Slackers (Slackware current journal) - Slackware – GNU/Linux per SubGeni e Fannulloni

l/seamonkey-solibs-2.8-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)
n/mtr-0.82-i486-1.txz: Upgraded.
xap/mozilla-firefox-11.0-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)
xap/mozilla-thunderbird-11.0-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)
xap/seamonkey-2.8-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)
y/bsd-games-2.13-i486-12.txz: Rebuilt. (typo fix)

a/kernel-generic-3.2.7-i486-1.txz: Upgraded.
a/kernel-generic-smp-3.2.7_smp-i686-1.txz: Upgraded.
a/kernel-huge-3.2.7-i486-1.txz: Upgraded.
a/kernel-huge-smp-3.2.7_smp-i686-1.txz: Upgraded.
a/kernel-modules-3.2.7-i486-1.txz: Upgraded.
a/kernel-modules-smp-3.2.7_smp-i686-1.txz: Upgraded.
d/kernel-headers-3.2.7_smp-x86-1.txz: Upgraded.
k/kernel-source-3.2.7_smp-noarch-1.txz: Upgraded.
extra/linux-3.2.7-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.

testing/packages/mozilla-firefox-11.0b4-i486-1.txz: Upgraded.
testing/packages/mozilla-thunderbird-11.0b3-i486-1.txz: Upgraded.
testing/packages/seamonkey-2.8b4-i486-1.txz: Upgraded.
testing/packages/seamonkey-solibs-2.8b4-i486-1.txz: Upgraded.

l/libpng-1.4.9-i486-1.txz: Upgraded.
All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
respectively, fail to correctly validate a heap allocation in
png_decompress_chunk(), which can lead to a buffer-overrun and the
possibility of execution of hostile code on 32-bit systems.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026

(* Security fix *)
l/seamonkey-solibs-2.7.2-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)
xap/mozilla-firefox-10.0.2-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)
xap/mozilla-thunderbird-10.0.2-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)
xap/seamonkey-2.7.2-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)

xap/mozilla-thunderbird-10.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)

testing/packages/mozilla-thunderbird-11.0b1-i486-1.txz: Added.
testing/packages/seamonkey-2.8b2-i486-1.txz: Added.
testing/packages/seamonkey-solibs-2.8b2-i486-1.txz: Added.

l/seamonkey-solibs-2.7.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)
xap/mozilla-firefox-10.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)
xap/seamonkey-2.7.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html

(* Security fix *)
testing/packages/mozilla-firefox-11.0b2-i486-1.txz: Upgraded.

a/glibc-solibs-2.14.1-i486-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029

(* Security fix *)
a/glibc-zoneinfo-2011i_2011n-noarch-4.txz: Rebuilt.
ap/alsa-utils-1.0.25-i486-1.txz: Upgraded.
ap/hplip-3.11.12-i486-1.txz: Upgraded.
ap/sqlite-3.7.10-i486-1.txz: Upgraded.
l/alsa-lib-1.0.25-i486-1.txz: Upgraded.
l/alsa-oss-1.0.25-i486-1.txz: Upgraded.
l/apr-util-1.4.1-i486-1.txz: Upgraded.
l/glibc-2.14.1-i486-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029

(* Security fix *)
l/glibc-i18n-2.14.1-i486-4.txz: Rebuilt.
l/glibc-profile-2.14.1-i486-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029

(* Security fix *)
n/httpd-2.2.22-i486-1.txz: Upgraded.
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
*) SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the ‘%{cookiename}C’ log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. PR 52256.
[Rainer Canavan ]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose “httpOnly” cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

(* Security fix *)
n/php-5.3.10-i486-1.txz: Upgraded.
Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

(* Security fix *)
n/proftpd-1.3.4a-i486-1.txz: Upgraded.
This update fixes a use-after-free() memory corruption error,
and possibly other unspecified issues.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130

(* Security fix *)
n/vsftpd-2.3.5-i486-1.txz: Upgraded.
Minor version bump, this also works around a hard to trigger heap overflow
in glibc (glibc zoneinfo caching vuln). For there to be any possibility
to trigger the glibc bug within vsftpd, the non-default option
“chroot_local_user” must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug
Nevertheless:
(* Security fix *)

It is cloudy and foggy here today — I did not see my shadow, and
will not be crawling back into my hole for 6 weeks.
testing/packages/mozilla-firefox-11.0b1-i486-1.txz: Added.

a/kernel-firmware-20120202git-noarch-1.txz: Upgraded.
There were some reports of a failing checksum on the .asc (which
did verify, so the package was good). So, we’ll replace it with
a new build to make sure that it syncs out.