|
|
发表于 2005-11-7 08:48:12
|
显示全部楼层
老贴子---本版贴过了以前。N多张。Sat Nov 5 21:55:21 CST 2005
l/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22.
This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
that was already used by the expat headers, causing PHP to fail to compile
when using Slackware's combination of ./configure options.
n/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in
libcurl's NTLM function that could have possible security implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
n/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b.
This includes various bugfixes. Thanks to Christopher Linnet for reporting
that this fixes a problem with printing to a printer on an XP machine from
CUPS. If you use such a configuration, you'll want this upgrade for sure.
n/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34.
n/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
n/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1.
Fixes a number of bugs, including several minor security fixes relating to
the overwriting of the GLOBALS array.
(* Security fix *)
n/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)
n/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)
n/pine-4.64-i486-1.tgz: Upgraded to pine-4.64.
n/tcpdump-3.9.4-i486-1.tgz: Upgraded to tcpdump-3.9.4.
n/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)
kde/koffice-1.4.1-i486-2.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)
There, now hopefully we can start getting some REAL work done around here
again soon...
=---大神总算回来了--- |
|
IP卡
狗仔卡
发表于 2005-11-7 00:58:25
显身卡