[slackware-security] fetchmail security update
(SSA:2003-300-02)
Fetchmail is a mail-retrieval and forwarding utility.
Upgraded fetchmail packages are available for Slackware 8.1,
9.0, 9.1, and -current. These fix a vulnerability where a specially
crafted email could crash fetchmail, preventing the user from
downloading or forwarding their email.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792
Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/fetchmail-6.2.5-i486-1.tgz: Upgraded to
fetchmail-6.2.5. This fixes a security issue where a specially
crafted message could cause fetchmail to crash, preventing the user
from retrieving email. (* Security fix *)
+————————–+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.2.5-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.2.5-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.2.5-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.2.5-i486-1.tgz
Slackware 8.1 package:
8dba5701f5f67ba267664548e7cbd45e fetchmail-6.2.5-i386-1.tgz
Slackware 9.0 package:
818773e14c5d43b738190c7ed9a4854b fetchmail-6.2.5-i386-1.tgz
Slackware 9.1 package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz
Slackware -current package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz
Upgrade fetchmail as root:
# upgradepkg fetchmail-6.2.5-i486-1.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
[slackware-security] gdm security update (SSA:2003-300-01)
GDM is the GNOME Display Manager, and is commonly used to
provide a graphical login for local users.
Upgraded gdm packages are available for Slackware 9.0, 9.1, and
-current. These fix two vulnerabilities which could allow a local
user to crash or freeze gdm, preventing access to the machine until
a reboot. Sites using gdm should upgrade, especially sites such as
computer labs that use gdm to provide public or semi-public
access.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0794
Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/gdm-2.4.4.5-i486-1.tgz: Upgraded to gdm-2.4.4.5.
This fixes a bug which can allow a local user to crash gdm,
preventing access until the machine is rebooted. (* Security fix
*)
+————————–+
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gdm-2.4.1.7-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gdm-2.4.4.5-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/gdm-2.4.4.5-i486-1.tgz
Slackware 9.0 package:
ba1123ac6d5f56401cd80efcabcd9502 gdm-2.4.1.7-i386-1.tgz
Slackware 9.1 package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz
Slackware -current package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz
First, stop gdm. If you’re using runlevel 4 to start gdm, issue
the command to change to a console-based runlevel:
# telinit 3
Next, upgrade gdm as root:
# upgradepkg gdm-2.4.4.5-i486-1.tgz
Finally, restart gdm:
# telinit 4
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.