Slackware Security Announces http://dev.slackware.it/security/ Latest ten Slackware Security Announces en-us insomniac@slackware.it http://blogs.law.harvard.edu/tech/rss 2012-02-10 glibc (SSA:2012-041-03)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.806982

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[slackware-security] glibc (SSA:2012-041-03)

New glibc packages are available for Slackware 13.1, 13.37, and -current to

fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.

Patched an overflow in tzfile. This was evidently first reported in

2009, but is only now getting around to being patched. To exploit it,

one must be able to write beneath /usr/share/zoneinfo, which is usually

not possible for a normal user, but may be in the case where they are

chroot()ed to a directory that they own.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029

(* Security fix *)

patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.

patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.

(* Security fix *)

patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.

(* Security fix *)

patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.

+--------------------------+

Where to find the new packages:

+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

Updated packages for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Updated packages for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-6_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Updated packages for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Updated packages for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-5_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.14.1-i486-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.14.1-i486-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.14.1-i486-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.14.1-i486-4.txz

Updated packages for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.14.1-x86_64-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.14.1-x86_64-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.14.1-x86_64-4.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.14.1-x86_64-4.txz

MD5 signatures:

+-------------+

Slackware 13.1 packages:

c7f0d5af7b32d6259272956bf1621ce0 glibc-2.11.1-i486-6_slack13.1.txz

d80c53f769a30b407e303eb440e326e3 glibc-i18n-2.11.1-i486-6_slack13.1.txz

6b9eb872a8368a13d71cecf8e031d2be glibc-profile-2.11.1-i486-6_slack13.1.txz

ba34c30c27d42c61190979884e8b8697 glibc-solibs-2.11.1-i486-6_slack13.1.txz

74afbffcfb20ac6235945930a8a0ac57 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Slackware x86_64 13.1 packages:

a9bfcb4a0fde94a9355ecce905bb3ba4 glibc-2.11.1-x86_64-6_slack13.1.txz

6f7df8a5ac48f364fff364f679430ea5 glibc-i18n-2.11.1-x86_64-6_slack13.1.txz

1590ae7b50153b2d28489b9192126120 glibc-profile-2.11.1-x86_64-6_slack13.1.txz

067bcd52acc3552bf2a77126fd12605e glibc-solibs-2.11.1-x86_64-6_slack13.1.txz

ce56ec387a50c00425d4dcf88ba71ee2 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz

Slackware 13.37 packages:

dacaa396b83346f0313e85356ba496ad glibc-2.13-i486-5_slack13.37.txz

e6238c92c6a97a56274d91e342e2ef07 glibc-i18n-2.13-i486-5_slack13.37.txz

aca444c2c834c1bbbb1fdcd08f381f5d glibc-profile-2.13-i486-5_slack13.37.txz

04db99e0770b06af713322daa35f9463 glibc-solibs-2.13-i486-5_slack13.37.txz

fe22b8ba56e8a14d025943d6a53f0a22 glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Slackware x86_64 13.37 packages:

ab90f9581621a4b9e1f41fdd1c583a25 glibc-2.13-x86_64-5_slack13.37.txz

d82fef5b1e734c9fd9aee358139dccaa glibc-i18n-2.13-x86_64-5_slack13.37.txz

f26848e2ef7a2ed367a73fded8d51e2a glibc-profile-2.13-x86_64-5_slack13.37.txz

1f4b8e716764c98c7c261fb7d7c19557 glibc-solibs-2.13-x86_64-5_slack13.37.txz

553c32ce3937c8700dde84bad4b5467c glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

Slackware -current packages:

cc98a5b0a120a3350b17d087af3a2163 a/glibc-solibs-2.14.1-i486-4.txz

b549864a76c55b71f385eaf9077cf6ac a/glibc-zoneinfo-2011i_2011n-noarch-4.txz

8522cbc56aec9af6c9c8e58fb5ee71c4 l/glibc-2.14.1-i486-4.txz

98561de06536ce17b221774f39316933 l/glibc-i18n-2.14.1-i486-4.txz

8a7ac4e4796eaefc6447222f7ce6eedf l/glibc-profile-2.14.1-i486-4.txz

Slackware x86_64 -current packages:

