Slackware Security 2004

Hier findet Ihr Themen die sonst nicht passen

Moderatoren: Administration, Linux-Supporter

Slackware Security 2004

Beitragvon gustel » 2004-03-27, 21:14

Hallo alle zusammen!

Ich werde in diesem Thread laufend die Security-Advisories für die jeweils aktuelle Version posten.

Aktuell ist momentan die Version 9.1 und es sind in diesem Jahr ja schon einige Advisories aufgelaufen, die ich der Übersichtlichkeit wegen in diesem post zusammenfassen werde. Es ist möglich, dass ich gelegentlich für ein paar Tage ausfalle - bin halt auch nur ein Mensch.

Weitere Advisories könnt ihr über http://www.slackware.com/security/ einsehen - dort dann auch für andere, nicht mehr aktuelle Versionen.

mfg

gustel

****************************************************************************************

2004-03-17 - [slackware-security] OpenSSL security update (SSA:2004-077-01)
2004-02-18 - [slackware-security] metamail security update (SSA:2004-049-02)
2004-02-18 - [slackware-security] Kernel security update (SSA:2004-049-01)
2004-02-12 - [slackware-security] mutt security update (SSA:2004-043-01)
2004-02-12 - [slackware-security] XFree86 security update (SSA:2004-043-02)
2004-01-26 - [slackware-security] GAIM security update (SSA:2004-026-01)
2004-01-14 - [slackware-security] INN security update (SSA:2004-014-02)
2004-01-14 - [slackware-security] kdepim security update (SSA:2004-014-01)
2004-01-06 - [slackware-security] Kernel security update (SSA:2004-006-01)
Zuletzt geändert von gustel am 2005-02-10, 23:32, insgesamt 1-mal geändert.
Benutzeravatar
gustel
Boardinventar
Boardinventar
 
Beiträge: 553
Registriert: 2005-02-12, 22:07
 

Beitragvon Gast » 2004-04-17, 23:33

[slackware-security] tcpdump denial of service (SSA:2004-108-01)

Upgraded tcpdump packages are available for Slackware 8.1, 9.0,
9.1, and -current to fix denial-of-service issues. Sites using
tcpdump should upgrade to the new packages.

2004-04-17 - [slackware-security] tcpdump denial of service (SSA:2004-108-01)
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-04-19, 08:35

2004-04-18 - [slackware-security] cvs security update (SSA:2004-108-02)

[slackware-security] cvs security update (SSA:2004-108-02)

CVS is a client/server version control system. As a server, it
is used to host source code repositories. As a client, it is
used to access such repositories. This advisory affects both uses
of CVS.

A security problem which could allow a server to create arbitrary
files on a client machine, and another security problem which may
allow a client to view files outside of the CVS repository have
been fixed with the release of cvs-1.11.15.

Any sites running CVS should upgrade to the new CVS package.

[url=http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181]
2004-04-18 - [slackware-security] cvs security update (SSA:2004-108-02)[/url]
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-04-20, 09:14

2004-04-19 - [slackware-security] utempter security update (SSA:2004-110-01)

New utempter packages are available for Slackware 9.1 and -current to
fix a security issue. (Slackware 9.1 was the first version of Slackware
to use the libutempter library, and earlier versions of Slackware are
not affected by this issue)

The utempter package provides a utility and shared library that
allows terminal applications such as xterm and screen to update
/var/run/utmp and /var/log/wtmp without requiring root privileges.
Steve Grubb has identified an issue with utempter-0.5.2 where
under certain circumstances an attacker could cause it to
overwrite files through a symlink. This has been addressed by
upgrading the utempter package to use Dmitry V. Levin's new
implementation of libutempter that does not have this bug.

2004-04-19 - [slackware-security] utempter security update (SSA:2004-110-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-04-21, 08:02

2004-04-20 - [slackware-security] xine security update (SSA:2004-111-01)


New xine packages are available for Slackware 9.1 and -current to
fix security issues.


2004-04-20 - [slackware-security] xine security update (SSA:2004-111-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-04-29, 08:28

2004-04-28 - [slackware-security] kernel security updates (SSA:2004-119-01)

New kernel packages are available for Slackware 9.1 and -current to
fix security issues. Also available are new kernel modules packages
(including alsa-driver), and a new version of the hotplug package
for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x)
kernel modules.

The most serious of the fixed issues is an overflow in ip_setsockopt(),
which could allow a local attacker to gain root access, or to crash or
reboot the machine. This bug affects 2.4 kernels from 2.4.22 - 2.4.25.
Any sites running one of those kernel versions should upgrade right
away. After installing the new kernel, be sure to run 'lilo'.

