октомври 4, 2009, 11:33 am
Има две важни промени днес PHP и Samba. Промените са направени едновременно в -Stable и в -Current. В -Current, обаче има и доста други промени като MySQL, Amarok, QT, Perl, както и GCC 4.4.1.
Това е последното от -Current changelog-а:
Sun Oct 4 00:17:50 CDT 2009
ap/mysql-5.1.39-i486-1.txz: Upgraded. This bumps the version of the shared libraries to .so.16.0.0.
d/perl-5.10.1-i486-1.txz: Upgraded. Compiled against mysql-5.1.39, upgraded to perl-5.10.1, DBD-mysql-4.013, DBI-1.609, and URI-1.40.
kde/amarok-2.2.0-i486-1.txz: Upgraded.
l/qt-4.5_0bd8418-i486-1.txz: Upgraded. This is the KDE Qt 4.5.2-patched git branch, compiled against mysql-5.1.39.
l/redland-1.0.9-i486-1.txz: Upgraded. Compiled against mysql-5.1.39.
l/soprano-2.3.1-i486-1.txz: Upgraded.
l/taglib-1.6-i486-1.txz: Upgraded.
l/taglib-extras-1.0.1-i486-1.txz: Upgraded.
n/openssh-5.3p1-i486-1.txz: Upgraded.
n/php-5.2.11-i486-1.txz: Upgraded. This release fixes some possible security issues,
all of which have "unknown impact and attack vectors".For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
(* Security fix *)
Also, thanks to Frank Gingras and Rich Bowen for helping to improve the syntax in mod_php.conf.
n/samba-3.4.2-i486-1.txz: Upgraded.
This update fixes the following security issues.
A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed.
mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid.
(On Slackware, it was not installed setuid)
Specially crafted SMB requests could cause a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
(* Security fix *)
testing/packages/gcc-4.4.1/gcc-4.4.1-i486-1.txz: Added.
testing/packages/gcc-4.4.1/gcc-g++-4.4.1-i486-1.txz: Added.
testing/packages/gcc-4.4.1/gcc-gfortran-4.4.1-i486-1.txz: Added.
testing/packages/gcc-4.4.1/gcc-gnat-4.4.1-i486-1.txz: Added.
testing/packages/gcc-4.4.1/gcc-java-4.4.1-i486-1.txz: Added.
testing/packages/gcc-4.4.1/gcc-objc-4.4.1-i486-1.txz: Added.
Possibly Related Posts:
Етикети:
linux,
news,
secure,
security fix,
security upgrade,
slackware,
slackware c,
slackware changelog,
upgrade,
линукс,
нова версия,
сигурност,
ъпгрейд Category:
Changelogs,
Новини,
Сигурност |
Коментар юни 22, 2009, 8:08 pm
Ще ви представя един много лесен начина за инсталиране на Tor под Slackware.
Следващата процедура работи само ако имате инсталиран slapt-get.
Стъпка 1:
Отваряте /etc/slapt-get/slapt-getrc и добавяте в края :
SOURCE=http://darkstar.ist.utl.pt/slackware/addon/slacky/slackware-$version/
като заменяте $version с версията от /etc/slackware-version на вашия Slackware.
Стъпка 2:
root@darkstar:~#slapt-get –update
Стъпка 3:
root@darkstar:~#slapt-get –install tor-0.2.0.34-i486-1sl tork-0.31-i486-1as privoxy-3.0.12-i486-1ng
Стъпка 4:
Вече може да ползвате Tor.
Possibly Related Posts:
юни 18, 2009, 2:53 am
Новия ъпдейт включва нова версия на Mozilla Firefox и apr-util. Сменена е версията на aaa-base пакета на 13.0, което ни навежда на мисълта, че Slackware 13.0 ще излезе съвсем скоро.
a/aaa_base-13.0-noarch-1.txz: Rebuilt. Updated slackware-version.
a/e2fsprogs-1.41.6-i486-1.txz: Upgraded.
a/ed-1.3-i486-1.txz: Upgraded.
a/file-5.03-i486-1.txz: Upgraded.
a/findutils-4.4.2-i486-1.txz: Upgraded.
a/jfsutils-1.1.14-i486-1.txz: Upgraded.
a/ntfs-3g-2009.4.4-i486-1.txz: Upgraded.
a/usbutils-0.82-i486-1.txz: Upgraded.
a/xfsprogs-3.0.1-i486-1.txz: Upgraded.
ap/dmapi-2.2.10-i486-1.txz: Upgraded.
ap/man-pages-3.21-noarch-1.txz: Upgraded.
ap/sqlite-3.6.14.2-i486-1.txz: Upgraded.
ap/xfsdump-3.0.1-i486-1.txz: Upgraded.
d/git-1.6.3.2-i486-1.txz: Upgraded.
d/m4-1.4.13-i486-1.txz: Upgraded.
d/subversion-1.6.2-i486-1.txz: Upgraded.
Thanks to Robby Workman and Vincent Batts for work done on enabling the
bindings for Python, perl, and Ruby.
kde/kdelibs-4.2.4-i486-2.txz: Rebuilt. Patched popupapplet.cpp to fix
plasmaboard, a virtual keyboard for plasma.
l/apr-1.3.5-i486-1.txz: Upgraded.
l/apr-util-1.3.7-i486-1.txz: Upgraded.
Fix underflow in apr_strmatch_precompile.
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
(* Security fix *)
l/neon-0.28.4-i486-1.txz: Upgraded.
l/sdl-1.2.13-i486-4.txz: Upgraded. Use SDL_image-1.2.7, and compile SDL
without esd, as linking to esd breaks audio within VirtualBox. Thanks to
Luigi Trovato for the bug report. Also, compile without arts support.
l/seamonkey-solibs-1.1.16-i486-2.txz: Added. This is a subset of the
shared libraries from the seamonkey package used for runtime support of
programs (such as rpm) on machines without X, or applications for X.
n/bluez-utils-3.36-i486-6.txz: Rebuilt. Edited rc.bluetooth to start hidd
before any other bluetooth service. This avoids an address conflict that
can cause devices to fail to reconnect if the connection is lost.
Thanks to Heinz Wiesinger.
n/iptables-1.4.3.2-i486-1.txz: Upgraded.
n/iw-0.9.14-i486-1.txz: Upgraded.
n/lftp-3.7.14-i486-1.txz: Upgraded.
xap/mozilla-firefox-3.0.11-i686-1.txz:
Upgraded to firefox-3.0.11.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)
xap/seamonkey-1.1.16-i486-2.txz: Rebuilt.
xap/xfce4-power-manager-0.6.6-i486-1.txz: Upgraded.
xap/xine-lib-1.1.16.3-i686-6.txz: Rebuilt. Use i686 arch, not i486.
extra/tightvnc/tightvnc-1.3.10-i486-1.txz: Added.
+--------------------------+Possibly Related Posts:
Етикети:
kde,
kde 4.2.4,
linux,
mozilla,
mozilla firefox,
release,
secure,
security fix,
security upgrade,
slackware,
slackware changelog,
slackware kde 4.2.4,
линукс,
нова версия,
сигурност,
ъпгрейд Category:
Changelogs,
Новини |
Коментар март 11, 2009, 2:31 am
Днес от Slackware са ни зарадвали с доста голям ъпгрейд. Промените са направени в -current клона. Първото, което се вижда е, че е ъпгрейднато ядрото до 2.6.28.7, както и KDE 4.2.1, което вече замества KDE 3.5.10. Освен това има ъпгрейди по почти всички категории. Ето извадката от changelog-a :
Mon Mar 9 21:25:51 CDT 2009
Here are a few updates... enjoy.
Thanks to Eric Hameleers, Robby Workman, Piter Punk, and the rest of the crew
for helping with this batch! Also thanks to the KDE team, the Xfce team, and
everyone else upstream.
a/aaa_terminfo-5.7-noarch-1.tgz: Updated with terminfo files from ncurses-5.7.
a/attr-2.4.43_1-i486-1.tgz: Upgraded to attr-2.4.43-1.
a/coreutils-7.1-i486-1.tgz: Upgraded to coreutils-7.1.
a/dialog-1.1_20080819-i486-1.tgz: Upgraded to dialog-1.1-20080819.
a/e2fsprogs-1.41.4-i486-1.tgz: Upgraded to e2fsprogs-1.41.4.
a/ed-1.2-i486-1.tgz: Upgraded to ed-1.2.
a/etc-12.34567890-noarch-1.tgz: Added uid 51 (oprofile), gid 16 (dialout),
gid 51 (oprofile), and gid 86 (netdev).
a/file-5.00-i486-1.tgz: Upgraded to file-5.00.
a/findutils-4.4.0-i486-1.tgz: Upgraded to findutils-4.4.0.
a/glibc-solibs-2.9-i486-1.tgz: Upgraded to glibc-2.9.
a/glibc-zoneinfo-2.9-noarch-1.tgz Upgraded to tz{code,data}2009b.
a/grep-2.5.4-i486-1.tgz: Upgraded to grep-2.5.4.
a/kernel-firmware-2.6.28.7-noarch-1.tgz: Upgraded to Linux 2.6.28.7 firmware.
a/kernel-generic-2.6.28.7-i486-1.tgz: Upgraded to Linux 2.6.28.7.
a/kernel-generic-smp-2.6.28.7_smp-i686-1.tgz: Upgraded to Linux 2.6.28.7.
a/kernel-huge-2.6.28.7-i486-1.tgz: Upgraded to Linux 2.6.28.7.
a/kernel-huge-smp-2.6.28.7_smp-i686-1.tgz: Upgraded to Linux 2.6.28.7.
a/kernel-modules-2.6.28.7-i486-1.tgz: Upgraded to Linux 2.6.28.7.
a/kernel-modules-smp-2.6.28.7_smp-i686-1.tgz: Upgraded to Linux 2.6.28.7.
a/module-init-tools-3.6-i486-1.tgz: Upgraded to module-init-tools-3.6.
a/ntfs-3g-2009.2.1-i486-1.tgz: Upgraded to ntfs-3g-2009.2.1.
a/reiserfsprogs-3.6.21-i486-1.tgz: Upgraded to reiserfsprogs-3.6.21.
a/tar-1.22-i486-1.tgz: Upgraded to tar-1.22.
a/util-linux-ng-2.14.2-i486-1.tgz: Upgraded to util-linux-ng-2.14.2.
a/which-2.20-i486-1.tgz: Upgraded to which-2.20.
a/xfsprogs-3.0.0-i486-1.tgz: Upgraded to xfsprogs-3.0.0.
ap/a2ps-4.14-i486-1.tgz: Upgraded to a2ps-4.14.
ap/alsa-utils-1.0.18-i486-1.tgz: Upgraded to alsa-utils-1.0.18.
ap/cupsddk-1.2.3-i486-1.tgz: Added cupsddk-1.2.3.
ap/dmapi-2.2.9-i486-1.tgz: Upgraded to dmapi-2.2.9.
ap/foomatic-filters-4.0.0-i486-1.tgz: Upgraded to foomatic-filters-4.0.0.
ap/groff-1.20.1-i486-1.tgz: Upgraded to groff-1.20.1.
ap/gutenprint-5.2.3-i486-1.tgz: Upgraded to gutenprint-5.2.3.
ap/hplip-3.9.2-i486-1.tgz: Upgraded to hplip-3.9.2.
ap/jove-4.16.0.70-i486-1.tgz: Upgraded to jove-4.16.0.70.
ap/lsscsi-0.22-i486-1.tgz: Upgraded to lsscsi-0.22.
ap/man-pages-3.19-noarch-1.tgz: Upgraded to man-pages-3.19.
ap/mc-4.6.2-i486-1.tgz: Upgraded to mc-4.6.2.
ap/pm-utils-1.2.4-i486-1.tgz: Upgraded to pm-utils-1.2.4.
ap/sox-14.2.0-i486-1.tgz: Upgraded to sox-14.2.0.
ap/xfsdump-3.0.0-i486-1.tgz: Upgraded to xfsdump-3.0.0.
d/bison-2.4.1-i486-1.tgz: Upgraded to bison-2.4.1.
d/clisp-2.47-i486-1.tgz: Upgraded to clisp-2.47.
d/doxygen-1.5.8-i486-1.tgz: Upgraded to doxygen-1.5.8.
d/gcc-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/gcc-g++-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/gcc-gfortran-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/gcc-gnat-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/gcc-java-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/gcc-objc-4.3.3-i486-1.tgz: Upgraded to gcc-4.3.3.
d/guile-1.8.6-i486-1.tgz: Upgraded to guile-1.8.6.
d/indent-2.2.10-i486-1.tgz: Upgraded to indent-2.2.10.
d/kernel-headers-2.6.28.7_smp-x86-1.tgz: Upgraded to Linux 2.6.28.7.
d/mercurial-1.1.2-i486-1.tgz: Upgraded to mercurial-1.1.2.
d/oprofile-0.9.4-i486-1.tgz: Upgraded to oprofile-0.9.4.
d/swig-1.3.38-i486-1.tgz: Added swig-1.3.38.
k/kernel-source-2.6.28.7_smp-noarch-1.tgz: Upgraded to Linux 2.6.28.7.
kde/amarok-2.0.2-i486-1.tgz: Upgraded to amarok-2.0.2.
kde/guidance-power-manager-4.2.0-i486-1.tgz:
Added guidance-power-manager-4.2.0.
kde/kaudiocreator-r888119-i486-1.tgz: Added kaudiocreator-r888119.
kde/kdeaccessibility-4.2.1-i486-1.tgz: Upgraded to kdeaccessibility-4.2.1.
kde/kdeadmin-4.2.1-i486-1.tgz: Upgraded to kdeadmin-4.2.1.
kde/kdeartwork-4.2.1-i486-1.tgz: Upgraded to kdeartwork-4.2.1.
kde/kdebase-4.2.1-i486-1.tgz: Upgraded to kdebase-4.2.1.
kde/kdebase-runtime-4.2.1-i486-1.tgz: Added kdebase-runtime-4.2.1.
kde/kdebase-workspace-4.2.1-i486-1.tgz: Added kdebase-workspace-4.2.1.
kde/kdebindings-4.2.1-i486-1.tgz: Upgraded to kdebindings-4.2.1.
kde/kdeedu-4.2.1-i486-1.tgz: Upgraded to kdeedu-4.2.1.
kde/kdegames-4.2.1-i486-1.tgz: Upgraded to kdegames-4.2.1.
kde/kdegraphics-4.2.1-i486-1.tgz: Upgraded to kdegraphics-4.2.1.
kde/kdelibs-4.2.1-i486-1.tgz: Upgraded to kdelibs-4.2.1.
kde/kdemultimedia-4.2.1-i486-1.tgz: Upgraded to kdemultimedia-4.2.1.
kde/kdenetwork-4.2.1-i486-1.tgz: Upgraded to kdenetwork-4.2.1.
kde/kdepim-4.2.1-i486-1.tgz: Upgraded to kdepim-4.2.1.
kde/kdepimlibs-4.2.1-i486-1.tgz: Added kdepimlibs-4.2.1.
kde/kdeplasma-addons-4.2.1-i486-1.tgz: Added kdeplasma-addons-4.2.1.
kde/kdesdk-4.2.1-i486-1.tgz: Upgraded to kdesdk-4.2.1.
kde/kdetoys-4.2.1-i486-1.tgz: Upgraded to kdetoys-4.2.1.
kde/kdeutils-4.2.1-i486-1.tgz: Upgraded to kdeutils-4.2.1.
kde/kdewebdev-4.2.1-i486-1.tgz: Upgraded to kdewebdev-4.2.1.
kde/koffice-1.9.98.7-i486-1.tgz: Upgraded to koffice-1.9.98.7.
kde/konq-plugins-4.2.0-i486-1.tgz: Added konq-plugins-4.2.0.
kde/ktorrent-3.2-i486-1.tgz: Added ktorrent-3.2.
kde/skanlite-0.2_kde4.2.0-i486-1.tgz: Added skanlite-0.2_kde4.2.0.
kdei/kde-l10n-*-4.2.1-noarch-1.tgz: Upgraded to KDE 4.2.1 l10n packages.
kdei/koffice-l10n-*-1.9.98.7-noarch-1.tgz:
Upgraded to KOffice 1.9.98.7 l10n packages.
l/PyQt-4.4.4-i486-1.tgz: Added PyQt-4.4.4.
l/QScintilla-2.3-i486-1.tgz: Added QScintilla-2.3.
l/akonadi-1.1.1-i486-1.tgz: Added akonadi-1.1.1.
l/alsa-lib-1.0.18-i486-1.tgz: Upgraded to alsa-lib-1.0.18.
l/arts-1.5.10-i486-2.tgz: Removed.
l/atk-1.24.0-i486-1.tgz: Upgraded to atk-1.24.0.
l/automoc4-0.9.88-i486-1.tgz: Added automoc4-0.9.88.
l/babl-0.0.22-i486-1.tgz: Added babl-0.0.22.
l/boost-1.36.0-i486-1.tgz: Added boost-1.36.0.
l/cairo-1.8.6-i486-1.tgz: Upgraded to cairo-1.8.6.
l/chmlib-0.39-i486-1.tgz: Added chmlib-0.39.
l/clucene-0.9.21b-i486-1.tgz: Added clucene-0.9.21b.
l/dbus-1.2.12-i486-1.tgz: Upgraded to dbus-1.2.12.
l/dbus-glib-0.80-i486-1.tgz: Upgraded to dbus-glib-0.80.
l/djvulibre-3.5.21-i486-1.tgz: Added djvulibre-3.5.21.
l/eigen-1.0.5-i486-1.tgz: Added eigen-1.0.5.
l/eigen2-r922425-i486-1.tgz: Added eigen2-r922425.
l/exiv2-0.17.1-i486-1.tgz: Added exiv2-0.17.1.
l/freetype-2.3.8-i486-1.tgz: Upgraded to freetype-2.3.8.
l/gamin-0.1.10-i486-1.tgz: Upgraded to gamin-0.1.10.
l/gegl-0.0.20-i486-1.tgz: Added gegl-0.0.20.
l/glib2-2.18.3-i486-1.tgz: Upgraded to glib-2.18.3.
l/glibc-2.9-i486-1.tgz Upgraded to glibc-2.9.
l/glibc-i18n-2.9-i486-1.tgz Upgraded to glibc-2.9.
l/glibc-profile-2.9-i486-1.tgz Upgraded to glibc-2.9.
l/gmm-3.1-noarch-1.tgz: Added gmm-3.1.
l/gnome-icon-theme-2.24.0-noarch-1.tgz: Upgraded to gnome-icon-theme-2.24.0.
l/gtk+2-2.14.7-i486-1.tgz: Upgraded to gtk+-2.14.7.
l/gmp-4.2.4-i486-1.tgz: Upgraded to gmp-4.2.4.
l/hal-info-20090309-noarch-1.tgz: Upgraded to hal-info-20090309.
l/icon-naming-utils-0.8.90-noarch-1.tgz: Upgraded to icon-naming-utils-0.8.90.
l/ilmbase-1.0.1-i486-1.tgz: Added ilmbase-1.0.1.
l/iso-codes-3.5-noarch-1.tgz: Added iso-codes-3.5.
l/libarchive-2.6.2-i486-1.tgz: Added libarchive-2.6.2.
l/libcaca-0.99.beta16-i486-1.tgz: Upgraded to libcaca-0.99.beta16.
l/libdvdread-4.1.3-i486-1.tgz: Added libdvdread-4.1.3.
l/libical-0.42-i486-1.tgz: Added libical-0.42.
l/libmcs-0.7.1-i486-1.tgz: Upgraded to libmcs-0.7.1.
l/libmsn-r93-i486-1.tgz: Added libmsn-r93.
l/libspectre-0.2.1-i486-1.tgz: Added libspectre-0.2.1.
l/libvncserver-0.9.1-i486-1.tgz: Added libvncserver-0.9.1.
l/libxklavier-3.8-i486-1.tgz: Added libxklavier-3.8.
l/libzip-0.9-i486-1.tgz: Added libzip-0.9.
l/ncurses-5.7-i486-1.tgz: Upgraded to ncurses-5.7.
l/openexr-1.6.1-i486-1.tgz: Added openexr-1.6.1.
l/pango-1.22.4-i486-1.tgz: Upgraded to pango-1.22.4.
l/phonon-4.3.1-i486-1.tgz: Added phonon-4.3.1.
l/poppler-0.10.4-i486-1.tgz: Upgraded to poppler-0.10.4.
l/poppler-data-0.2.1-noarch-1.tgz: Upgraded to poppler-data-0.2.1.
l/pycairo-1.8.2-i486-1.tgz: Upgraded to pycairo-1.8.2.
l/pycups-1.9.42-i486-1.tgz: Added pycups-1.9.42.
l/pygobject-2.16.0-i486-1.tgz: Upgraded to pygobject-2.16.0.
l/pygtk-2.14.0-i486-1.tgz: Upgraded to pygtk-2.14.0.
l/pyrex-0.9.8.5-i486-1.tgz: Upgraded to pyrex-0.9.8.5.
l/qca-2.0.1-i486-1.tgz: Upgraded to qca-2.0.1.
l/qca-cyrus-sasl-2.0.0_beta3-i486-1.tgz: Added qca-cyrus-sasl-2.0.0_beta3.
l/qca-gnupg-2.0.0_beta3-i486-1.tgz: Added qca-gnupg-2.0.0_beta3.
l/qca-ossl-2.0.0_beta3-i486-1.tgz: Added qca-ossl-2.0.0_beta3.
l/qca-tls-1.0-i486-6.tgz: Removed.
l/qimageblitz-r900905-i486-1.tgz: Added qimageblitz-r900905.
l/qt-r931082-i486-1.tgz: Upgraded to qt-copy r931082.
l/raptor-1.4.18-i486-1.tgz: Added raptor-1.4.18.
l/rasqal-0.9.16-i486-1.tgz: Added rasqal-0.9.16.
l/readline-5.2-i486-4.tgz: Recompiled with official patch readline52-013.
l/redland-1.0.8-i486-1.tgz: Added redland-1.0.8.
l/shared-mime-info-0.60-i486-1.tgz: Upgraded to shared-mime-info-0.60.
l/sip-4.7.9-i486-1.tgz: Added sip-4.7.9.
l/soprano-2.2.2-i486-1.tgz: Added soprano-2.2.2.
l/strigi-0.6.3-i486-1.tgz: Added strigi-0.6.3.
l/svgalib-1.9.25-i486-2.tgz: Patched for recent kernel headers and configured
to no longer use the helper kernel module.
l/svgalib_helper-1.9.25_2.6.27.7-i486-2.tgz: Removed, as the helper module
does not work with recent kernels.
l/tango-icon-theme-0.8.90-noarch-1.tgz: Upgraded to tango-icon-theme-0.8.90.
l/vte-0.19.4-i486-1.tgz: Upgraded to vte-0.19.4.
n/curl-7.19.4-i486-1.tgz: Upgraded to curl-7.19.4.
This fixes a security issue where automatic redirection could be made to
follow file:// URLs, reading or writing a local instead of remote file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
(* Security fix *)
n/dhcpcd-3.2.3-i486-1.tgz: Upgraded to dhcpcd-3.2.3.
n/dirmngr-1.0.2-i486-1.tgz: Upgraded to dirmngr-1.0.2.
n/gnupg2-2.0.11-i486-1.tgz: Upgraded to gnupg-2.0.11.
n/gnutls-2.6.3-i486-1.tgz: Upgraded to gnutls-2.6.3.
n/gpgme-1.1.8-i486-1.tgz: Upgraded to gpgme-1.1.8.
n/libgcrypt-1.4.3-i486-1.tgz: Upgraded to libgcrypt-1.4.3.
n/libgpg-error-1.7-i486-1.tgz: Upgraded to libgpg-error-1.7.
n/libksba-1.0.5-i486-1.tgz: Upgraded to libksba-1.0.5.
n/netwatch-1.3.0-i486-1.tgz: Upgraded to netwatch-1.3.0.
n/rsync-3.0.5-i486-1.tgz: Upgraded to rsync-3.0.5.
x/compiz-0.7.8-i486-2.tgz: Patched for Qt4/KDE4 and rebuilt.
x/scim-1.4.7-i486-8.tgz: Edited profile scripts to use the Qt4
scim-bridge immodule with Qt4/KDE4.
x/scim-bridge-0.4.14-i486-4.tgz: Rebuilt with qt4 immodule enabled.
x/x11-skel-7.1-noarch-7.tgz: Adjusted xwmconfig menu dimensions.
x/xterm-241-i486-1.tgz: Upgraded to xterm-241.
