LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Slackware Changelog Notice!!

[Posted July 31, 2002 by corbet]

From:  John Jenkins <mrgoblin@dunedin.lug.net.nz>
To:  mrgoblin@dunedin.lug.net.nz
Subject:  Slackware Changelog Notice!!
Date:  Wed, 31 Jul 2002 21:08:39 +1200


        	Slackware-8.1 ChangeLog Notice.

The following additions have been made to The ChangeLog.txt


-------------------------------------------------------------------
New Entry:  Tue Jul 30 19:45:52 PDT 2002
New Entry:  patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
New Entry:    to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
New Entry:    vulnerability which may allow the local Apache user to gain privileges via
New Entry:    temporary files or symlinks.  For details, see:
New Entry:      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
New Entry:    This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
New Entry:    (* Security fix *)
New Entry:  patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
New Entry:    in glibc's DNS resolver functions that look up network addresses.
New Entry:    Another workaround for this problem is to edit /etc/nsswtich.conf changing:
New Entry:      networks:       files dns
New Entry:    to:
New Entry:      networks:       files
New Entry:    (* Security fix *)
New Entry:  patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
New Entry:    overflow in glibc's DNS resolver functions that look up network addresses.
New Entry:    (* Security fix *)
New Entry:  patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
New Entry:    off-by-one error in earlier versions of mod_ssl that may allow local users to
New Entry:    execute code as the Apache user.  For more information, see:
New Entry:      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
New Entry:    (* Security fix *)
New Entry:  patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
New Entry:    This update also contains a fix to the installation script to ensure that the
New Entry:    sshd privsep user is correctly created.
New Entry:  patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
New Entry:    fixes 4 potentially remotely exploitable bugs.  For details, see:
New Entry:      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
New Entry:    (* Security fix *)
New Entry:  patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
New Entry:    which fixes 4 potentially remotely exploitable bugs.  For details, see:
New Entry:      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
New Entry:    (* Security fix *)
New Entry:  patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier versions
New Entry:    of PHP 4.2.x contain a security vulnerability, which although not currently
New Entry:    considered exploitable on the x86 architecture is probably still a good to
New Entry:    patch.  For details, see:  http://www.cert.org/advisories/CA-2002-21.html
New Entry:    (* Security fix *)
New Entry:  ----------------------------


	If for some reason you no longer wish to be notified of 
	Entries to the ChangeLog Please send an email 
	To: mrgoblin@userlocal.com
	Subject: "unsubscribe slacklog"
	and the subscribed email address in the body of the message.

	Thank you

	mRgOBLIN
(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds