Skip to main content

Security Updates: xine-lib, firefox, seamonkey

Along with the next batch updates that was released today, Slackware Security Team also released advisories about xine-lib, firefox, and seamonkey. Today's updates includes a new kernel (2.6.24.4) and also some packages recompilation due to new kernel version. Here's the latest -Current changelog, which probably a slightly different from the advisories, since it only list the packages for -Current tree:
Sat Mar 29 18:07:00 CDT 2008
a/glibc-solibs-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers.

a/glibc-zoneinfo-2.7-noarch-8.tgz: Upgraded to tzdata2008b.

l/glibc-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers.
Upgraded to tzdata2008b.

l/glibc-i18n-2.7-noarch-8.tgz: Rebuilt.

l/glibc-profile-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers.

a/lilo-22.8-i486-11.tgz: Fixed reversed vt.default_utf8 kernel parameter (0 <-> 1) in /etc/lilo.conf. Thanks to Eric Hameleers for noticing the bug.

Fri Mar 28 23:35:22 CDT 2008
a/aaa_base-12.1.0-noarch-1.tgz: Added an empty /usr/share/wallpapers as this seems to be a de-facto standard directory and (for example) XFce will give an error if it is missing and one tries to change the desktop image.
Thanks to Chess Griffin for reporting this.
Bumped version number of package, and of /etc/slackware-version.

a/etc-12.1-noarch-3.tgz: Installed root into the audio, cdrom, video, plugdev, and floppy groups _correctly_. This was noticed by a lot of people -- sorry for the bogus entries in there before. I don't know how I managed that. (easily ;-)

a/lilo-22.8-i486-10.tgz: Fixed liloconfig to at least create an empty message file in /boot if none exists.

a/sysvinit-scripts-1.2-noarch-19.tgz: Keep any icon-theme.cache files updated.

a/kernel-generic-2.6.24.4-i486-1.tgz: Upgraded to Linux 2.6.24.4 uniprocessor generic.s (requires initrd) kernel.

a/kernel-generic-smp-2.6.24.4_smp-i686-1.tgz: Upgraded to Linux 2.6.24.4 SMP gensmp.s (requires initrd) kernel.

a/kernel-huge-2.6.24.4-i486-1.tgz: Upgraded to Linux 2.6.24.4 uniprocessor huge.s (full-featured) kernel.

a/kernel-huge-smp-2.6.24.4_smp-i686-1.tgz: Upgraded to Linux 2.6.24.4 SMP hugesmp.s (full-featured) kernel.

a/kernel-modules-2.6.24.4-i486-1.tgz: Upgraded to Linux 2.6.24.4 uniprocessor kernel modules.

a/kernel-modules-smp-2.6.24.4_smp-i686-1.tgz: Upgraded to Linux 2.6.24.4 SMP kernel modules.

ap/vim-7.1.285-i486-1.tgz: Upgraded to vim-7.1.285.

d/kernel-headers-2.6.24.4_smp-x86-1.tgz: Upgraded to Linux 2.6.24.4 SMP kernel headers.

k/kernel-source-2.6.24.4_smp-noarch-1.tgz: Upgraded to Linux 2.6.24.4 SMP kernel source.

l/svgalib_helper-1.9.25_2.6.24.4-i486-1.tgz: Recompiled for Linux 2.6.24.4.

n/gnupg-1.4.9-i486-1.tgz: Upgraded to gnupg-1.4.9.

n/gnupg2-2.0.9-i486-1.tgz: Upgraded to gnupg-2.0.9.

n/nmap-4.60-i486-2.tgz: Recompiled. Some files were missing due to an incompletely removed previous compile. Thanks again to Mauro Ghisoni.
It may also be necessary to reinstall python after upgrading from -1.

tcl/tcl-8.4.18-i486-1.tgz: Upgraded to tcl8.4.18.

tcl/tk-8.4.18-i486-1.tgz: Upgraded to tk8.4.18.

x/liberation-fonts-ttf-1.0-noarch-1.tgz: Upgraded to Liberation Fonts 1.0.
Thanks to Eric Hameleers for making a fontconfig file and updating the build script.

x/pixman-0.10.0-i486-1.tgz: Upgraded to pixman-0.10.0.

xap/mozilla-firefox-2.0.0.13-i686-1.tgz: Upgraded to firefox-2.0.0.13.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)

xap/seamonkey-1.1.9-i486-1.tgz: Upgraded to seamonkey-1.1.9.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)

xap/xine-lib-1.1.11-i686-1.tgz: Earlier versions of xine-lib suffer from an array index bug that may have security implications if a malicious RTSP stream is played. Playback of other media formats is not affected.
If you use RTSP, you should probably upgrade xine-lib.
For more information on the security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
(* Security fix *)

xap/vim-gvim-7.1.285-i486-1.tgz: Upgraded to vim-7.1.285. This is the GTK+ version of vim (gvim). The normal vim package is also required.

extra/grub/grub-0.97-i486-6.tgz: Restored the inode patch for ext2/3.
It looks like it was needed after all.

extra/linux-2.6.24.3-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.

isolinux/initrd.img: Fixed huge.s kernel installation bug.

kernels/huge.s/*: Upgraded huge.s kernel to 2.6.24.4.

kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.24.4 (SMP).

kernels/speakup.s/*: Upgraded speakup.s kernel to 2.6.24.4.

pasture/gcc-3.4.6/: Removed, since this has gone unchanged since Slackware 12.0. I'm not sure if the one in 12.0's pasture still works, but if it does, and you need it for something, that's where to find it.

usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.24.4 modules.

Popular posts from this blog

Running Rsync Via Proxy

One way to get the latest Slackware updates is by running rsync to syncronize your local repository and the main repository that hold the Slackware packages. Eric Hameleers has provided a great script called rsync_current.sh and how i modified this tool has been discussed on my previous post. In general, it works, except for one problem, when your computer is connecting to the Internet through a proxy.

My workstation at my office is connected to the Internet through a proxy, so i can't use normal rsync to work normally. I browsed the web and i found this site which tells us about how we should modify our squid configuration to allow rsync connection from any computer from our local networks. I asked my sysadmin to try this script. He agreed and he updated the squid configuration on the proxy.

Next, i need to update my environment variable RSYNC_PROXY to the host of the proxy and also the port. Let's say you are running a proxy on 192.168.1.1 and port 8080, then you need to run …

NVidia Legacy Unix Driver Update

NVidia has released an updated legacy drivers to support X.Org 1.19 with ABI 23. It has been mentioned in the UNIX drivers, but you can directly find the drivers from the links below:
NVidia 304.134 (x86x86_64)NVidia 340.101 (x86, x86_64) I have tested the 304.134 driver and it's working great here. I can finally remove x from my /etc/slackpkg/blacklist file since it's a showstopper for me.
Aside from legacy driver, NVidia has also released their latest driver 375.26 (x86, x86_64), which brings support for newer cards and also many new features (including X.Org 1.19 with ABI 23 support). 

Security Update: firefox, irssi, pidgin

Three security updates were released for today:
firefox: Upgraded to 45.4.0esr for 14.1 and 14.2 and 49.0 for currentirssi: Upgraded to 0.8.20pidgin: Upgraded to 2.10.11, 2.10.12, and 2.11.0 for all stable Slackware releases depending on their support Some minor update in current:
mkinitrd: Add dmsetup supportemacs: Upgraded to 25.1qt: Fix multilib issue network-scripts: Fix minor issue