Sunday, November 16, 2008

Security Updates: Firefox, Seamonkey, and Net-SNMP

Three security packages has been released along with new kernel on the -Current tree. The kernel uses the latest -Stable kernel available from main Kernel site. Some packages were also recompiled to some changes today and few days ago. So here goes the -Current changelog entry:
Sat Nov 15 18:33:27 CST 2008
a/glibc-solibs-2.7-i486-16.tgz: Recompiled against Linux 2.6.27.6.

a/glibc-zoneinfo-2.7-noarch-16.tgz: Rebuilt.

a/kernel-firmware-2.6.27.6-i486-1.tgz: Upgraded to Linux 2.6.27.6 firmware.

a/kernel-generic-2.6.27.6-i486-1.tgz: Upgraded to Linux 2.6.27.6.

a/kernel-generic-smp-2.6.27.6_smp-i686-1.tgz: Upgraded to Linux 2.6.27.6.

a/kernel-huge-2.6.27.6-i486-1.tgz: Upgraded to Linux 2.6.27.6.

a/kernel-huge-smp-2.6.27.6_smp-i686-1.tgz: Upgraded to Linux 2.6.27.6.

a/kernel-modules-2.6.27.6-i486-1.tgz: Upgraded to Linux 2.6.27.6.

a/kernel-modules-smp-2.6.27.6_smp-i686-1.tgz: Upgraded to Linux 2.6.27.6.

d/kernel-headers-2.6.27.6_smp-x86-1.tgz: Upgraded to Linux 2.6.27.6 headers.

k/kernel-source-2.6.27.6_smp-noarch-1.tgz: Upgraded to Linux 2.6.27.6.

l/glibc-2.7-i486-16.tgz: Recompiled against Linux 2.6.27.6.

l/glibc-i18n-2.7-noarch-16.tgz: Rebuilt.

l/glibc-profile-2.7-i486-16.tgz: Recompiled against Linux 2.6.27.6.

l/svgalib_helper-1.9.25_2.6.27.6-i486-1.tgz: Recompiled for Linux 2.6.27.6.

n/gnutls-2.6.2-i486-1.tgz: Upgraded to gnutls-2.6.2. The security fix in gnutls-2.6.1 had a flaw in cases where the certificate chain contained only one self-signed certificate. This update fixes the issue.

n/net-snmp-5.4.2.1-i486-1.tgz: Upgraded to net-snmp-5.4.2.1.
This fixes a problem where a user with read access could cause snmpd to crash, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
(* Security fix *)

n/proftpd-1.3.1-i486-3.tgz: Recompiled. This seems to be picky about having an exact version of OpenSSL. Thanks to Adam Kennedy for the bug report.

xap/mozilla-firefox-3.0.4-i686-1.tgz:
Upgraded to firefox-3.0.4.
This fixes some security issues:
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)

xap/seamonkey-1.1.13-i486-1.tgz:
Upgraded to seamonkey-1.1.13.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)

extra/linux-2.6.27.6-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.

isolinux/initrd.img: Rebuilt with newly compiled kernel modules.

usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules.