1. slackware-current

Vagner Rodrigues Fernandes

(usa OpenBSD)

Enviado em 07/11/2005 - 14:30h

Sat Nov 5 21:55:21 CST 2005

l/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22.
This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
that was already used by the expat headers, causing PHP to fail to compile
when using Slackware's combination of ./configure options.

n/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in
libcurl's NTLM function that could have possible security implications.
For more details, see:
(* Security fix *)

n/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b.
This includes various bugfixes. Thanks to Christopher Linnet for reporting
that this fixes a problem with printing to a printer on an XP machine from
CUPS. If you use such a configuration, you'll want this upgrade for sure.

n/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34.

n/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
(* Security fix *)

n/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1.
Fixes a number of bugs, including several minor security fixes relating to
the overwriting of the GLOBALS array.
(* Security fix *)

n/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
(* Security fix *)

n/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)

n/pine-4.64-i486-1.tgz: Upgraded to pine-4.64.

n/tcpdump-3.9.4-i486-1.tgz: Upgraded to tcpdump-3.9.4.

n/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)

kde/koffice-1.4.1-i486-2.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
(* Security fix *)

Mais informações:



Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner





Top 10 do mês