Updates have been made to Slack/390 9.1. They're available from the main
download server. I suspect the mirrors will be caught up by tomorrow.
Mark Post
Mon Dec 19 13:56:00 EST 2005
patches/packages/apache-1.3.34-s390-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both
Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some
HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)
patches/packages/curl-7.10.7-s390-2.tgz: Patched. This addresses a buffer
overflow in libcurl's NTLM function that could have possible security
implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
patches/packages/elm-2.5.8-s390-1.tgz: Upgraded to elm2.5.8.
This fixes a buffer overflow in the parsing of the Expires header that
could be used to execute arbitrary code as the user running Elm.
Thanks to Ulf Harnhammar for finding the bug and reminding me to get
out updated packages to address the issue.
A reference to the original advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
patches/packages/imapd-4.64-s390-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be
called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other
servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)
patches/packages/koffice-1.2.1-s390-2.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)
patches/packages/lynx-2.8.5rel.5-s390-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-s390-1.tgz:
Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/pine-4.64-s390-1.tgz: Upgraded to pine-4.64.
patches/packages/wget-1.10.2-s390-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that
could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
+--------------------------+
Mon Dec 19 03:20:00 EST 2005
patches/packages/dhcpcd-1.3.22pl4-s390-2.tgz: Patched an issue where a
remote attacker can cause dhcpcd to crash.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
(* Security fix *)
patches/packages/gaim-1.5.0-s390-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
(* Security fix *)
patches/packages/openssl-0.9.7d-s390-2.tgz: Patched.
Fixed a vulnerability that could, in rare circumstances, allow an attacker
acting as a "man in the middle" to force a client and a server to
negotiate
the SSL 2.0 protocol (which is known to be weak) even if these parties
both
support SSL 3.0 or TLS 1.0.
For more details, see:
http://www.openssl.org/news/secadv_20051011.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
(* Security fix *)
patches/packages/openssl-solibs-0.9.7d-s390-2.tgz: Patched.
(* Security fix *)
patches/packages/pcre-6.3-s390-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the processing of
a
specially crafted regular expression. Theoretically this could be a
security
issue if regular expressions are accepted from untrusted users to be
processed by a user with greater privileges, but this doesn't seem like a
common scenario (or, for that matter, a good idea). However, if you are
using an application that links to the shared PCRE library and accepts
outside input in such a manner, you will want to update to this new
package.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
patches/packages/ Relinked with the system PCRE library,
as the builtin library has a buffer overflow that could be triggered by
the
processing of a specially crafted regular expression.
Note that this change requires the pcre package to be installed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
patches/packages/tcpip-0.17-s390-2.tgz: Changed to a cleaner telnet patch
borrowed from OpenBSD. Two people, both using Slackware 9.1, informed me
that the previous patch for telnet was causing a segfault when used with
short hostnames from /etc/hosts (such as localhost). If anyone is having
a similar problem with other versions of Slackware, let me know.
Thanks to Dragan Simic for telling me about the improved patch.
patches/packages/util-linux-2.12-s390-2.tgz: Patched an issue with
umount where if the umount failed when the '-r' option was used, the
filesystem would be remounted read-only but without any extra flags
specified in /etc/fstab. This could allow an ordinary user able to
mount a floppy or CD (but with nosuid, noexec, nodev, etc in
/etc/fstab) to run a setuid binary from removable media and gain
root privileges.
Reported to BugTraq by David Watson:
http://www.securityfocus.com/archive/1/410333
(* Security fix *)
patches/packages/xine-lib-1rc4-s390-2.tgz: Patched xine-lib-1-rc4.
This fixes a format string bug where an attacker, if able to upload
malicious
information to a CDDB server and then get a local user to play a certain
audio CD, may be able to run arbitrary code on the machine as the user
running the xine-lib linked application.
For more information, see:
http://xinehq.de/index.php/security/XSA-2005-1
(* Security fix *)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
