Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
99
security advisorysecurity fixcritical threatSlackware 11.0 SSA-2007-093-02 Urgent: Memory Buffer Overflow Risk
New file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. NOTE: In Slackware 11.0 and earlier, the file utility was part of the required "bin" package, so this patch is needed even if . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 [slackware-security] file [and bin package] (SSA:2007-093-01) New file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. NOTE: In Slackware 11.0 and earlier, the file utility was part of the required "bin" package, so this patch is needed even if your machine does not have a "file" package installed (which, if you're not running Slackware -current, it probably does not). More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-1536 Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/file-4.20-i486-1_slack11.0.tgz: Upgraded to file-4.20. This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters). For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-1536 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/file-4.20-i386-1_slack8.1.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/file-4.20-i386-1_slack9.0.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/file-4.20-i486-1_slack9.1.tgz Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/file-4.20-i486-1_slack10.0.tgz Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/file-4.20-i486-1_slack10.1.tgz Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/file-4.20-i486-1_slack10.2.tgz Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/file-4.20-i486-1_slack11.0.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 8.1 package: 772ec2c67a683d0616f5c06f8881bb70 file-4.20-i386-1_slack8.1.tgz Slackware 9.0 package: 3d57cb1aa5804b3f66c5a6122df212ab file-4.20-i386-1_slack9.0.tgz Slackware 9.1 package: 359c64d93bb2f375d6bbfe10791682bf file-4.20-i486-1_slack9.1.tgz Slackware 10.0 package: be07145b22d92cf3fb480f3d8be76a52 file-4.20-i486-1_slack10.0.tgz Slackware 10.1 package: f091e41e6cf4804ed5b12a67833d9100 file-4.20-i486-1_slack10.1.tgz Slackware 10.2 package: 72bf4f0f71f79dccf24095e5625f4dd9 file-4.20-i486-1_slack10.2.tgz Slackware 11.0 package: 0a9109c5f0a8d44e018b70b140c77a46 file-4.20-i486-1_slack11.0.tgz Slackware -current package: 42877f903b32dc426861a3802f739d21 file-4.20-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg --install-new file-4.20-i486-1_slack11.0.tgz +-----+ . Archive collections for different Slackware versions address a memory overflow vulnerability that poses a threat ofrunning harmful scripts.. Slackware Updates, File Package Security, Heap Overflow Fix. . Severity: Critical. LinuxSecurity.com Team
Apr 03, 2007
•Critical
Slackware
99
security advisorymoderatebuffer overflowSlackware: 2004-125-01 Moderate: Lha Directory Traversal Threat
New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lha update in bin package (SSA:2004-125-01) New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0234 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0235 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Tue May 4 13:11:26 PDT 2004 patches/packages/bin-8.5.0-i486-2.tgz: Fixed buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0234 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0235 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bin-8.3.0-i386-3.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bin-8.5.0-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bin-8.5.0-i486-2.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 8.1 package: 3384ae4bc983d18ee003a8e2445b7879 bin-8.3.0-i386-3.tgz Slackware 9.0 package: 809e3c75d913a39e886f3a38a41e36f3 bin-8.5.0-i386-2.tgz Slackware 9.1 package: 3db010726fafe7112ff509bd6c1c2909 bin-8.5.0-i486-2.tgz Slackware -current package: 572f9835f4e2833688482ce866a7b7d4 bin-9.0.0-i486-2.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bin-8.5.0-i486-2.tgz +-----+ . Immediate patch released for 'lha' within Slackware to tackle potential memory overflow and path traversal vulnerabilities.. Slackware Security Update, Buffer Overflow Fix, Archive Utility Update. . Severity: Important. LinuxSecurity.com Team
May 04, 2004
•Important
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!