https://lwn.net/Articles/6415/ This is a special feed containing comments posted to the individual LWN article titled "Slackware security updates". en-us Thu, 18 Sep 2025 20:07:54 +0000 Thu, 18 Sep 2025 20:07:54 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/6622/ https://lwn.net/Articles/6622/ Inoshiro (This is a reprint; if you want this in your inbox, send majordomo at slackware.com a message saying "subscribe slackware-security ")<p>Several security updates are now available for Slackware 8.1, including<br>updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.<p>Here are the details from the Slackware 8.1 ChangeLog:<p>----------------------------<br>Tue Jul 30 19:45:52 PDT 2002<br>patches/packages/apache-1.3.26-i386-2.tgz: Upgraded the included libmm<br> to version 1.2.1. Versions of libmm earlier than 1.2.0 contain a tmp file<br> vulnerability which may allow the local Apache user to gain privileges via<br> temporary files or symlinks. For details, see:<br> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658<br> This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.<br> (* Security fix *)<br>patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow<br> in glibc's DNS resolver functions that look up network addresses.<br> Another workaround for this problem is to edit /etc/nsswtich.conf changing:<br> networks: files dns<br> to:<br> networks: files<br> (* Security fix *)<br>patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer<br> overflow in glibc's DNS resolver functions that look up network addresses.<br> (* Security fix *)<br>patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz: This update fixes an<br> off-by-one error in earlier versions of mod_ssl that may allow local users to<br> execute code as the Apache user. For more information, see:<br> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653<br> (* Security fix *)<br>patches/packages/openssh-3.4p1-i386-2.tgz: Recompiled against openssl-0.9.6e.<br> This update also contains a fix to the installation script to ensure that the<br> sshd privsep user is correctly created.<br>patches/packages/openssl-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which<br> fixes 4 potentially remotely exploitable bugs. For details, see:<br> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659<br> (* Security fix *)<br>patches/packages/openssl-solibs-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e,<br> which fixes 4 potentially remotely exploitable bugs. For details, see:<br> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659<br> (* Security fix *)<br>patches/packages/php-4.2.2-i386-1.tgz: Upgraded to php-4.2.2. Earlier versions<br> of PHP 4.2.x contain a security vulnerability, which although not currently<br> considered exploitable on the x86 architecture is probably still a good to<br> patch. For details, see: http://www.cert.org/advisories/CA-2002-21.html<br> (* Security fix *)<br>----------------------------<p><br>WHERE TO FIND THE NEW PACKAGES:<br>-------------------------------<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.26-i386-2.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-2.2.5-i386-3.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-solibs-2.2.5-i386-3.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.4p1-i386-2.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6e-i386-1.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6e-i386-1.tgz<br>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.2.2-i386-1.tgz<p><br>MD5 SIGNATURES:<br>---------------<p>Here are the md5sums for the packages:<br>9af3e989fb581fbb29cf6b2d91b1a921 apache-1.3.26-i386-2.tgz<br>d159bf51306def68f9d28ef5bed06e52 glibc-2.2.5-i386-3.tgz<br>0b5414fbecbb7aace3593cdfeecba907 glibc-solibs-2.2.5-i386-3.tgz<br>aaa5a61ff4600d415cf583dab9fbd0a0 mod_ssl-2.8.10_1.3.26-i386-1.tgz<br>ea0ee4aac4b28ab3f8ed2190e7b3a7d8 openssh-3.4p1-i386-2.tgz<br>88f32f01ce855d4363bc71899404e2db openssl-0.9.6e-i386-1.tgz<br>c20073efd9e3847bfa28da9d614e1dcd openssl-solibs-0.9.6e-i386-1.tgz<br>032bc53692b721ecec80d69944112ea1 php-4.2.2-i386-1.tgz<p><br>INSTALLATION INSTRUCTIONS:<br>--------------------------<p>Upgrade existing packages using the upgradepkg command:<p> # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \<br> glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \<br> openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \<br> openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz<p>If the packages have not been previously installed, either use the<br>installpkg command, or the --install-new option with upgradepkg.<p>Finally, if your site runs Apache it will need to be restarted:<p> # apachectl restart<p><br>- Slackware Linux Security Team<br> http://www.slackware.com Fri, 02 Aug 2002 05:02:37 +0000 https://lwn.net/Articles/6508/ https://lwn.net/Articles/6508/ DaveK The advisory appears to have been posted to the slackware security mailing list at about 20:10 GMT last night. Thu, 01 Aug 2002 12:42:05 +0000