Feeds:
Pos
Komentar

Posts Tagged ‘slackware’

Slackware-security

[slackware-security] php (SSA:2008-128-01)

New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
and -current to fix security issues.

Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use
PHP4), so if your PHP code is not ready for PHP5, don’t upgrade until it is
or you’ll (by definition) run into problems.

More details about one of the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599

Here are the details from the Slackware 12.1 ChangeLog:
+————————–+
patches/packages/php-5.2.6

-i486-1_slack12.1.tgz:
Upgraded to php-5.2.6.
This version of PHP contains many fixes and enhancements. Some of the fixes
are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by
Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd()
identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional
information should become available at this URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other
fixes in PHP 5.2.6 may be found in the PHP release announcement here:
http://www.php.net/releases/5_2_6.php
(* Security fix *)
+————————–+

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.6-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.6-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.6-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.6-i486-1_slack12.1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.6-i486-1.tgz

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,
12.1, and -current to fix security issues, including crashes that can corrupt
memory, as well as a JavaScript privilege escalation and arbitrary code
execution flaw.

More details about these issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237

Here are the details from the Slackware 12.1 ChangeLog:
+————————–+
patches/packages/mozilla

Read Full Post »