|
楼主 |
发表于 2008-7-29 15:33:31
|
显示全部楼层
Mon Jul 28 22:45:58 CDT 2008
a/openssl-solibs-0.9.8h-i486-1.tgz:
Upgraded to OpenSSL 0.9.8h shared libraries (see below).
(* Security fix *)
a/sysvinit-scripts-1.2-noarch-21.tgz: For now, quiet error output from
update-mime-database, since KDE4 causes some "noise".
ap/vim-7.1.330-i486-1.tgz:
Upgraded to vim-7.1.330. This fixes several security issues related to
the automatic processing of untrusted files.
For more information, see:
http://www.rdancer.org/vulnerablevim.html
(* Security fix *)
l/libxml2-2.6.32-i486-1.tgz: Upgraded to libxml2-2.6.32.
l/libxslt-1.1.24-i486-1.tgz:
Upgraded to libxslt-1.1.24.
A buffer overflow when processing XSL stylesheets could result in the
execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
(* Security fix *)
l/pcre-7.7-i486-1.tgz:
Upgraded to pcre-7.7.
Tavis Ormandy of the Google Security Team found a buffer overflow triggered
when handling certain regular expressions. This could lead to a crash or
possible execution of code as the user of the PCRE-linked application.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
(* Security fix *)
n/fetchmail-6.3.8-i486-3.tgz:
Patched to fix a possible denial of service when "-v -v" options are used.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
(* Security fix *)
n/httpd-2.2.9-i486-1.tgz:
Upgraded to httpd-2.2.9.
This release fixes flaws which could allow XSS attacks.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
(* Security fix *)
n/links-2.1-i486-1.tgz:
Upgraded to links-2.1.
Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
(* Security fix *)
n/mtr-0.73-i486-1.tgz:
Upgraded to mtr-0.73.
This fixes a minor security bug where a very long hostname in the trace path
could lead to an overflow (and most likely just a crash).
(* Security fix *)
n/net-snmp-5.4.1.2-i486-1.tgz:
Upgraded to net-snmp-5.4.1.2.
A vulnerability was discovered where an attacked could spoof an authenticated
SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was
found that could be exploited if an application using the net-snmp perl
modules connects to a malicious server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
(* Security fix *)
n/openldap-client-2.3.43-i486-1.tgz: Upgraded to openldap-2.3.43.
This release fixes a security issue in slapd (our package does not ship it.)
n/openssh-5.1p1-i486-1.tgz:
Upgraded to openssh-5.1p1.
When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or
it is possible to be unable to log back into sshd!
n/openssl-0.9.8h-i486-1.tgz:
Upgraded to OpenSSL 0.9.8h.
The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
If OpenSSL was compiled using non-default options (Slackware's package
is not), then a malicious packet could cause a crash. Also, a malformed
TLS handshake could also lead to a crash.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
it is possible to be unable to log back into sshd!
(* Security fix *)
xap/gimp-2.4.6-i486-1.tgz: Upgraded to gimp-2.4.6.
xap/mozilla-thunderbird-2.0.0.16-i686-1.tgz:
Upgraded to thunderbird-2.0.0.16.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/ ... /thunderbird20.html
(* Security fix *)
xap/vim-gvim-7.1.330-i486-1.tgz: Upgraded to vim-gvim-7.1.330.
See "vim" above for details.
(* Security fix *)
xap/xscreensaver-5.06-i486-1.tgz: Upgraded to xscreensaver-5.06.
+--------------------------+ |
|