Incognu has packaged seamonkey-1.1.10 for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.
Package Size: 18,152 KIB (17.73 MB)
Installed size: 73,650 KIB (71.92 MB)
Above info's not available for the VL5.8 package
SeaMonkey (an open-source web browser suite)
The SeaMonkey browser suite. SeaMonkey features a state-of-the-art
web browser and powerful email client, as well as a WYSIWYG web page
composer and a feature-rich IRC chat client. For web developers,
Visit the SeaMonkey project at this URL:
Ruby-1.8.6_p230 is available for VectorLinux-5.9 to fix security issues reported here:
Ruby (Interpreted object-oriented scripting language)
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
Visit the Ruby project online at http://www.ruby-lang.org/
GnuTLS-1.6.3 is available for download from the VectorLinux repository.
This is a security fix:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Package Size: 827 KIB (0.81 MB)
Installed size: 2,270 KIB (2.22 MB)
gnutls (GNU TLS library)
This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets
Layer) 3.0 implementation. In brief, GnuTLS can be described as a
library which offers an API to access secure communication protocols.
These protocols provide privacy over insecure lines, and were designed
to prevent eavesdropping, tampering, or message forgery.
This packages are available from the teting repository. You can read about the VectorLinux packaging system here. If you find any problem, please find assistance at the VectorLinux Forum.
New samba packages are available for Vector Linux 5.9 to fix a security issue:
Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations." This flaw affects Samba versions from 3.0.0 through 3.0.29.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
A new rdesktop package is available for Vector Linux 5.9 in the testing repository. This fix a security issue caused by using rdesktop to connect to a malicious or compromised RDP server.
More details about this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code.Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based bufferoverflow in the NES demuxer thanks to milw0rm.com).
Xine-lib 1.1.12 is now available from the testing repository.
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
New bzip2 package is available for Vector Linux 5.9
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
New m4 package is available in the testing repository.
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
OpenSSH 5.0p1 is now available in the testing repository.
New cups packages are available for Vector Linux 5.9 to fix security issues. If you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet).
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
New package is available for VectorLinux 5.9, we recommend to upgrade the espgs package to the latest in the testing repository.
Libpng security update
Firefox security update
Incognu has packaged seamonkey-1.1.9 for VL5.8 and VL5.9
A SeaMonkey security update.
Please let us know if this package works or not in this thread.
seamonkey: SeaMonkey (an open-source web browser suite)
seamonkey: The SeaMonkey browser suite. SeaMonkey features a state-of-the-art
seamonkey: web browser and powerful email client, as well as a WYSIWYG web page
seamonkey: composer and a feature-rich IRC chat client. For web
seamonkey: are included as well.
seamonkey: Visit the SeaMonkey project at this URL:
Linux Kernel Multiple Prior to 126.96.36.199 Multiple Memory Access Vulnerabilities