Sunday, October 4, 2009

Security Update: PHP and Samba

There are two security updates released today, which are PHP and Samba. Both appeared on -Stable and -Current changelog, but if you follow -Current, there are other updates as well, such as MySQL, Amarok, QT, Perl, and also bunch of GCC 4.4.1 on testing directory. In short, i'm thinking -Current is preparing for KDE 4.3.x which has been released shortly before Slackware 13.0 but it didn't make it into -Current testing timeframe.

So, here's the latest -Current changelog:
Sun Oct 4 00:17:50 CDT 2009
ap/mysql-5.1.39-i486-1.txz: Upgraded. This bumps the version of the shared libraries to .so.16.0.0.

d/perl-5.10.1-i486-1.txz: Upgraded. Compiled against mysql-5.1.39, upgraded to perl-5.10.1, DBD-mysql-4.013, DBI-1.609, and URI-1.40.
kde/amarok-2.2.0-i486-1.txz: Upgraded.

l/qt-4.5_0bd8418-i486-1.txz: Upgraded. This is the KDE Qt 4.5.2-patched git branch, compiled against mysql-5.1.39.

l/redland-1.0.9-i486-1.txz: Upgraded. Compiled against mysql-5.1.39.

l/soprano-2.3.1-i486-1.txz: Upgraded.

l/taglib-1.6-i486-1.txz: Upgraded.

l/taglib-extras-1.0.1-i486-1.txz: Upgraded.

n/openssh-5.3p1-i486-1.txz: Upgraded.

n/php-5.2.11-i486-1.txz: Upgraded. This release fixes some possible security issues, all of which have "unknown impact and attack vectors".
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
(* Security fix *)
Also, thanks to Frank Gingras and Rich Bowen for helping to improve the syntax in mod_php.conf.

n/samba-3.4.2-i486-1.txz: Upgraded.
This update fixes the following security issues.
A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed.
mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid)
Specially crafted SMB requests could cause a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
(* Security fix *)

testing/packages/gcc-4.4.1/gcc-4.4.1-i486-1.txz: Added.

testing/packages/gcc-4.4.1/gcc-g++-4.4.1-i486-1.txz: Added.

testing/packages/gcc-4.4.1/gcc-gfortran-4.4.1-i486-1.txz: Added.

testing/packages/gcc-4.4.1/gcc-gnat-4.4.1-i486-1.txz: Added.

testing/packages/gcc-4.4.1/gcc-java-4.4.1-i486-1.txz: Added.

testing/packages/gcc-4.4.1/gcc-objc-4.4.1-i486-1.txz: Added.