83121e8a4e8e46d2faa58221382f914c a/glibc-solibs-2.14.1-x86_64-4.txz

8245bc6fb5e59fa905df708391bd3f89 a/glibc-zoneinfo-2011i_2011n-noarch-4.txz

ca3c22ff543e900bfd4516ba4af7cf34 l/glibc-2.14.1-x86_64-4.txz

e2650c24a1a69138f544e98d8653f2a9 l/glibc-i18n-2.14.1-x86_64-4.txz

23c2f013552e8a0561168897866fcb53 l/glibc-profile-2.14.1-x86_64-4.txz

Installation instructions:

+------------------------+

Upgrade the packages as root:

# upgradepkg glibc-2.13-i486-5_slack13.37.txz glibc-i18n-2.13-i486-5_slack13.37.txz glibc-profile-2.13-i486-5_slack13.37.txz glibc-solibs-2.13-i486-5_slack13.37.txz glibc-zoneinfo-2.13-noarch-5_slack13.37.txz

+-----+

Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list: |

+------------------------------------------------------------------------+

| Send an email to majordomo@slackware.com with this text in the body of |

| the email message: |

| |

| unsubscribe slackware-security |

| |

| You will get a confirmation message back containing instructions to |

| complete the process. Please do not reply to this email address. |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81Vd0ACgkQakRjwEAQIjPtSQCdGQYC3dBwmp2R1+2HSrDvA3Lb

2P0AoIl58u7f8OON1Fbcz6E52VdgrcnD

=0Hae

-----END PGP SIGNATURE-----

]]> 2012-02-10 httpd (SSA:2012-041-01)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.792124

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[slackware-security] httpd (SSA:2012-041-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues. The apr-util package has also been

updated to the latest version.

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded.

Version bump for httpd upgrade.

patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded.

*) SECURITY: CVE-2011-3368 (cve.mitre.org)

Reject requests where the request-URI does not match the HTTP

specification, preventing unexpected expansion of target URLs in

some reverse proxy configurations. [Joe Orton]

*) SECURITY: CVE-2011-3607 (cve.mitre.org)

Fix integer overflow in ap_pregsub() which, when the mod_setenvif module

is enabled, could allow local users to gain privileges via a .htaccess

file. [Stefan Fritsch, Greg Ames]

*) SECURITY: CVE-2011-4317 (cve.mitre.org)

Resolve additional cases of URL rewriting with ProxyPassMatch or

RewriteRule, where particular request-URIs could result in undesired

backend network exposure in some configurations.

[Joe Orton]

*) SECURITY: CVE-2012-0021 (cve.mitre.org)

mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format

string is in use and a client sends a nameless, valueless cookie, causing

a denial of service. The issue existed since version 2.2.17. PR 52256.

[Rainer Canavan <rainer-apache 7val com>]

*) SECURITY: CVE-2012-0031 (cve.mitre.org)

Fix scoreboard issue which could allow an unprivileged child process

could cause the parent to crash at shutdown rather than terminate

cleanly. [Joe Orton]

*) SECURITY: CVE-2012-0053 (cve.mitre.org)

Fix an issue in error responses that could expose "httpOnly" cookies

when no custom ErrorDocument is specified for status code 400.

[Eric Covener]

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

(* Security fix *)

+--------------------------+

Where to find the new packages:

+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

Updated packages for Slackware 12.0:

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz

Updated packages for Slackware 12.1:

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz

Updated packages for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz

MD5 signatures:

+-------------+

Slackware 12.0 packages:

3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz

86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz

Slackware 12.1 packages:

aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz

1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz

Slackware 12.2 packages:

f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz

18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz

Slackware 13.0 packages:

d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz

0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:

d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz

1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz

Slackware 13.1 packages:

9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz

49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:

4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz

1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz

Slackware 13.37 packages:

7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz

783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:

1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz

8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz

Slackware -current packages:

e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz

97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz

Slackware x86_64 -current packages:

55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz

09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz

Installation instructions:

+------------------------+

Upgrade the packages as root:

# upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+-----+

Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list: |

+------------------------------------------------------------------------+

| Send an email to majordomo@slackware.com with this text in the body of |

| the email message: |

| |

| unsubscribe slackware-security |

| |

| You will get a confirmation message back containing instructions to |

| complete the process. Please do not reply to this email address. |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VdkACgkQakRjwEAQIjOGhgCfWdrAq0pHF50KIH1oTMM8nxyv

1p0AniI9T9MxtNtJtXuLAhBS4429MOa9

=NH0B

-----END PGP SIGNATURE-----

]]> 2012-02-10 vsftpd (SSA:2012-041-05)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.520906

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[slackware-security] vsftpd (SSA:2012-041-05)

New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,

13.1, 13.37, and -current to work around a vulnerability in glibc.

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz: Upgraded.

Minor version bump, this also works around a hard to trigger heap overflow

in glibc (glibc zoneinfo caching vuln). For there to be any possibility

to trigger the glibc bug within vsftpd, the non-default option

"chroot_local_user" must be set in /etc/vsftpd.conf.

Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)

Nevertheless:

(* Security fix *)

+--------------------------+

Where to find the new packages:

+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

Updated package for Slackware 11.0:

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/vsftpd-2.3.5-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/vsftpd-2.3.5-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/vsftpd-2.3.5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/vsftpd-2.3.5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/vsftpd-2.3.5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/vsftpd-2.3.5-x86_64-1_slack13.37.txz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/vsftpd-2.3.5-i486-1.txz

Updated package for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/vsftpd-2.3.5-x86_64-1.txz

MD5 signatures:

+-------------+

Slackware 11.0 package:

57e7a8e7249e5f7ff256e5089204c1b3 vsftpd-2.3.5-i486-1_slack11.0.tgz

Slackware 12.0 package:

f8e31f944896414466de6bf67b4ce6e4 vsftpd-2.3.5-i486-1_slack12.0.tgz

Slackware 12.1 package:

e01a5f12f75d2c973a252dee7ccfb90e vsftpd-2.3.5-i486-1_slack12.1.tgz

Slackware 12.2 package:

035bf8ca7f57e9b87cbe1d23bbfa448f vsftpd-2.3.5-i486-1_slack12.2.tgz

Slackware 13.0 package:

4d076b4ab6a1540819ac95daaec66b96 vsftpd-2.3.5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:

aa9be4d90e86c4a12b19c4145e7dbfd9 vsftpd-2.3.5-x86_64-1_slack13.0.txz

Slackware 13.1 package:

496775bb9c50507fd92beb99dd189283 vsftpd-2.3.5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:

3b15394f16c65c7998032a0e5ffb5dd2 vsftpd-2.3.5-x86_64-1_slack13.1.txz

Slackware 13.37 package:

5774d8e93d9af86cf6caa8561205da5d vsftpd-2.3.5-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:

a0f2af29cb0c3fb1fc906a3e1bd15fdf vsftpd-2.3.5-x86_64-1_slack13.37.txz

Slackware -current package:

e30ad11db30ef7d745ec15b3d5e6d9b2 n/vsftpd-2.3.5-i486-1.txz

Slackware x86_64 -current package:

0d2e9323eec38bd7dc7bc55ef2dd3639 n/vsftpd-2.3.5-x86_64-1.txz

Installation instructions:

+------------------------+

Upgrade the package as root:

# upgradepkg vsftpd-2.3.5-i486-1_slack13.37.txz

+-----+

Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list: |

+------------------------------------------------------------------------+

| Send an email to majordomo@slackware.com with this text in the body of |

| the email message: |

| |

| unsubscribe slackware-security |

| |

| You will get a confirmation message back containing instructions to |

| complete the process. Please do not reply to this email address. |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VeEACgkQakRjwEAQIjNjpQCghABEYaIsRmUi+Y6WjKvwirvd

A0EAoIfG9+eEC4pmNXlcY7ZS4EQScSGM

=VVJw

-----END PGP SIGNATURE-----

]]> 2012-02-10 proftpd (SSA:2012-041-04)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.509924

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[slackware-security] proftpd (SSA:2012-041-04)

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,

13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz: Upgraded.

This update fixes a use-after-free() memory corruption error,

and possibly other unspecified issues.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130

(* Security fix *)

+--------------------------+

Where to find the new packages:

+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

Updated package for Slackware 11.0:

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/proftpd-1.3.4a-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/proftpd-1.3.4a-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/proftpd-1.3.4a-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.4a-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.4a-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.37.txz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.4a-i486-1.txz

Updated package for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.4a-x86_64-1.txz

MD5 signatures:

+-------------+

Slackware 11.0 package:

07257d37b1708251a2a3871dd87c6be6 proftpd-1.3.4a-i486-1_slack11.0.tgz

Slackware 12.0 package:

6a1773e304fb56f433f6651d15a83080 proftpd-1.3.4a-i486-1_slack12.0.tgz

Slackware 12.1 package:

f439c8d0c8dcad1947cdfc27774ae757 proftpd-1.3.4a-i486-1_slack12.1.tgz

Slackware 12.2 package:

