Wednesday, June 17, 2009

Security Updates: Firefox and Apr-Util

Just less than three hours from my previous posting, the security update for Firefox has been released along with apr-util and also other packages as well. The aaa-base package has been bumped to 13.0. New package which has been added in x86_64 (tightvnc) has also makes its way on i386 arch. Way to go Slackware 13.0 cool

Here's the latest -Current changelog:
Tue Jun 16 17:50:30 CDT 2009
a/aaa_base-13.0-noarch-1.txz: Rebuilt. Updated slackware-version.

a/e2fsprogs-1.41.6-i486-1.txz: Upgraded.

a/ed-1.3-i486-1.txz: Upgraded.

a/file-5.03-i486-1.txz: Upgraded.

a/findutils-4.4.2-i486-1.txz: Upgraded.

a/jfsutils-1.1.14-i486-1.txz: Upgraded.

a/ntfs-3g-2009.4.4-i486-1.txz: Upgraded.

a/usbutils-0.82-i486-1.txz: Upgraded.

a/xfsprogs-3.0.1-i486-1.txz: Upgraded.

ap/dmapi-2.2.10-i486-1.txz: Upgraded.

ap/man-pages-3.21-noarch-1.txz: Upgraded.

ap/sqlite-3.6.14.2-i486-1.txz: Upgraded.

ap/xfsdump-3.0.1-i486-1.txz: Upgraded.

d/git-1.6.3.2-i486-1.txz: Upgraded.

d/m4-1.4.13-i486-1.txz: Upgraded.

d/subversion-1.6.2-i486-1.txz: Upgraded. Thanks to Robby Workman and Vincent Batts for work done on enabling the bindings for Python, perl, and Ruby.

kde/kdelibs-4.2.4-i486-2.txz: Rebuilt. Patched popupapplet.cpp to fix plasmaboard, a virtual keyboard for plasma.

l/apr-1.3.5-i486-1.txz: Upgraded.

l/apr-util-1.3.7-i486-1.txz: Upgraded.
Fix underflow in apr_strmatch_precompile.
Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
(* Security fix *)

l/neon-0.28.4-i486-1.txz: Upgraded.

l/sdl-1.2.13-i486-4.txz: Upgraded. Use SDL_image-1.2.7, and compile SDL without esd, as linking to esd breaks audio within VirtualBox. Thanks to Luigi Trovato for the bug report. Also, compile without arts support.

l/seamonkey-solibs-1.1.16-i486-2.txz: Added. This is a subset of the shared libraries from the seamonkey package used for runtime support of programs (such as rpm) on machines without X, or applications for X.

n/bluez-utils-3.36-i486-6.txz: Rebuilt. Edited rc.bluetooth to start hidd before any other bluetooth service. This avoids an address conflict that can cause devices to fail to reconnect if the connection is lost.
Thanks to Heinz Wiesinger.

n/iptables-1.4.3.2-i486-1.txz: Upgraded.

n/iw-0.9.14-i486-1.txz: Upgraded.

n/lftp-3.7.14-i486-1.txz: Upgraded.

xap/mozilla-firefox-3.0.11-i686-1.txz:
Upgraded to firefox-3.0.11.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)

xap/seamonkey-1.1.16-i486-2.txz: Rebuilt.

xap/xfce4-power-manager-0.6.6-i486-1.txz: Upgraded.

xap/xine-lib-1.1.16.3-i686-6.txz: Rebuilt. Use i686 arch, not i486.

extra/tightvnc/tightvnc-1.3.10-i486-1.txz: Added.