Sunday, March 2, 2008

Security Fix: Thunderbird

Slackware Security team has managed to update Thunderbird to 2.0.0.12 to sync with the latest version that comes up from Mozilla which is considered a security fix. Along with this updates, Slackware-Current also comes up with one update, Python, and several bug fixes, like in kdegraphics, lilo, and lm_sensors. Here's the latest -Current changelog:
Sat Mar 1 16:21:49 CST 2008
d/python-2.5.2-i486-1.tgz: Upgraded to Python-2.5.2.

kde/kdegraphics-3.5.9-i486-3.tgz: Patched with a fix for kdvi.

xap/mozilla-thunderbird-2.0.0.12-i686-1.tgz:
Upgraded to thunderbird-2.0.0.12.
This update fixes the following security related issues:
MFSA 2008-12: Heap buffer overflow in external MIME bodies
MFSA 2008-05: Directory traversal via chrome: URI
MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12)
For more information, see:
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
These are the related CVE entries:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
(* Security fix *)

Sat Mar 1 12:59:58 CST 2008
a/lilo-22.8-i486-8.tgz: Fixed a bug using append= in the expert menu.
Thanks to Eric Hameleers for pointing it out.

ap/lm_sensors-2.10.5-i486-2.tgz: Fixed incorrect install path.