en-us shasta@slackware.pl (Slackware.PL staff) http://blogs.law.harvard.edu/tech/rss http://slackware.pl/ Changelog activity and resources for slackware-12.0 (detailed version) ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.6-i486-1_slack12.0.tgz Upgraded. This fixes a few denial-of-service flaws as well as other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 (* Security fix *) Wed, 10 Mar 2010 22:38:18 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8m-i486-2_slack12.0.tgz Rebuilt. Tue, 09 Mar 2010 21:31:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8m-i486-2_slack12.0.tgz Rebuilt. The OpenSSL package has been patched and recompiled to revert a change that broke decrypting some files encrypted with previous versions of OpenSSL. This same fix appears in the latest upstream snapshots. Tue, 09 Mar 2010 21:31:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.15-i486-1_slack12.0.tgz Upgraded. This update addresses a few security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 (* Security fix *) Mon, 08 Mar 2010 20:49:02 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8m-i486-1_slack12.0.tgz Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *) Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8m-i486-1_slack12.0.tgz Upgraded. Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/proftpd-1.3.3-i486-1_slack12.0.tgz Upgraded. Mon, 01 Mar 2010 05:02:21 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.14-i486-1_slack12.0.tgz Upgraded. This fixes a couple of security bugs when using mod_proxy_ftp. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 (* Security fix *) Sun, 24 Jan 2010 20:22:46 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/php-5.2.12-i486-1_slack12.0.tgz Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *) Sun, 24 Jan 2010 20:22:46 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.5-i486-1_slack12.0.tgz Upgraded. This fixes a directory traversal vulnerability in Pidgin's MSN protocol handling that may allow attackers to download arbitrary files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 (* Security fix *) Sun, 24 Jan 2010 20:22:46 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/ntp-4.2.4p8-i486-1_slack12.0.tgz Upgraded. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *) Thu, 10 Dec 2009 00:12:58 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/bind-9.4.3_P4-i486-1_slack12.0.tgz Upgraded. BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://www.kb.cert.org/vuls/id/418861 (* Security fix *) Wed, 02 Dec 2009 20:51:55 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) Mon, 16 Nov 2009 18:56:26 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.0.tgz Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) Mon, 16 Nov 2009 18:56:26 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-2_slack12.0.tgz Rebuilt. This updated package includes patches based on xpdf 3.02pl4. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) Wed, 28 Oct 2009 22:50:35 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl4-i486-1_slack12.0.tgz Upgraded. This update fixes several security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) Wed, 28 Oct 2009 22:50:35 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.3-i486-1_slack12.0.tgz This update fixes an issue where a remote user can cause libpurple-based clients to crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 (* Security fix *) Sat, 17 Oct 2009 23:56:15 +0200