5007c64cfb653341a20aac54844962ad proftpd-1.3.4a-i486-1_slack12.2.tgz

Slackware 13.0 package:

b4c65dc4b953d54dfcbc963cfefde842 proftpd-1.3.4a-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:

bdf2bd5539abeb25da7c9000d570b946 proftpd-1.3.4a-x86_64-1_slack13.0.txz

Slackware 13.1 package:

c6f98a0fa8f1cbdc47268aade1b62b29 proftpd-1.3.4a-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:

a40c013d52e807e5de691cda8156af03 proftpd-1.3.4a-x86_64-1_slack13.1.txz

Slackware 13.37 package:

13309d7eba5b374664e7c616e951d382 proftpd-1.3.4a-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:

74b653449b982a9e498888f6d8705039 proftpd-1.3.4a-x86_64-1_slack13.37.txz

Slackware -current package:

3cfb497c816c56a3cd80a850c30fc0bf n/proftpd-1.3.4a-i486-1.txz

Slackware x86_64 -current package:

90acd5c6075d01b013704b1b8aedfcf3 n/proftpd-1.3.4a-x86_64-1.txz

Installation instructions:

+------------------------+

Upgrade the package as root:

# upgradepkg proftpd-1.3.4a-i486-1_slack13.37.txz

+-----+

Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list: |

+------------------------------------------------------------------------+

| Send an email to majordomo@slackware.com with this text in the body of |

| the email message: |

| |

| unsubscribe slackware-security |

| |

| You will get a confirmation message back containing instructions to |

| complete the process. Please do not reply to this email address. |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81Vd4ACgkQakRjwEAQIjOtsgCfYI4PqAuY038V+twcgOLfQgfX

H6IAn3gHhThRo4nEHnTk+89Jv/STodzd

=KXNR

-----END PGP SIGNATURE-----

]]> 2012-02-10 php (SSA:2012-041-02)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.480146

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[slackware-security] php (SSA:2012-041-02)

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,

13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:

+--------------------------+

patches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded.

Fixed arbitrary remote code execution vulnerability reported by Stefan

Esser, CVE-2012-0830. (Stas, Dmitry)

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

(* Security fix *)

+--------------------------+

Where to find the new packages:

+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

Updated package for Slackware 12.0:

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.10-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.10-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.10-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.10-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.10-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.10-i486-1.txz

Updated package for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.10-x86_64-1.txz

MD5 signatures:

+-------------+

Slackware 12.0 package:

bf5512a57e0e7ba3c9d836636f056036 php-5.3.10-i486-1_slack12.0.tgz

Slackware 12.1 package:

474400e31f8701a07aa97aeee956226e php-5.3.10-i486-1_slack12.1.tgz

Slackware 12.2 package:

f359c739e8db9130806c3cb256990804 php-5.3.10-i486-1_slack12.2.tgz

Slackware 13.0 package:

5b38767541b0367dd64539537ca3cfc5 php-5.3.10-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:

bcccb9fdde0e548d999447b352f4b322 php-5.3.10-x86_64-1_slack13.0.txz

Slackware 13.1 package:

7bdee84117e3cd1ac8e6087d9c936355 php-5.3.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:

2d05770a236fdc52754e1ba9d657d6d7 php-5.3.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:

7555e89aa4dc5a6b68c2fcfd1b8a6dc3 php-5.3.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:

cf6a47e0046b13b2adba13466b3b5e7e php-5.3.10-x86_64-1_slack13.37.txz

Slackware -current package:

1191d7d49f21f0dba3c4f35cc19e6b88 n/php-5.3.10-i486-1.txz

Slackware x86_64 -current package:

25a12f2407be6f03ff1dc50ad1b3c80b n/php-5.3.10-x86_64-1.txz

Installation instructions:

+------------------------+

Upgrade the package as root:

# upgradepkg php-5.3.10-i486-1_slack13.37.txz

Then, restart the httpd daemon.

+-----+

Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list: |

+------------------------------------------------------------------------+

| Send an email to majordomo@slackware.com with this text in the body of |

| the email message: |

| |

| unsubscribe slackware-security |

| |

| You will get a confirmation message back containing instructions to |

| complete the process. Please do not reply to this email address. |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk81VdsACgkQakRjwEAQIjOXUwCfezXUNa574h+RebDKgoGHoWoF

ofoAniEEEENlY4sa2T1+N8KKJPS23J4D

=gwHE

-----END PGP SIGNATURE-----

]]>