LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: Multiple recent security updates Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Slackware Slackware has noted that they've fixed the recent mm, glibc, openssl, php, and openssh vulnerabilities recently discovered.

Date: Wed, 31 Jul 2002 13:11:28 -0700 (PDT)
From: Slackware Security Team 
To: slackware-security@slackware.com
Subject: [slackware-security] Security updates for Slackware 8.1


Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
  to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
  vulnerability which may allow the local Apache user to gain privileges via
  temporary files or symlinks.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
  to:
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network addresses.
  (* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
  off-by-one error in earlier versions of mod_ssl that may allow local users to
  execute code as the Apache user.  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
(* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
  This update also contains a fix to the installation script to ensure that the
  sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
  fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
  which fixes 4 potentially remotely exploitable bugs.  For details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
(* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier versions
  of PHP 4.2.x contain a security vulnerability, which although not currently
  considered exploitable on the x86 architecture is probably still a good to
  patch.  For details, see:  http://www.cert.org/advisories/CA-2002-21.html
(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.26-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-solibs-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.4p1-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.2.2-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921  apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52  glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907  glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0  mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8  openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db  openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd  openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1  php-4.2.2-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Upgrade existing packages using the upgradepkg command:

   # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
     glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
     openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
     openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

   # apachectl restart


- Slackware Linux Security Team
  http://www.slackware.com

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Ottawa Linux Symposium: May get by with a little help from its friends
Black Hat 2014: How to crack just about everything
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22
More Details of Onion/Critroni Crypto Ransomware Emerge
Is there Another NSA Leaker? Updated
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.