---

Slackware Linux Advisory: fetchmail, gdm

[slackware-security] fetchmail security update
(SSA:2003-300-02)

Fetchmail is a mail-retrieval and forwarding utility.

Upgraded fetchmail packages are available for Slackware 8.1,
9.0, 9.1, and -current. These fix a vulnerability where a specially
crafted email could crash fetchmail, preventing the user from
downloading or forwarding their email.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792

Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/fetchmail-6.2.5-i486-1.tgz: Upgraded to
fetchmail-6.2.5. This fixes a security issue where a specially
crafted message could cause fetchmail to crash, preventing the user
from retrieving email. (* Security fix *)
+————————–+

WHERE TO FIND THE NEW PACKAGES:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.2.5-i386-1.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.2.5-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.2.5-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.2.5-i486-1.tgz

MD5 SIGNATURES:

Slackware 8.1 package:
8dba5701f5f67ba267664548e7cbd45e fetchmail-6.2.5-i386-1.tgz

Slackware 9.0 package:
818773e14c5d43b738190c7ed9a4854b fetchmail-6.2.5-i386-1.tgz

Slackware 9.1 package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz

Slackware -current package:
d37acd5314447bd7e727e47432ab6c70 fetchmail-6.2.5-i486-1.tgz

INSTALLATION INSTRUCTIONS:

Upgrade fetchmail as root:

# upgradepkg fetchmail-6.2.5-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] gdm security update (SSA:2003-300-01)

GDM is the GNOME Display Manager, and is commonly used to
provide a graphical login for local users.

Upgraded gdm packages are available for Slackware 9.0, 9.1, and
-current. These fix two vulnerabilities which could allow a local
user to crash or freeze gdm, preventing access to the machine until
a reboot. Sites using gdm should upgrade, especially sites such as
computer labs that use gdm to provide public or semi-public
access.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0793

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0794

Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Oct 22 12:10:11 PDT 2003
patches/packages/gdm-2.4.4.5-i486-1.tgz: Upgraded to gdm-2.4.4.5.
This fixes a bug which can allow a local user to crash gdm,
preventing access until the machine is rebooted. (* Security fix
*)
+————————–+

WHERE TO FIND THE NEW PACKAGES:

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gdm-2.4.1.7-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gdm-2.4.4.5-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/gdm-2.4.4.5-i486-1.tgz

MD5 SIGNATURES:

Slackware 9.0 package:
ba1123ac6d5f56401cd80efcabcd9502 gdm-2.4.1.7-i386-1.tgz

Slackware 9.1 package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz

Slackware -current package:
bb34febec76f6c61f9d3740a95082db8 gdm-2.4.4.5-i486-1.tgz

INSTALLATION INSTRUCTIONS:

First, stop gdm. If you’re using runlevel 4 to start gdm, issue
the command to change to a console-based runlevel:

# telinit 3

Next, upgrade gdm as root:

# upgradepkg gdm-2.4.4.5-i486-1.tgz

Finally, restart gdm:

# telinit 4

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis