News
VectorLinux Light Edition Released
The VectorLinux team is proud to announce the release of VectorLinux 5.9 Light final. Living up to the Vector motto of "When Choice Matters," we give you lots of choices in a small package. JWM and Fluxbox window managers for those who want something very light and basic, and the exciting new lightweight desktop environment, LXDE for those who want more features. You will find XFE and Pcmanfm file managers, Opera, Dillo and Lynx web browsers. Xine, MPlayer, and XMMS handle Multimedia while Abiword and Gnumeric cover basic office tasks. Of course the usual Vector tools are included to make your life easier. We think you will find this very fast and very efficient and a perfect fit to any pc new or old.
Although centered around lightweight applications, the complete underlying Vector base allows you to modify and customize your system to your liking. Additional applications are available through the package manager or by compiling your own applications. Standard command line tools or graphical versions like gslapt and vpackager are at your disposal.
Download here:
http://vectorlinux.osuosl.org/veclinux-5.9/iso-release/VL5.9-Light-FINAL.iso
md5sum:
http://vectorlinux.osuosl.org/veclinux-5.9/iso-release/VL5.9-Light-FINAL.iso.md5.txt
ENJOY!!
The VectorLinux teamSeamonkey-1.1.11 - Security update
Seamonkey-1.1.11
A new Seamonkey package is available for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.
Package: seamonkey-1.1.11-i586-1vl58.tlz
MD5: 6f332911c4c69049b327ba329c239221
Package Size: 18,500 KIB (18.07 MB)
Installed size: 75,750 KIB (73.97 MB)
Package: seamonkey-1.1.11-i586-1vl59.tlz
MD5: c5e58f87501130d220615d125f148089
Package Size: 18,192 KIB (17.77 MB)
Installed size: 74,310 KIB (72.57 MB)
SeaMonkey (an open-source web browser suite)
The SeaMonkey browser suite. SeaMonkey features a state-of-the-art web browser and powerful email client, as well as a WYSIWYG web page composer and a feature-rich IRC chat client. For web developers, mozilla.org's DOM inspector and JavaScript debugger tools are included as well.
Visit the SeaMonkey project at this URL:
http://www.mozilla.org/projects/seamonkey/
Seamonkey, GnuTLS and Ruby upgrades.
Seamonkey-1.1.10
Incognu has packaged seamonkey-1.1.10 for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.
Package: seamonkey-1.1.10-i586-2vl59.tlz
MD5: f53f0ad5c500a19e9b6a3873f909073a
Package Size: 18,152 KIB (17.73 MB)
Installed size: 73,650 KIB (71.92 MB)
Above info's not available for the VL5.8 package
SeaMonkey (an open-source web browser suite)
The SeaMonkey browser suite. SeaMonkey features a state-of-the-art
web browser and powerful email client, as well as a WYSIWYG web page
composer and a feature-rich IRC chat client. For web developers,
mozilla.org's DOM inspector and JavaScript debugger tools are included
as well.
Visit the SeaMonkey project at this URL:
http://www.mozilla.org/projects/seamonkey/
Ruby 1.8.6_p230
Ruby-1.8.6_p230 is available for VectorLinux-5.9 to fix security issues reported here:
http://www.slackware.com/security/viewer.php?l=slackware-security
Ruby (Interpreted object-oriented scripting language)
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
Visit the Ruby project online at http://www.ruby-lang.org/
GnuTLS 1.6.3
GnuTLS-1.6.3 is available for download from the VectorLinux repository.
This is a security fix:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Package: gnutls-1.6.3-i486-1_slack12.0.tlz
MD5: 06af4e1a0b8e26aab07052508300c790
Package Size: 827 KIB (0.81 MB)
Installed size: 2,270 KIB (2.22 MB)
gnutls (GNU TLS library)
This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets
Layer) 3.0 implementation. In brief, GnuTLS can be described as a
library which offers an API to access secure communication protocols.
These protocols provide privacy over insecure lines, and were designed
to prevent eavesdropping, tampering, or message forgery.
Homepage: http://www.gnu.org/software/gnutls/
This packages are available from the teting repository. You can read about the VectorLinux packaging system here. If you find any problem, please find assistance at the VectorLinux Forum.
Samba security update
New samba packages are available for Vector Linux 5.9 to fix a security issue:
Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations." This flaw affects Samba versions from 3.0.0 through 3.0.29.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
Rdesktop security update
A new rdesktop package is available for Vector Linux 5.9 in the testing repository. This fix a security issue caused by using rdesktop to connect to a malicious or compromised RDP server.
More details about this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
http://slackware.com/security/
Mozilla Thunderbird
Mozilla-thunderbird 2.0.0.14 is available for 5.8 and 5.9 to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw. More details about these issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
Xine-lib
An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code.Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based bufferoverflow in the NES demuxer thanks to milw0rm.com).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Xine-lib 1.1.12 is now available from the testing repository.
Bzip2
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
New bzip2 package is available for Vector Linux 5.9
m4 security advisore
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
New m4 package is available in the testing repository.
OpenSSH 5.0p1
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
OpenSSH 5.0p1 is now available in the testing repository.
Cups 1.3.7
New cups packages are available for Vector Linux 5.9 to fix security issues. If you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet).
espgs/ghostscript
Description
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
New package is available for VectorLinux 5.9, we recommend to upgrade the espgs package to the latest in the testing repository.
Firefox 2.0.0.14
Firefox security update
Seamonkey security update
Incognu has packaged seamonkey-1.1.9 for VL5.8 and VL5.9
A SeaMonkey security update.
Please let us know if this package works or not in this thread.seamonkey: SeaMonkey (an open-source web browser suite)
seamonkey:
seamonkey: The SeaMonkey browser suite. SeaMonkey features a state-of-the-art
seamonkey: web browser and powerful email client, as well as a WYSIWYG web page
seamonkey: composer and a feature-rich IRC chat client. For web
seamonkey: developers, mozilla.org's DOM inspector and JavaScript debugger tools
seamonkey: are included as well.
seamonkey:
seamonkey: Visit the SeaMonkey project at this URL:
seamonkey: http://www.mozilla.org/projects/seamonkey/
VectorLinux 5.8 live CD GOLD final and SOHO-5.8 live alpha1
The VectorLinux team is proud to announce the release of VectorLinux 5.8 GOLD LIVE CD and the first SOHO-5.8 alpha live CD and DVD. This is the final release for 5.8 standard GOLD live. The hard drive installer that has been problematic is fixed and should work well. The SOHO 5.8 alpha live comes in either CD or DVD versions. The DVD version includes all that is in the SOHO-5.8 install release plus 62 additional language packs for KDE. The CD version has lost some funtionality due to size constraints. The development tool chain and OpenOffice (replaced by Koffice) were removed. However, for demo purposes the CD live version of SOHO-5.8 should work well.
These live CD's demo all that is making the 5.8 Vector release famous like browser plugins, seamonkey firefox and opera, the newest xfce4 desktop, The Gimp and Xara LX, Abiword and Gnumeric, vasm and vl-hot, wireless drivers and configuration tools, support for read and write to ntfs via fuse and ntfs-3g, and lots of fun and games.
