slackware-current

vagnerd
(usa OpenBSD)

Enviado em 07/11/2005 - 14:30h

Sat Nov 5 21:55:21 CST 2005

l/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22.
This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
that was already used by the expat headers, causing PHP to fail to compile
when using Slackware's combination of ./configure options.


n/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in
libcurl's NTLM function that could have possible security implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)


n/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b.
This includes various bugfixes. Thanks to Christopher Linnet for reporting
that this fixes a problem with printing to a printer on an XP machine from
CUPS. If you use such a configuration, you'll want this upgrade for sure.


n/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34.


n/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)


n/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1.
Fixes a number of bugs, including several minor security fixes relating to
the overwriting of the GLOBALS array.
(* Security fix *)


n/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)


n/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)


n/pine-4.64-i486-1.tgz: Upgraded to pine-4.64.


n/tcpdump-3.9.4-i486-1.tgz: Upgraded to tcpdump-3.9.4.


n/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)


kde/koffice-1.4.1-i486-2.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)


Mais informações: http://www.slackware.com/security/list.php?l=slackware-security&y=2005