5 Security Updates for Slackware Linux  

Posted by Daniela Mehler

The following 5 security updates are available for Slackware Linux:

- seamonkey (SSA:2010-176-03)
- bind (SSA:2010-176-01)
- mozilla-firefox (SSA:2010-176-02)
- mozilla-thunderbird (SSA:2010-176-04)
- cups (SSA:2010-176-05)

[slackware-security] seamonkey (SSA:2010-176-03)
New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.0.5-i486-1_slack13.1.txz: Upgraded.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html
(* Security fix *)
patches/packages/seamonkey-solibs-2.0.5-i486-1_slack13.1.txz: Upgraded.
+--------------------------+

Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-2.0.5-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-2.0.5-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-2.0.5-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-solibs-2.0.5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-2.0.5-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-2.0.5-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-solibs-2.0.5-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.0.5-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.0.5-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.0.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.0.5-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.2 package:
0056c22bc7ffbc6cedc56c20eae0f6f6 seamonkey-2.0.5-i486-1_slack12.2.tgz
c5f5e1edcc1ad319a778e261d14085f2 seamonkey-solibs-2.0.5-i486-1_slack12.2.tgz

Slackware 13.0 package:
fd24cb7c12a7b3d222891f9c225b4220 seamonkey-2.0.5-i486-1_slack13.0.txz
132f7cae7f26919ba14b09fc6f0771f2 seamonkey-solibs-2.0.5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
4c2047cb0d628a88d8d2ceadf3d1fb34 seamonkey-2.0.5-x86_64-1_slack13.0.txz
e42053917b1d7eb9a10ae2fd81276667 seamonkey-solibs-2.0.5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
5b433ebdcfde1135bc5e0ba62ee1af9e seamonkey-2.0.5-i486-1_slack13.1.txz
9c123bc1d423476039ab716461db5864 seamonkey-solibs-2.0.5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
99423dcfa92024c5c25b756ab933e295 seamonkey-2.0.5-x86_64-1_slack13.1.txz
55c4a3bc8130930c40702eb2613f2b78 seamonkey-solibs-2.0.5-x86_64-1_slack13.1.txz

Slackware -current package:
d45bca55e9d28483f91e7b60bdcd6dc8 l/seamonkey-solibs-2.0.5-i486-1.txz
b41d488f770e49018f99aa5ff4de9bd8 xap/seamonkey-2.0.5-i486-1.txz

Slackware x86_64 -current package:
46f86ac5e2d74b839fab64daec15ec66 l/seamonkey-solibs-2.0.5-x86_64-1.txz
228168831bc89d40de75cbbc24188888 xap/seamonkey-2.0.5-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg seamonkey-2.0.5-i486-1_slack13.1.txz
# upgradepkg seamonkey-solibs-2.0.5-i486-1_slack13.1.txz

[slackware-security] bind (SSA:2010-176-01)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues when DNSSEC is enabled (which is not the default setting).

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.3_P5-i486-1_slack13.1.txz: Upgraded.
This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
and checking is disabled (CD).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4.3_P5-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4.3_P5-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4.3_P5-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4.3_P5-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4.3_P5-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4.3_P5-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4.3_P5-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.3_P5-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.3_P5-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4.3_P5-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.4.3_P5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.4.3_P5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.4.3_P5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.4.3_P5-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.1-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 8.1 package:
c78e8a6cde34015681063a3d1c40c6c1 bind-9.4.3_P5-i386-1_slack8.1.tgz

Slackware 9.0 package:
9fcb18dfc779ecc7f6d69171e398c620 bind-9.4.3_P5-i386-1_slack9.0.tgz

Slackware 9.1 package:
3eb9a4b1973b6a3a2f779a3038269a31 bind-9.4.3_P5-i486-1_slack9.1.tgz

Slackware 10.0 package:
7e11d017c1962f8ef92cfb1e9f39139b bind-9.4.3_P5-i486-1_slack10.0.tgz

Slackware 10.1 package:
4dddfb400d6d928e41c7aa4bf7339547 bind-9.4.3_P5-i486-1_slack10.1.tgz

Slackware 10.2 package:
fe87668c84020ebf28b46910df71bb07 bind-9.4.3_P5-i486-1_slack10.2.tgz

Slackware 11.0 package:
639efc6a35ccee727f0177089d241857 bind-9.4.3_P5-i486-1_slack11.0.tgz

