Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Slackware: 2008-098-01 Critical M4 Buffer Overflow Threat

slackware
Calendar Grey April 7, 2008
Dist Slackware Esm H88
Recent updates for m4 are now ready for Slackware to address critical vulnerabilities; it is advised to upgrade from version 8.1 to the latest release.
New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues

Summary

Here are the details from the Slackware 12.0 ChangeLog: patches/packages/m4-1.4.11-i486-1_slack12.0.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: https://www.cve.org/CVERecord?id=CVE-2008-1687 https://www.cve.org/CVERecord?id=CVE-2008-1688 (* Security fix *)

Topics%20covered

Topics Covered

security advisory software update security fix Slackware Critical M4 Buffer Overflow

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m4-1.4.11-i386-1_slack8.1.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m4-1.4.11-i386-1_slack9.0.tgz
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m4-1.4.11-i486-1_slack9.1.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/m4-1.4.11-i...

Read the Full Advisory

MD5 Signatures

Slackware 8.1 package: 1179fae2c4429945c3e6441fed82709d m4-1.4.11-i386-1_slack8.1.tgz
Slackware 9.0 package: d9e5769918dc1741db6bb2619f060995 m4-1.4.11-i386-1_slack9.0.tgz
Slackware 9.1 package: 796f62a0d275b1e9bc4bad8d40595a4e m4-1.4.11-i486-1_slack9.1.tgz
Slackware 10.0 package: 032835fa9f150839ca0dfac4c73a5498 m4-1.4.11-i486-1_slack10.0.tgz
Slackware 10.1 package: e0dd3949d996a8fa12bc480fe2d4eda5 m4-1.4.11-i486-1_slack10.1.tgz
Slackware 10.2 package: 690aa0ae07fcb68096b7122f304a9ea1 m4-1.4.11-i486-1_slack10.2.tgz
Slackware 11.0 package: c48865785be7e2ea5357a43bd625a17f m4-1.4.11-i486-1_slack11.0.tgz
Slackware 12.0 package: 6655deb1e644f356b2ccf74edd3c9d4e m4-1.4.11-i486-1_slack12.0.tgz
Slackware -current package: b56a401503f4285ff0f660bc6da769b8 m4-1.4.11-i486-1.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory software update security fix Slackware Critical M4 Buffer Overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg m4-1.4.11-i486-1_slack12.0.tgz

Related News

Your message here