Wednesday, July 15, 2009

Security Update: dhcp

One security update has been released today, which is dhcp. Along with this update, there are several updates on other packages as well. Finally a decision is made on libsafe package which is now moved to /pasture, due to problem caused by this application, mostly in Firefox 3.5 and being an unmaintained application since 2001.

Here's the latest -Current changelog:
Tue Jul 14 18:10:01 CDT 2009
a/e2fsprogs-1.41.7-i486-1.txz: Upgraded.

ap/mc-20090714_git-i486-1.txz: Upgraded.

ap/slackpkg-2.80.1-noarch-2.tgz: Upgraded. Thanks to Piter Punk.

l/gnome-icon-theme-2.26.0-i486-1.txz: Upgraded.

l/libgsf-1.14.15-i486-1.txz: Upgraded.

n/dhcp-3.1.2p1-i486-1.txz: Upgraded.
A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option.
For more information, see:
(* Security fix *)

extra/wicd/wicd-1.6.2-i486-1.txz: Upgraded.

pasture/libsafe-2.0-16/libsafe-2.0.16-i386-1.txz: Moved from /extra.
This causes problems with firefox-3.5, and too many people are going to be confused by that if libsafe remains in /extra. Really, there's very little reason to be running libsafe on a machine that isn't a server anyway. In any case, libsafe has always caused a few programs to fail for as long as I can remember. I'm not sure how much good it still does either, considering it's been unmaintained upstream since 2001.
Feel free to continue using it if you like, but realize that it has the potential to break things, especially on desktop machines.