This fixes a vulnerability where displaying a file containing
DECRQSS (Device Control Request Status String) sequences could
cause arbitrary commands to be executed as the user running xterm.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383
(* Security fix *)
xap/gimp-2.6.5-i486-1.tgz: Upgraded to gimp-2.6.5.
xap/mozilla-firefox-3.0.7-i686-1.tgz:
Upgraded to firefox-3.0.7.
This fixes some security issues:
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)
xap/thunar-volman-0.3.80-i486-1.tgz: Added thunar-volman-0.3.80.
xap/xfce-4.6.0-i486-1.tgz: Upgraded to xfce-4.6.0.
xap/xfce4-power-manager-0.6.4-i486-1.tgz: Added xfce4-power-manager-0.6.4.
xap/xine-lib-1.1.16.2-i686-1.tgz: Upgraded to xine-lib-1.1.16.2.
extra/kde3-compat/arts-1.5.10-i486-opt1.tgz: Added arts-1.5.10.
extra/kde3-compat/kdelibs3-3.5.10-i486-opt1.tgz: Added kdelibs3-3.5.10.
extra/kde3-compat/qca-tls1-1.0-i486-opt1.tgz: Added qca-tls1-1.0.
extra/kde3-compat/qca1-1.0-i486-opt1.tgz: Added qca1-1.0.
extra/kde3-compat/qt3-3.3.8b-i486-opt1.tgz: Added qt3-3.3.8b.
extra/linux-2.6.28.7-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
testing/packages/bash-4.0.0-i486-1.tgz: Upgraded to bash-4.0.Possibly Related Posts:
Етикети:
gcc,
kde,
kde 4.2.1,
kernel,
kernel 2.6.28.7,
security fix,
security upgrade,
slackware,
slackware changelog,
slackware kde 4.2.1,
линукс,
нова версия,
сигурност,
ъпгрейд Category:
Changelogs,
Новини |
Коментар февруари 7, 2009, 4:14 pm
Ъпгрейднати са ghostscript и mozilla-firefox до версии съответно 8.64 и 3.0.6. С ъпгрейда към Firefox 3.0.6 се коригират някой дупки в сигурността. Повече информация за тях можете да намерите тук.
Possibly Related Posts:
Етикети:
firefox,
firefox 3.0.6,
ghostscript,
ghostscript 5.64,
mozilla,
mozilla firefox,
security fix,
security upgrade,
upgrade,
сигурност,
ъпгрейд Category:
Промени,
Сигурност |
Коментар февруари 7, 2009, 4:10 pm
Ъпдеитнати са xdg-utils. Ето извадка от Changelog-a :
This update fixes two security issues. First, use of xdg-open in
/etc/mailcap was found to be unsafe -- xdg-open passes along downloaded files
without indicating what mime type they initially presented themselves as,
leaving programs further down the processing chain to discover the file type
again. This makes it rather trivial to present a script (such as a .desktop
file) as a document type (like a PDF) so that it looks safe to click on in a
browser, but will result in the execution of an arbitrary script. It might
be safe to send files to trusted applications in /etc/mailcap, but it does
not seem to be safe to send files to xdg-open in /etc/mailcap.
This package will comment out calls to xdg-open in /etc/mailcap if they are
determined to have been added by a previous version of this package.
If you've made any local customizations to /etc/mailcap, be sure to check
that there are no uncommented calls to xdg-open after installing this update.
Thanks to Manuel Reimer for discovering this issue.
Another bug in xdg-open fails to sanitize input properly allowing the
execution of arbitrary commands. This was fixed in the xdg-utils repository
quite some time ago (prior to the inclusion of xdg-utils in Slackware), but
was never fixed in the official release of xdg-utils. The sources for
xdg-utils in Slackware have now been updated from the repo to fix the problem.
За повече информация по темата може да намерите тук и тук.
Possibly Related Posts:
