Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Slackware: Multiple recent security updates Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Slackware Slackware has noted that they've fixed the recent mm, glibc, openssl, php, and openssh vulnerabilities recently discovered.

Date: Wed, 31 Jul 2002 13:11:28 -0700 (PDT)
From: Slackware Security Team 
Subject: [slackware-security] Security updates for Slackware 8.1

Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz:  Upgraded the included libmm
  to version 1.2.1.  Versions of libmm earlier than 1.2.0 contain a tmp file
  vulnerability which may allow the local Apache user to gain privileges via
  temporary files or symlinks.  For details, see:
This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
  (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network addresses.
  (* Security fix *)
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz:  This update fixes an
  off-by-one error in earlier versions of mod_ssl that may allow local users to
  execute code as the Apache user.  For more information, see:
(* Security fix *)
patches/packages/openssh-3.4p1-i386-2.tgz:  Recompiled against openssl-0.9.6e.
  This update also contains a fix to the installation script to ensure that the
  sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e, which
  fixes 4 potentially remotely exploitable bugs.  For details, see:
(* Security fix *)
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz:  Upgraded to openssl-0.9.6e,
  which fixes 4 potentially remotely exploitable bugs.  For details, see:
(* Security fix *)
patches/packages/php-4.2.2-i386-1.tgz:  Upgraded to php-4.2.2.  Earlier versions
  of PHP 4.2.x contain a security vulnerability, which although not currently
  considered exploitable on the x86 architecture is probably still a good to
  patch.  For details, see:
(* Security fix *)



Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921  apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52  glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907  glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0  mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8  openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db  openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd  openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1  php-4.2.2-i386-1.tgz


Upgrade existing packages using the upgradepkg command:

   # upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
     glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
     openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
     openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

   # apachectl restart

- Slackware Linux Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.