Advisory: Slackware Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
autilus was patched and recompiled to fix a problem which would allow a malicious user to mount a symlink attack to overwrite another user's files.
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.
Patched to link to the shared zlib on the system instead of statically linking to the included zlib source. Also, use mktemp to create files in /tmp files more safely.
Fixes the zlib vulnerability and supplementary groups are removed from a server process after changing uid and gid.
New zlib packages are available to fix a security problem which may impactprograms that link with zlib.
Joost Pol discoverd an off-by-one bug in OpenSSH's channel code that can allow a local attacker to obtain root privileges.
This fixes several security problems in the POST handling code used for uploading files through forms. All sites using PHP are urged to upgrade as soon as possible.
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
New packages are now available to address security issues with the atscheduler program (found in Slackware 8.0's bin.tgz package), sudo, andxchat.
Pine 4.44 packages are now available to fix a problem with insecure URLhandling.
A buffer overflow has been found in the glob(3) function in glibc.Fixed packages for Slackware 8.0 are now available.
An exploitable overflow has been found in the address handling code of themutt mail client version 1.2.5i supplied with Slackware 8.0.
This problem can be exploited by local users to gain rootaccess. It is not exploitable by remote attackers without shell access.
The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise.
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow.
Multiple vulnerabilities exist in the versions of BIND found in Slackware7.1 and -current.
glibc-2.2 contains a local vulnerability that affects all setuid rootbinaries.
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message.