en-us shasta@slackware.pl (Slackware.PL staff) http://blogs.law.harvard.edu/tech/rss http://slackware.pl/ slackware-11.0 ChangeLog detailed RSS at Slackware.PL Changelog activity and resources for slackware-11.0 (detailed version) patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 (* Security fix *) Wed, 25 Jul 2012 02:02:40 +0200 patches/packages/libexif-0.6.21-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/libexif-0.6.21-i486-1_slack11.0.tgz Upgraded. This update fixes a number of remotely exploitable issues in libexif with effects ranging from information leakage to potential remote code execution. For more information, see: http://sourceforge.net/mailarchive/message.php?msg_id=29534027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845 (* Security fix *) Wed, 18 Jul 2012 05:35:26 +0200 patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz Upgraded. Since freetype-2.4.8 many fixes were made to better handle invalid fonts. Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144 and SA48320) so all users should upgrade. (* Security fix *) Mon, 25 Jun 2012 02:32:37 +0200 patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz Upgraded. This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 IMPORTANT NOTE: This is a upgraded version of BIND, _not_ a patched one. It is likely to be more strict about the correctness of configuration files. Care should be taken about deploying this upgrade on production servers to avoid an unintended interruption of service. (* Security fix *) Thu, 14 Jun 2012 05:02:39 +0200 patches/packages/libxml2-2.6.32-i486-2_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/libxml2-2.6.32-i486-2_slack11.0.tgz Upgraded. Patched an off-by-one error in XPointer that could lead to a crash or possibly the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 (* Security fix *) Wed, 23 May 2012 00:14:52 +0200 patches/packages/openssl-0.9.8x-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8x-i486-1_slack11.0.tgz Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) Sat, 19 May 2012 19:03:37 +0200 patches/packages/openssl-solibs-0.9.8x-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8x-i486-1_slack11.0.tgz Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) Sat, 19 May 2012 19:03:37 +0200 patches/packages/openssl-0.9.8w-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8w-i486-1_slack11.0.tgz Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) Fri, 27 Apr 2012 01:07:23 +0200 patches/packages/openssl-solibs-0.9.8w-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8w-i486-1_slack11.0.tgz Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) Fri, 27 Apr 2012 01:07:23 +0200 patches/packages/openssl-0.9.8v-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8v-i486-1_slack11.0.tgz Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) Mon, 23 Apr 2012 18:18:31 +0200 patches/packages/openssl-solibs-0.9.8v-i486-1_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8v-i486-1_slack11.0.tgz Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) Mon, 23 Apr 2012 18:18:31 +0200 patches/packages/samba-3.0.37-i486-5_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/samba-3.0.37-i486-5_slack11.0.tgz Rebuilt. This is a security release in order to address a vulnerability that allows remote code execution as the "root" user. All sites running a Samba server should update to the new Samba package and restart Samba. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182 (* Security fix *) Wed, 11 Apr 2012 17:16:32 +0200 patches/packages/libtiff-3.8.2-i486-5_slack11.0.tgz ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/libtiff-3.8.2-i486-5_slack11.0.tgz Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 (* Security fix *) Sat, 07 Apr 2012 21:48:42 +0200