17.
(compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla
1.7.2. This fixes three security vulnerabilities. For details,
see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
(* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin
symlinks for Mozilla 1.7.2.
+--------------------------+
New sox packages are available for Slackware 8.1, 9.0, 9.1,
10.0, and -current to fix buffer overflow security issues that
could allow a malicious WAV file to execute arbitrary code.
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 AKDT 2004
patches/packages/sox-12.17.4-i486-3.tgz: Patched buffer overflows
that could allow a malicious WAV file to execute arbitrary
code.
(* Security fix *)
+--------------------------+
New libpng packages are available for Slackware 8.1, 9.0, 9.1,
10.0, and -current to fix security issues. These issues could cause
program crashes, or possibly allow arbitrary code embedded in a
malicious PNG image to execute. The PNG library is widely used
within the system, so all sites should upgrade to the new libpng
package.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug 7 17:17:20 PDT 2004
patches/packages/libpng-1.2.5-i486-3.tgz: Patched possible security
issues including buffer and integer overflows and null pointer
references. These issues could cause program crashes, or possibly
allow arbitrary code embedded in a malicious PNG image to execute.
The PNG library is widely used within the system, so all sites
should upgrade to the new libpng package.
For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
(* Security fix *)
+--------------------------+
