New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
and -current to fix security issues.
Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use
PHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is
or you'll (by definition) run into problems.
More details about one of the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0,
12.1, and -current to fix security issues, including crashes that can corrupt
memory, as well as a JavaScript privilege escalation and arbitrary code
execution flaw.
More details about these issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, 11.0, 12.0, and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Additional information can be found in the libpng source, or in this
file on the libpng FTP site:
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
12.0, and -current to fix security issues.
An overflow was found in the Speex decoder that could lead to a crash or
possible execution of arbitrary code.
New mozilla-firefox packages are available for Slackware 10.2, 11.0,
12.0, and -current to fix a possible security bug.
More details about this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
https://bugzilla.mozilla.org/show_bug.cgi?id=425576
New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, and -current to fix security issues.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
To browse through our weekly Linux Advisory Watch newsletters,