Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, July 31, 2006

Aug 01, 2006, 03:45 (0 Talkback[s])

Gentoo Linux

Gentoo Linux Security Advisory [UPDATE] GLSA 200605-08:02


Severity: High
Title: PHP: Multiple vulnerabilities
Date: May 08, 2006
Updated: July 24, 2006
Bugs: #127939, #128883, #131135, #133524
ID: 200605-08:02


The initial fix did not properly fix the CVE-2006-1990 issue on 64 bit systems.

The updated sections appear below.

Affected packages

     Package       /  Vulnerable  /                         Unaffected

1 dev-lang/php < 5.1.4 >= 5.1.4 *>= 4.4.2-r2 2 dev-lang/php < 5.1.4-r4 >= 5.1.4-r4 *>= 4.4.2-r6 ------------------------------------------------------------------- # Package 1 only applies to ARM, HPPA, PPC, S390, SH, SPARC, x86 and x86-FBSD users. # Package 2 only applies to ALPHA, AMD64, IA64 and PPC64 users. ------------------------------------------------------------------- 2 affected packages; please see the notes above...


All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-lang/php


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:



Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.


Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.


Slackware Linux

[slackware-security] mysql (SSA:2006-211-01)

New mysql packages are available for Slackware 10.2 to fix security issues (and other bugs). For complete details about the many fixes addressed by this release, you can find MySQL's news article about the MySQL 4.1.21 Community Edition release here:


More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:


Here are the details from the Slackware 10.2 ChangeLog:
Upgraded to mysql-4.1.21.
This is a bugfix and security release.
For more details, see MySQL's news page about MySQL 4.1.21:
The CVE entry may be found here:
Thanks to Nino Petkov for pointing out this MySQL release to me. :-)
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 10.2:

MD5 signatures:

Slackware 10.2 package:
36f6f7f158bf00953e5a0bd29737bc7c mysql-4.1.21-i486-1_slack10.2.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mysql-4.1.21-i486-1_slack10.2.tgz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart


Slackware Linux Security Team