2004-04-28 - [slackware-security] kernel security updates (SSA:2004-119-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-03, 23:35

heute gibt es gleich 4 patches auf einen schlag - daher alle 4 in einem post.

1. [slackware-security] rsync update (SSA:2004-124-01)

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix a security issue. When running an rsync server without the chroot option
it is possible for an attacker to write outside of the allowed directory.
Any sites running rsync in that mode should upgrade right away (and should
probably look into using the chroot option as well).


2. [slackware-security] sysklogd update (SSA:2004-124-02)

New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue.

3. [slackware-security] xine-lib update (SSA:2004-124-03)

New xine-lib packages are available for Slackware 9.1 and -current to fix a
security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream.

4. [slackware-security] libpng update (SSA:2004-124-04)

New libpng packages are available for Slackware 9.0, 9.1, and -current to
fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it.

[slackware-security] rsync update (SSA:2004-124-01)
[slackware-security] sysklogd update (SSA:2004-124-02)
[slackware-security] xine-lib update (SSA:2004-124-03)
[slackware-security] libpng update (SSA:2004-124-04)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-05, 06:16

[slackware-security] lha update in bin package (SSA:2004-125-01)

New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix buffer overflows and directory traversal vulnerabilities in the 'lha'
archive utility. Sites using 'lha' should upgrade to the new bin package
right away.

[slackware-security] lha update in bin package (SSA:2004-125-01)


mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-13, 09:37

[slackware-security] apache (SSA:2004-133-01)

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix security issues. These include a possible denial-of-service attack as well
as the ability to possible pipe shell escapes through Apache's errorlog (which
could create an exploit if the error log is read in a terminal program that
does not filter such escapes). We recommend that sites running Apache upgrade
to the new Apache package.

[slackware-security] apache (SSA:2004-133-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-17, 13:01

[slackware-security] mc (SSA:2004-136-01)

New mc packages are available for Slackware 9.0, 9.1, and -current to
fix security issues that These could lead to a denial of service or the
execution of arbitrary code as the user running mc.

[slackware-security] mc (SSA:2004-136-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-18, 10:45

[slackware-security] kdelibs (SSA:2004-238-01)

New kdelibs packages are available for Slackware 9.0, 9.1 and -current
to fix security issues with URI handling.

[slackware-security] kdelibs (SSA:2004-238-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-05-20, 08:04

[slackware-security] cvs (SSA:2004-140-01)

New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix a buffer overflow vulnerability which could allow an attacker to run
arbitrary programs on the CVS server. Sites running a CVS server should
upgrade to the new CVS package right away.

[slackware-security] cvs (SSA:2004-140-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-06-03, 19:54

[slackware-security] mod_ssl (SSA:2004-154-01)

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31
fixing a buffer overflow that may allow remote attackers to execute arbitrary
code via a client certificate with a long subject DN, if mod_ssl is
configured to trust the issuing CA. Web sites running mod_ssl should upgrade
to the new set of apache and mod_ssl packages. There are new PHP packages as
well to fix a Slackware-specific local denial-of-service issue (an additional
Slackware advisory SSA:2004-154-02 has been issued for PHP).

und

[slackware-security] PHP local security issue (SSA:2004-154-02)

New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue. These fix a problem in previous Slackware php
packages where linking PHP against a static library in an insecure path
(under /tmp) could allow a local attacker to place shared libraries at
this location causing PHP to crash, or to execute arbitrary code as the
PHP user (which is by default, "nobody").

Thanks to Bryce Nichols for researching and reporting this issue.

[slackware-security] mod_ssl (SSA:2004-154-01)
[url=http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.419765]
[slackware-security] PHP local security issue (SSA:2004-154-02)[/url]

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-06-10, 07:48

[slackware-security] cvs (SSA:2004-161-01)

New cvs packages that have been upgraded to cvs-1.11.17 are available
for Slackware 8.1, 9.0, 9.1, and -current to fix various security
issues. Sites running a CVS server should upgrade to the new CVS
package right away.

[slackware-security] cvs (SSA:2004-161-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Beitragvon Gast » 2004-06-15, 20:29

[slackware-security] kernel DoS (SSA:2004-167-01)

New kernel packages are available for Slackware 8.1, 9.0, 9.1,
and -current to fix a denial of service security issue. Without
a patch to asm-i386/i387.h, a local user can crash the machine.

[slackware-security] kernel DoS (SSA:2004-167-01)

mfg

gustel
Benutzeravatar
Gast
 
 

Nächste


Ähnliche Artikel

 

Zurück zu Sonstige Distributionen



Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast

cron