Skip to main content

Security Updates: BitchX and CUPS

Two security updates were released today, with something unique, as one of them are package deletion and not a patch or version upgrade. Yes, BitchX has been removed as there is no active development on the upstream, leaving users with known security vulnerabilities without no fixes. It's suggested that people who had been using BitchX to use irssi or X-Chat for GUI-based application.

Besides this two updates, there are several updated packages as well, mostly live in a/ and x/ where scim-* took some package there. Here are the latest -Current changelog:
Sun Apr 26 15:11:57 CDT 2009
a/cups-1.3.10-i486-1.tgz:
Upgraded to cups-1.3.10.
This fixes several security issues, including an integer overflow in the TIFF decoder, a failure to properly verify the Host HTTP header, and several problems with PDF handling (the new CUPS uses a wrapper rather than embedded code taken from xpdf). These issues could result in a denial of service or the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
(* Security fix *)

a/dialog-1.1_20080819-i486-2.tgz: Patched to make the minimum height of checkboxes and menuboxes 4. This fixes a bug where installer menus were taller than they needed to be, and in some cases filled the screen overwriting the information at the top.

a/pkgtools-12.34567890-noarch-4.tgz: Patched to fix failures when a valid package extension (.tgz, .tbz, .tlz, .txz) is embedded somewhere in the directory path, or the package's name, version, or build number.
Thanks to Erik Jan Tromp.

a/sysvinit-scripts-1.2-noarch-29.tgz: Patched rc.M to remove files of the form {a,}quota.{group,user}.new from the top of filesystems that use quota. These can be created if quota is interrupted by a reboot or power failure and cause quotacheck at boot time to fail.
Thanks to Erik Jan Tromp.

d/strace-4.5.18-i486-1.tgz: Upgraded to strace-4.5.18.

n/bitchx-1.1-i486-5.tgz: Removed.
BitchX has several known security flaws for which there are no known workarounds, and upstream progress seems to have stalled. Users should switch to a supported IRC client such as irssi.
(* Security fix *)

n/metamail-2.7-i486-3.tgz: Updated patch and recompiled.
Moved fonts for mailto-hebrew to /usr/share/metamail/fonts/.

n/wpa_supplicant-0.6.9-i486-1.tgz: Upgraded to wpa_supplicant-0.6.9.

x/m17n-lib-1.5.4-i486-1.tgz: Upgraded to m17n-lib-1.5.4.

x/scim-1.4.9-i486-1.tgz: Upgraded to scim-1.4.9.

x/scim-bridge-0.4.16-i486-1.tgz: Upgraded to scim-bridge-0.4.16.

x/scim-input-pad-0.1.2-i486-1.tgz: Added scim-input-pad-0.1.2.

x/scim-m17n-0.2.3-i486-1.tgz: Upgraded to scim-m17n-0.2.3.

x/scim-tables-0.5.9-i486-1.tgz: Upgraded to scim-tables-0.5.9.

x/wqy-zenhei-font-ttf-0.8.38_1-noarch-1.tgz: Upgraded to wqy-zenhei-0.8.38-1.

x/xaw3d-1.5E-i486-1.tgz: Upgraded to Xaw3d-1.5E.

xap/xfractint-20.04p09-i486-1.tgz: Upgraded to xfractint-20.04p09.

isolinux/initrd.img: Regenerated modules.dep to reflect the compressed kernel modules. Thanks to Piter Punk and Eric Hameleers.
When formatting an ext3 partition, don't use '-j' (using mkfs.ext3 already takes care of that).
Use the patched dialog to fix the formatting of the installer menus.

testing/packages/bash-4.0.017-i486-1.tgz: Updated with upstream patches.

usb-and-pxe-installers/usbboot.img: Same fixes as initrd.img.

Popular posts from this blog

Running Rsync Via Proxy

One way to get the latest Slackware updates is by running rsync to syncronize your local repository and the main repository that hold the Slackware packages. Eric Hameleers has provided a great script called rsync_current.sh and how i modified this tool has been discussed on my previous post. In general, it works, except for one problem, when your computer is connecting to the Internet through a proxy.

My workstation at my office is connected to the Internet through a proxy, so i can't use normal rsync to work normally. I browsed the web and i found this site which tells us about how we should modify our squid configuration to allow rsync connection from any computer from our local networks. I asked my sysadmin to try this script. He agreed and he updated the squid configuration on the proxy.

Next, i need to update my environment variable RSYNC_PROXY to the host of the proxy and also the port. Let's say you are running a proxy on 192.168.1.1 and port 8080, then you need to run …

NVidia Legacy Unix Driver Update

NVidia has released an updated legacy drivers to support X.Org 1.19 with ABI 23. It has been mentioned in the UNIX drivers, but you can directly find the drivers from the links below:
NVidia 304.134 (x86x86_64)NVidia 340.101 (x86, x86_64) I have tested the 304.134 driver and it's working great here. I can finally remove x from my /etc/slackpkg/blacklist file since it's a showstopper for me.
Aside from legacy driver, NVidia has also released their latest driver 375.26 (x86, x86_64), which brings support for newer cards and also many new features (including X.Org 1.19 with ABI 23 support). 

Security Update: firefox, irssi, pidgin

Three security updates were released for today:
firefox: Upgraded to 45.4.0esr for 14.1 and 14.2 and 49.0 for currentirssi: Upgraded to 0.8.20pidgin: Upgraded to 2.10.11, 2.10.12, and 2.11.0 for all stable Slackware releases depending on their support Some minor update in current:
mkinitrd: Add dmsetup supportemacs: Upgraded to 25.1qt: Fix multilib issue network-scripts: Fix minor issue