Saturday, December 2, 2006

Prices For December

Patrick Volkerding has released three security updates for Slackware 11.0 and previous version (supported version are up to 8.1) in the first day of December and it includes libpng, tar, and proftpd. Here's the latest changelog for -stable tree:
Fri Dec 1 15:03:20 CST 2006
Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG could crash applications that use libpng.
more information, see:
(* Security fix *)

Upgraded to proftpd-1.3.0a plus an additional security patch. Several security issues were found in proftpd that could lead to the execution of arbitrary code by a remote attacker, including one in mod_tls that does not require the attacker to be authenticated first.
For more information, see:
(* Security fix *)

Upgraded to tar-1.16.
This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system).
For more information, see:
(* Security fix *)