Welcome to Gaia! ::

The Official Linux Users of Gaia

Back to Guilds

A Guild for Linux, BSD, Mac, Solaris, and other Unix like operating systems. 

Tags: Computer Help, Linux, BSD (Berkeley Software Distrobution), Mac (Macintosh), Unix 

Reply Linux Security, keeping you on top of the bugs!
Slackware 06/22/09 (x2)

Quick Reply

Enter both words below, separated by a space:

Can't read the text? Click here

Submit

vendion Gear
Captain

 
Offline
PostPosted: Mon Jun 22, 2009 11:09 am


New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904

[slackware-security] ruby (SSA:2009-170-02)

New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,
and -current to fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904


Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/ruby-1.8.7_p174-i486-1_slack12.2.tgz: Upgraded.
This fixes a denial of service issue caused by the BigDecimal method
handling large input values improperly that may allow attackers to
crash the interpreter. The issue affects most Rails applications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! smile

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ruby-1.8.6_p369-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ruby-1.8.6_p369-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ruby-1.8.6_p369-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ruby-1.8.7_p174-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.8.7_p174-i486-1.txz

Updated package for Slackware64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.8.7_p174-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 11.0 package:
22fb801042d7dc35e1b86ed255a8bd7b ruby-1.8.6_p369-i486-1_slack11.0.tgz

Slackware 12.0 package:
6b84e678c5b44f4dc377adcc3559c213 ruby-1.8.6_p369-i486-1_slack12.0.tgz

Slackware 12.1 package:
3feef33d7bb4a08d68f1c5f1a6632591 ruby-1.8.6_p369-i486-1_slack12.1.tgz

Slackware 12.2 package:
6bb863701e2d6e816b659e859511bb3d ruby-1.8.7_p174-i486-1_slack12.2.tgz

Slackware -current package:
e6ab7003f01736c02ab8e5457711246d ruby-1.8.7_p174-i486-1.txz

Slackware64 -current package:
00865047650f7b36ff427722526bcce2 ruby-1.8.7_p174-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ruby-1.8.7_p174-i486-1_slack12.2.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
PostPosted: Mon Jun 22, 2009 11:10 am


New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042

[slackware-security] libpng (SSA:2009-170-01)

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.

Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced
images that may have security implications.


More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042


Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/libpng-1.2.37-i486-1_slack12.2.tgz: Upgraded.
This update fixes a possible security issue. Jeff Phillips discovered an
uninitialized-memory-read bug affecting interlaced images that may have
security implications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! smile

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.37-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.37-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.37-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.37-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.37-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.37-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.37-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.37-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.37-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.37-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.2.37-i486-1.txz

Updated package for Slackware64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.2.37-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 8.1 package:
1851e3199ffefdfa5fd8a99d895a40a3 libpng-1.2.37-i386-1_slack8.1.tgz

Slackware 9.0 package:
4693d4a6794100fde58eaf5fa465ee8f libpng-1.2.37-i386-1_slack9.0.tgz

Slackware 9.1 package:
ec207cf4bfb1f847e50a6dbf3dc78115 libpng-1.2.37-i486-1_slack9.1.tgz

Slackware 10.0 package:
1876f3ac377ce5d259c7ec3f6e0153a7 libpng-1.2.37-i486-1_slack10.0.tgz

Slackware 10.1 package:
2ab0b1ac484925f30984636353d39bda libpng-1.2.37-i486-1_slack10.1.tgz

Slackware 10.2 package:
0921f5d71d168b226cc3022d33fcbe23 libpng-1.2.37-i486-1_slack10.2.tgz

Slackware 11.0 package:
a901f86a500ac565c4f37fa1d13510d9 libpng-1.2.37-i486-1_slack11.0.tgz

Slackware 12.0 package:
3311aaf3084916f5c6945ebf82f7dffd libpng-1.2.37-i486-1_slack12.0.tgz

Slackware 12.1 package:
5fa3c78fb2a34ead9921237ee40a5261 libpng-1.2.37-i486-1_slack12.1.tgz

Slackware 12.2 package:
4ce1aa90b408c55a5727e8e7dee8bf0f libpng-1.2.37-i486-1_slack12.2.tgz

Slackware -current package:
d596d01bf2f7dc74080cf819f53d9417 libpng-1.2.37-i486-1.txz

Slackware64 -current package:
393078aee59637e0158612f3b46e4e7b libpng-1.2.37-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libpng-1.2.37-i486-1_slack12.2.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

vendion Gear
Captain

 
Offline
Reply
Linux Security, keeping you on top of the bugs!
 
Manage Your Items
Other Stuff
More
Get GCash
Offers
More
Get Items
More Items
More
Where Everyone Hangs Out
Other Community Areas
  • Guilds
    fan clubs for the stuff you love
  • Chat
    chat in real time with other Gaians
  • Art Arenas
    browse & rate gaian art galleries
  • Clans
    play zOMG with others
More
Virtual Spaces
Fun Stuff
More
Gaia's Games
Mini-Games
More
Play with GCash
Play with Platinum
More