Slackware 12.0 package:
195c3bd1898d5118fe5cedfe6131e83b bind-9.4.3_P5-i486-1_slack12.0.tgz

Slackware 12.1 package:
95fc95a77a99df46d35a578e069a965b bind-9.4.3_P5-i486-1_slack12.1.tgz

Slackware 12.2 package:
aa8bdaedd7b7f6f36ff22be779182ff9 bind-9.4.3_P5-i486-1_slack12.2.tgz

Slackware 13.0 package:
8d7ed3c0ae07a33aea7f506b25bec015 bind-9.4.3_P5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
bb1f6aa2682743173135776e1ff0fadd bind-9.4.3_P5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
c619cc02e89ba23a62dfb7726105e40e bind-9.4.3_P5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
cb61186275370d1eddc62024725f5d05 bind-9.4.3_P5-x86_64-1_slack13.1.txz

Slackware -current package:
011ae9faeb16bf6e37ed9c8cbf8bb718 n/bind-9.7.1-i486-1.txz

Slackware x86_64 -current package:
e2d2e29b620581c725e68e75af7ba759 n/bind-9.7.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.4.3_P5-i486-1_slack13.1.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart

[slackware-security] mozilla-firefox (SSA:2010-176-02)
New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-3.6.4-i686-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.4-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.4-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-3.6.4-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-3.6.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
cbca3a5859da4f5284d35472f2a752b7 mozilla-firefox-3.6.4-i686-1.txz

Slackware x86_64 13.0 package:
7078cf27f8c5bc35f05a3a8e6798ed01 mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz

Slackware 13.1 package:
cbca3a5859da4f5284d35472f2a752b7 mozilla-firefox-3.6.4-i686-1.txz

Slackware x86_64 13.1 package:
313323a25a7a170523ec58b1e35b55aa mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz

Slackware -current package:
cbca3a5859da4f5284d35472f2a752b7 xap/mozilla-firefox-3.6.4-i686-1.txz

Slackware x86_64 -current package:
8a3b62d464cc628621a867f27f3c9817 xap/mozilla-firefox-3.6.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-3.6.4-i686-1.txz

[slackware-security] mozilla-thunderbird (SSA:2010-176-04)
New mozilla-thunderbird packages are available for Slackware 13.1 and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-3.0.5-i686-1.txz: Upgraded.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-thunderbird-3.0.5-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-thunderbird-3.0.5-x86_64-1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-3.1-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-3.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
d110266bdd1463f0e469246ab414b76a mozilla-thunderbird-3.0.5-i686-1.txz

Slackware x86_64 13.1 package:
ed712fac0fc58cebe7e4e4d389a8ef0a mozilla-thunderbird-3.0.5-x86_64-1.txz

Slackware -current package:
583a5912732515918c344f13108ea507 xap/mozilla-thunderbird-3.1-i686-1.txz

Slackware x86_64 -current package:
16958ec8ea0b7941065c8720bd23c556 xap/mozilla-thunderbird-3.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-3.0.5-i686-1.txz

[slackware-security] cups (SSA:2010-176-05)
New cups packages are available for Slackware 13.1 and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/cups-1.4.4-i486-1_slack13.1.txz: Upgraded.
Fixed a memory allocation error in texttops.
Fixed a Cross-Site Request Forgery (CSRF) that could allow a remote
attacker to reconfigure or disable CUPS if a CUPS admin logged into the
web interface visited a specially-crafted website.
Fixed a bug where uninitialized memory from the cupsd process could
reveal sensitive information.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.4-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.4-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.4.4-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/cups-1.4.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
2828baed64ca4e479b91a961bedf99df cups-1.4.4-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
628ace74afcc27261b0a0f92c78a451b cups-1.4.4-x86_64-1_slack13.1.txz

Slackware -current package:
e9b20c637552192d3e72fe2c2ba1b4ca a/cups-1.4.4-i486-1.txz

Slackware x86_64 -current package:
d830972a63e5f0cb526f25ec812bb4ce a/cups-1.4.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg cups-1.4.4-i486-1_slack13.1.txz

Then, restart CUPS:
# sh /etc/rc.d/rc.cups restart

Slash dissapointed with current rock sceneCentOS-5.5 i386 and x86_64 released

This entry was posted on 3:10 PM .