[slackware-security] fetchmail security update
(SSA:2003-300-02)
Fetchmail is a mail-retrieval and forwarding utility.
Upgraded fetchmail packages are available for Slackware 8.1,
9.0, 9.1, and -current. These fix a vulnerability where a specially
crafted email could crash fetchmail, preventing the user from
downloading or forwarding their email.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792
Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/fetchmail-6.2.5-i486-1.tgz: Upgraded to
fetchmail-6.2.5. This fixes a security issue where a specially
crafted message could cause fetchmail to crash, preventing the user
from retrieving email. (* Security fix *)
+————————–+
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.2.5-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.2.5-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.2.5-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.2.5-i486-1.tgz
MD5 SIGNATURES:
Slackware 8.1 package:
8dba5701f5f67ba267664548e7cbd45e fetchmail-6.2.5-i386-1.tgz
Slackware 9.0 package:
818773e14c5d43b738190c7ed9a4854b fetchmail-6.2.5-i386-1.tgz
Slackware 9.1 package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz
Slackware -current package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz
INSTALLATION INSTRUCTIONS:
Upgrade fetchmail as root:
# upgradepkg fetchmail-6.2.5-i486-1.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
[slackware-security] gdm security update (SSA:2003-300-01)
GDM is the GNOME Display Manager, and is commonly used to
provide a graphical login for local users.
Upgraded gdm packages are available for Slackware 9.0, 9.1, and
-current. These fix two vulnerabilities which could allow a local
user to crash or freeze gdm, preventing access to the machine until
a reboot. Sites using gdm should upgrade, especially sites such as
computer labs that use gdm to provide public or semi-public
access.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0794
Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/gdm-2.4.4.5-i486-1.tgz: Upgraded to gdm-2.4.4.5.
This fixes a bug which can allow a local user to crash gdm,
preventing access until the machine is rebooted. (* Security fix
*)
+————————–+
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gdm-2.4.1.7-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gdm-2.4.4.5-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/gdm-2.4.4.5-i486-1.tgz
MD5 SIGNATURES:
Slackware 9.0 package:
ba1123ac6d5f56401cd80efcabcd9502 gdm-2.4.1.7-i386-1.tgz
Slackware 9.1 package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz
Slackware -current package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz
INSTALLATION INSTRUCTIONS:
First, stop gdm. If you’re using runlevel 4 to start gdm, issue
the command to change to a console-based runlevel:
# telinit 3
Next, upgrade gdm as root:
# upgradepkg gdm-2.4.4.5-i486-1.tgz
Finally, restart gdm:
# telinit 4
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com