Skip to content. | Skip to navigation

Sections
Personal tools
You are here: Home News
 

News

Showing blog entries tagged as: Security

Seamonkey, GnuTLS and Ruby upgrades.

Posted by Rodrigo Bistolfi at Jul 15, 2008 05:00 PM |
Filed under: Security

Seamonkey-1.1.10


Incognu has packaged seamonkey-1.1.10 for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.

Package: seamonkey-1.1.10-i586-2vl59.tlz
MD5: f53f0ad5c500a19e9b6a3873f909073a
Package Size: 18,152 KIB (17.73 MB)
Installed size: 73,650 KIB (71.92 MB)
Above info's not available for the VL5.8 package

 

SeaMonkey (an open-source web browser suite)

The SeaMonkey browser suite.  SeaMonkey features a state-of-the-art
web browser and powerful email client, as well as a WYSIWYG web page
composer and a feature-rich IRC chat client. For web  developers,
mozilla.org's DOM inspector and JavaScript debugger tools are included
as well.

Visit the SeaMonkey project at this URL:
http://www.mozilla.org/projects/seamonkey/


Ruby 1.8.6_p230

 

Ruby-1.8.6_p230 is available for VectorLinux-5.9 to fix security issues reported here:

http://www.slackware.com/security/viewer.php?l=slackware-security

 

Ruby (Interpreted object-oriented scripting language)

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

Visit the Ruby project online at http://www.ruby-lang.org/

 

GnuTLS 1.6.3

 

GnuTLS-1.6.3 is available for download from the VectorLinux repository. 

This is a security fix:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950

Package: gnutls-1.6.3-i486-1_slack12.0.tlz
MD5: 06af4e1a0b8e26aab07052508300c790
Package Size: 827 KIB (0.81 MB)
Installed size: 2,270 KIB (2.22 MB)

gnutls (GNU TLS library)

This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets
Layer) 3.0 implementation.  In brief, GnuTLS can be described as a
library which offers an API to access secure communication protocols.
These protocols provide privacy over insecure lines, and were designed
to prevent eavesdropping, tampering, or message forgery.

Homepage: http://www.gnu.org/software/gnutls/

 

This packages are available from the teting repository. You can read about the VectorLinux packaging system here. If you find any problem, please find assistance at the VectorLinux Forum.

Read More…

Samba security update

Posted by Rodrigo Bistolfi at Jun 06, 2008 06:14 AM |
Filed under: Security

New samba packages are available for Vector Linux 5.9 to fix a security issue:

Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations." This flaw affects Samba versions from 3.0.0 through 3.0.29.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

http://slackware.com/security/

Read More…

Rdesktop security update

Posted by Rodrigo Bistolfi at Jun 06, 2008 06:08 AM |
Filed under: Security

A new rdesktop package is available for Vector Linux 5.9 in the testing repository. This fix a security issue caused by using rdesktop to connect to a malicious or compromised RDP server.



More details about this issue:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801

http://slackware.com/security/




Read More…

Mozilla Thunderbird

Posted by Rodrigo Bistolfi at May 26, 2008 06:50 AM |
Filed under: Security

Mozilla-thunderbird 2.0.0.14 is available for 5.8 and 5.9 to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw. More details about these issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237

Read More…

Xine-lib

Posted by Rodrigo Bistolfi at May 26, 2008 06:46 AM |
Filed under: Security

An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code.Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based bufferoverflow in the NES demuxer thanks to milw0rm.com).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686

Xine-lib 1.1.12 is now available from the testing repository.



Read More…

Bzip2

Posted by Rodrigo Bistolfi at May 26, 2008 06:42 AM |
Filed under: Security

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372

New bzip2 package is available for Vector Linux 5.9

Read More…

m4 security advisore

Posted by Rodrigo Bistolfi at May 26, 2008 06:38 AM |
Filed under: Security

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688

New m4 package is available in the testing repository.

Read More…

OpenSSH 5.0p1

Posted by Rodrigo Bistolfi at May 26, 2008 06:33 AM |
Filed under: Security

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

OpenSSH 5.0p1 is now available in the testing repository.

Read More…

Cups 1.3.7

Posted by Rodrigo Bistolfi at May 26, 2008 06:25 AM |
Filed under: Security

New cups packages are available for Vector Linux 5.9 to fix security issues. If you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet).

Read More…

espgs/ghostscript

Posted by Rodrigo Bistolfi at May 26, 2008 06:20 AM |
Filed under: Security

Description

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

New package is available for VectorLinux 5.9, we recommend to upgrade the espgs package to the latest in the testing repository.

Read More…

080509 libpng-1.2.29

Posted by Rodrigo Bistolfi at May 12, 2008 09:20 PM |
Filed under: Security

Libpng security update

Read More…

Firefox 2.0.0.14

Posted by Rodrigo Bistolfi at May 06, 2008 11:30 AM |

Firefox security update

Read More…

Seamonkey security update

Posted by Rodrigo Bistolfi at May 05, 2008 11:12 AM |
Filed under: Security

Incognu has packaged seamonkey-1.1.9 for VL5.8 and VL5.9
A SeaMonkey security update.

seamonkey: SeaMonkey (an open-source web browser suite)

seamonkey:

seamonkey: The SeaMonkey browser suite.  SeaMonkey features a state-of-the-art

seamonkey: web browser and powerful email client, as well as a WYSIWYG web page

seamonkey: composer and a feature-rich IRC chat client. For web

seamonkey: developers, mozilla.org's DOM inspector and JavaScript debugger tools

seamonkey: are included as well.

seamonkey:

seamonkey: Visit the SeaMonkey project at this URL:

seamonkey:   http://www.mozilla.org/projects/seamonkey/

Please let us know if this package works or not in this thread.

Read More…

Kernel Exploit

Posted by Rodrigo Bistolfi at Feb 11, 2008 06:05 PM |
Filed under: Security

Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities

Read More…

Document Actions