Date: Wed, 31 Jul 2002 13:11:28 -0700 (PDT)
From: Slackware Security Team 
To: slackware-security@slackware.com
Subject: [slackware-security] Security updates for Slackware 8.1


Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
  to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
  vulnerability which may allow the local Apache user to gain privileges via
  temporary files or symlinks.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
  to:
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network addresses.
  (* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
  off-by-one error in earlier versions of mod_ssl that may allow local users to
  execute code as the Apache user.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
(* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
  This update also contains a fix to the installation script to ensure that the
  sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
  fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
  which fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier versions
  of PHP 4.2.x contain a security vulnerability, which although not currently
  considered exploitable on the x86 architecture is probably still a good to
  patch.  For details, see:  https://insights.sei.cmu.edu/library/2002-cert-advisories/
(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921  apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52  glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907  glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0  mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8  openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db  openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd  openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1  php-4.2.2-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Upgrade existing packages using the upgradepkg command:

   # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
     glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
     openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
     openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

   # apachectl restart


- Slackware Linux Security Team
  http://www.slackware.com

Slackware: Multiple recent security updates

July 31, 2002
Slackware has noted that they've fixed the recent mm, glibc, openssl, php, and openssh vulnerabilities recently discovered.

Summary

Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jul 30 19:45:52 PDT 2002 patches/packages/apache-1.3.26-i386-2.tgz: Upgraded the included libmm to version 1.2.1. Versions of libmm earlier than 1.2.0 contain a tmp file vulnerability which may allow the local Apache user to gain privileges via temporary files or symlinks. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26. (* Security fix *) patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow in glibc's DNS resolver functions that look up network addresses. Another workaround for this problem is to edit /etc/nsswtich.conf changing: networks: files dns to: networks: files (* Security fix *) patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer overflow in glibc's DNS resolver functions that look up network addresses. (* Security fix *) patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz: This update fixes an off-by-one error in earlier versions of mod_ssl that may allow local users to execute code as the Apache user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 (* Security fix *) patches/packages/openssh-3.4p1-i386-2.tgz: Recompiled against openssl-0.9.6e. This update also contains a fix to the installation script to ensure that the sshd privsep user is correctly created. patches/packages/openssl-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which fixes 4 potentially remotely exploitable bugs. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 (* Security fix *) patches/packages/openssl-solibs-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which fixes 4 potentially remotely exploitable bugs. For details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 (* Security fix *) patches/packages/php-4.2.2-i386-1.tgz: Upgraded to php-4.2.2. Earlier versions of PHP 4.2.x contain a security vulnerability, which although not currently considered exploitable on the x86 architecture is probably still a good to patch. For details, see: https://insights.sei.cmu.edu/library/2002-cert-advisories/ (* Security fix *) ---------------------------- WHERE TO FIND THE NEW PACKAGES: ------------------------------- MD5 SIGNATURES: --------------- Here are the md5sums for the packages: 9af3e989fb581fbb29cf6b2d91b1a921 apache-1.3.26-i386-2.tgz d159bf51306def68f9d28ef5bed06e52 glibc-2.2.5-i386-3.tgz 0b5414fbecbb7aace3593cdfeecba907 glibc-solibs-2.2.5-i386-3.tgz aaa5a61ff4600d415cf583dab9fbd0a0 mod_ssl-2.8.10_1.3.26-i386-1.tgz ea0ee4aac4b28ab3f8ed2190e7b3a7d8 openssh-3.4p1-i386-2.tgz 88f32f01ce855d4363bc71899404e2db openssl-0.9.6e-i386-1.tgz c20073efd9e3847bfa28da9d614e1dcd openssl-solibs-0.9.6e-i386-1.tgz 032bc53692b721ecec80d69944112ea1 php-4.2.2-i386-1.tgz INSTALLATION INSTRUCTIONS: -------------------------- Upgrade existing packages using the upgradepkg command: # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \ glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \ openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \ openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz If the packages have not been previously installed, either use the installpkg command, or the --install-new option with upgradepkg. Finally, if your site runs Apache it will need to be restarted: # apachectl restart - Slackware Linux Security Team http://www.slackware.com

Where Find New Packages

MD5 Signatures

Severity
Date: Wed, 31 Jul 2002 13:11:28 -0700 (PDT) From: Slackware Security Team To: slackware-security@slackware.com Subject: [slackware-security] Security updates for Slackware 8.1
Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Installation Instructions

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved