LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Slackware security updates

[Posted July 31, 2002 by dennis]

We don't have advisories from Slackware, but the latest changelog notice shows updates to mod_ssl, libmm, the DNS resolver libraries, OpenSSL, and PHP.
(Log in to post comments)

Slackware security updates

Posted Aug 1, 2002 12:42 UTC (Thu) by DaveK (subscriber, #2531) [Link]

The advisory appears to have been posted to the slackware security mailing list at about 20:10 GMT last night.

[slackware-security] Security updates for Slackware 8.1

Posted Aug 2, 2002 5:02 UTC (Fri) by Inoshiro (guest, #3070) [Link]

(This is a reprint; if you want this in your inbox, send majordomo at slackware.com a message saying "subscribe slackware-security ")

Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz: Upgraded the included libmm
to version 1.2.1. Versions of libmm earlier than 1.2.0 contain a tmp file
vulnerability which may allow the local Apache user to gain privileges via
temporary files or symlinks. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
(* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow
in glibc's DNS resolver functions that look up network addresses.
Another workaround for this problem is to edit /etc/nsswtich.conf changing:
networks: files dns
to:
networks: files
(* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer
overflow in glibc's DNS resolver functions that look up network addresses.
(* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz: This update fixes an
off-by-one error in earlier versions of mod_ssl that may allow local users to
execute code as the Apache user. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
(* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz: Recompiled against openssl-0.9.6e.
This update also contains a fix to the installation script to ensure that the
sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which
fixes 4 potentially remotely exploitable bugs. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e,
which fixes 4 potentially remotely exploitable bugs. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz: Upgraded to php-4.2.2. Earlier versions
of PHP 4.2.x contain a security vulnerability, which although not currently
considered exploitable on the x86 architecture is probably still a good to
patch. For details, see: http://www.cert.org/advisories/CA-2002-21.html
(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.26-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-solibs-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.4p1-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.2.2-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921 apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52 glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907 glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0 mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8 openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1 php-4.2.2-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Upgrade existing packages using the upgradepkg command:

# upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

# apachectl restart


- Slackware Linux Security Team
http://www.slackware.com

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds