Security Update : PHP, OpenSSH, Samba

Slackware security team has released three packages containing security updates: PHP, OpenSSH, and Samba. Here's the latest changelog on -Stable tree:
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack12.0.tgz:
Upgraded to openssh-4.7p1.
From the OpenSSH release notes:
"Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec."
While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry.
More information should appear here eventually:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
(* Security fix *)

patches/packages/php-5.2.4-i486-1_slack12.0.tgz:
Upgraded to php-5.2.4. The PHP announcement says this version fixes over 120 bugs as well as "several low priority security bugs."
Read more about it here:
http://www.php.net/releases/5_2_4.php
(* Security fix *)

patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz:
Upgraded to samba-3.0.26a.
This fixes a security issue in all Samba 3.0.25 versions:
"Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin."
For more information, see:
http://www.samba.org/samba/security/CVE-2007-4138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
(* Security fix *)

Popular posts from this blog

NVidia Legacy Unix Driver Update

Python 3.6.0 in SBo 14.2 repository

Security Update: Thunderbird, Seamonkey, libpng, python, samba