Slackware-10.0 ChangeLog (2005-07-22)
Fri Jul 22 13:50:25 PDT 2005
patches/packages/fetchmail-6.2.5.2-i486-1.tgz:
Upgraded to fetchmail-6.2.5.2.
This fixes an overflow by which malicious or compromised POP3 servers
may overflow fetchmail's stack.
For more information, see:
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
(* Security fix *)
Packages
Upgraded to gxine-0.4.6
- patches/packages/gxine-0.4.6-i486-1.tgz
This fixes a format string vulnerability that allows remote attackers to
execute arbitrary code via a ram file with a URL whose hostname contains
format string specifiers.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
(* Security fix *)
Upgraded to zlib-1.2.3
- patches/packages/zlib-1.2.3-i486-1.tgz
This fixes an additional crash not fixed by the patch to zlib-1.2.2.
(* Security fix *)
Fri Jul 22 10:33:15 PDT 2005
Packages
Patched overflows in
- patches/packages/kdenetwork-3.2.3-i486-2.tgz
libgadu (used by kopete) that can cause a denial of service or
arbitrary code execution.
For more information, see:
http://www.kde.org/info/security/advisory-20050721-1.txt
(* Security fix *)
Upgraded to mozilla-1.7.10
- patches/packages/mozilla-1.7.10-i486-1.tgz
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
(* Security fix *)
Upgraded Java(TM)
- patches/packages/mozilla-plugins-1.7.10-noarch-1.tgz
symlink for Mozilla.