Sunday, November 16, 2008

Security Updates: Firefox, Seamonkey, and Net-SNMP

Three security packages has been released along with new kernel on the -Current tree. The kernel uses the latest -Stable kernel available from main Kernel site. Some packages were also recompiled to some changes today and few days ago. So here goes the -Current changelog entry:
Sat Nov 15 18:33:27 CST 2008
a/glibc-solibs-2.7-i486-16.tgz: Recompiled against Linux

a/glibc-zoneinfo-2.7-noarch-16.tgz: Rebuilt.

a/kernel-firmware- Upgraded to Linux firmware.

a/kernel-generic- Upgraded to Linux

a/kernel-generic-smp- Upgraded to Linux

a/kernel-huge- Upgraded to Linux

a/kernel-huge-smp- Upgraded to Linux

a/kernel-modules- Upgraded to Linux

a/kernel-modules-smp- Upgraded to Linux

d/kernel-headers- Upgraded to Linux headers.

k/kernel-source- Upgraded to Linux

l/glibc-2.7-i486-16.tgz: Recompiled against Linux

l/glibc-i18n-2.7-noarch-16.tgz: Rebuilt.

l/glibc-profile-2.7-i486-16.tgz: Recompiled against Linux

l/svgalib_helper-1.9.25_2.6.27.6-i486-1.tgz: Recompiled for Linux

n/gnutls-2.6.2-i486-1.tgz: Upgraded to gnutls-2.6.2. The security fix in gnutls-2.6.1 had a flaw in cases where the certificate chain contained only one self-signed certificate. This update fixes the issue.

n/net-snmp- Upgraded to net-snmp-
This fixes a problem where a user with read access could cause snmpd to crash, resulting in a denial of service.
For more information, see:
(* Security fix *)

n/proftpd-1.3.1-i486-3.tgz: Recompiled. This seems to be picky about having an exact version of OpenSSL. Thanks to Adam Kennedy for the bug report.

Upgraded to firefox-3.0.4.
This fixes some security issues:
For more information, see:
(* Security fix *)

Upgraded to seamonkey-1.1.13.
This release fixes some more security vulnerabilities.
For more information, see:
(* Security fix *)

extra/linux- Updated SMP to no-SMP kernel source patch.

isolinux/initrd.img: Rebuilt with newly compiled kernel modules.

usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules.