Saturday, August 11, 2007

Security Patches Coming In

Slackware security team has released several packages that is related to security problems. If you have subscribe to the mailing list, you will get the announcements, but here are the list for the -Stable changelog:

Fri Aug 10 22:39:13 CDT 2007
patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz:
Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding certain image types.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
(* Security fix *)

patches/packages/poppler-0.5.4-i486-2_slack12.0.tgz:
Patched to fix an integer overflow in code borrowed from xpdf.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)

patches/packages/qt-3.3.8-i486-5_slack12.0.tgz:
Patched to fix several format string bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
(* Security fix *)

patches/packages/seamonkey-1.1.4-i486-1_slack12.tgz:
Upgraded to seamonkey-1.1.4.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)

patches/packages/xpdf-3.02pl1-i486-1_slack12.0.tgz:
Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly be leveraged to run arbitrary code if a malicious PDF file is processed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)