LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Slackware Changelog Notice!!

[Posted April 23, 2003 by ris]

From:  John Jenkins <mrgoblin@dunedin.lug.net.nz>
To:  mrgoblin@dunedin.lug.net.nz
Subject:  Slackware Changelog Notice!!
Date:  Fri, 18 Apr 2003 22:04:52 +1200


        	Slackware-9.0 ChangeLog Notice.

The following additions have been made to The ChangeLog.txt

-------------------------------------------------------------------
New Entry:  Thu Apr 17 15:32:15 PDT 2003
New Entry:  patches/packages/kde/*:  Upgraded to KDE 3.1.1a.  Also included in
New Entry:    this directory are a rebuild of Qt (linked with Xft2 rather than
New Entry:    Xft1), an updated aRts package (the aRts sound server is a
New Entry:    component of KDE, but ships as part of Slackware's L series), and
New Entry:    kdevelop-3.0a4a.
New Entry:  
New Entry:    Note that this update addresses a security problem with KDE's
New Entry:    handling of PostScript documents.  This is the overview of the
New Entry:    problem from the KDE site:
New Entry:  
New Entry:      KDE uses Ghostscript software for processing of PostScript (PS)
New Entry:      and PDF files in a way that allows for the execution of arbitrary
New Entry:      commands that can be contained in such files.
New Entry:  
New Entry:      An attacker can prepare a malicious PostScript or PDF file which will
New Entry:      provide the attacker with access to the victim's account and privileges
New Entry:      when the victim opens this malicious file for viewing or when the
New Entry:      victim browses a directory containing such malicious file and has
New Entry:      file previews enabled.
New Entry:  
New Entry:      An attacker can provide malicious files remotely to a victim in an
New Entry:      e-mail, as part of a webpage, via an ftp server and possible other
New Entry:      means.
New Entry:  
New Entry:  We recommend that sites running KDE install this update.
New Entry:  
New Entry:  Please note that the change from Xft1 to Xft2 has changed the available
New Entry:  fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to
New Entry:  display the Linux Console font that was previously Slackware's default.
New Entry:  Also, it doesn't handle gamma correction when displaying fonts against a
New Entry:  black background, so we've had to change the default to black fonts on a
New Entry:  white background (this is Konsole's default).  This creates an additional
New Entry:  issue with certain file types displayed as bold white by /etc/DIR_COLORS
New Entry:  becoming invisible in directory listings.  A workaround is to comment out
New Entry:  these lines (or change to a different color):
New Entry:  
New Entry:  .mpg 01;37 # movie formats
New Entry:  .avi 01;37
New Entry:  .mov 01;37
New Entry:  
New Entry:  (* Security fix *)
New Entry:  
New Entry:  patches/packages/kdei/*:  New internationalization packages for KDE 3.1.1a.
New Entry:  +--------------------------+

	If for some reason you no longer wish to be notified of 
	Entries to the ChangeLog Please send an email 
	To: mrgoblin@userlocal.com
	Subject: "unsubscribe slacklog"
	and the subscribed email address in the body of the message.

	Thank you

	mRgOBLIN
(Log in to post comments)

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds