http://www.linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us generate-advisory-rss.pl (1.01) http://www.linuxsecurity.com/content/view/116271?rdf (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... http://www.linuxsecurity.com/content/view/116271?rdf Robert Lemos, CNET News.com http://www.linuxsecurity.com/content/view/136167?rdf (Apr 15) "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless ne ... http://www.linuxsecurity.com/content/view/136167?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136540?rdf (Apr 29) New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 Additional information can be found in the libpng source, or in this file on the libpng FTP site: ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt http://www.linuxsecurity.com/content/view/136540?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136391?rdf (Apr 21) New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code. http://www.linuxsecurity.com/content/view/136391?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/136358?rdf (Apr 17) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug. More details about this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox https://bugzilla.mozilla.org/show_bug.cgi?id=425576 http://www.linuxsecurity.com/content/view/136358?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135994?rdf (Apr 7) New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 http://www.linuxsecurity.com/content/view/135994?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135993?rdf (Apr 7) New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 http://www.linuxsecurity.com/content/view/135993?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135982?rdf (Apr 4) New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 http://www.linuxsecurity.com/content/view/135982?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135971?rdf (Apr 3) New cups packages are available for Slackware 12.0, and -current to fix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here, but if you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet). http://www.linuxsecurity.com/content/view/135971?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135866?rdf (Apr 1) New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak. http://www.linuxsecurity.com/content/view/135866?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135860?rdf (Mar 29) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox http://www.linuxsecurity.com/content/view/135860?rdf LinuxSecurity.com http://www.linuxsecurity.com/content/view/135859?rdf (Mar 29) New seamonkey packages are available for Slackware 11.0, 12.0, and -current to fix security issues. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey http://www.linuxsecurity.com/content/view/135859?rdf LinuxSecurity.com