en-us shasta@slackware.pl (Slackware.PL staff) http://blogs.law.harvard.edu/tech/rss http://slackware.pl/ Changelog activity and resources for slackware-11.0 (detailed version) ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8m-i486-2_slack11.0.tgz Rebuilt. Tue, 09 Mar 2010 21:31:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8m-i486-2_slack11.0.tgz Rebuilt. The OpenSSL package has been patched and recompiled to revert a change that broke decrypting some files encrypted with previous versions of OpenSSL. This same fix appears in the latest upstream snapshots. Tue, 09 Mar 2010 21:31:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8m-i486-1_slack11.0.tgz Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *) Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8m-i486-1_slack11.0.tgz Upgraded. Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.3-i486-1_slack11.0.tgz Upgraded. Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/extra/php5/php-5.2.12-i486-1_slack11.0.tgz Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *) Sun, 24 Jan 2010 20:22:46 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz Rebuilt. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *) Thu, 10 Dec 2009 00:12:58 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/bind-9.4.3_P4-i486-1_slack11.0.tgz Upgraded. BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://www.kb.cert.org/vuls/id/418861 (* Security fix *) Wed, 02 Dec 2009 20:51:55 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) Mon, 16 Nov 2009 18:56:26 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) Mon, 16 Nov 2009 18:56:26 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz Upgraded. This update fixes several security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) Wed, 28 Oct 2009 01:23:19 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/extra/php5/php-5.2.11-i486-1_slack11.0.tgz This release fixes some possible security issues, all of which have "unknown impact and attack vectors". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 (* Security fix *) Sat, 03 Oct 2009 18:19:00 +0200 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/samba-3.0.37-i486-1_slack11.0.tgz This update fixes the following security issues. A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed. mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid) Specially crafted SMB requests could cause a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 (* Security fix *) Sat, 03 Oct 2009 18:19:00 +0200 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.18-i486-1_slack11.0.tgz Upgraded. Upgraded to seamonkey-1.1.18. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) Mon, 07 Sep 2009 20:57:44 +0200 ftp://ftp.slackware.pl/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz This upgrade fixes a security bug. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) Thu, 20 Aug 2009 22:12:00 +0200