-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libXres (SSA:2017-291-01) New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded. Integer overflows may allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libXres-1.2.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libXres-1.2.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libXres-1.2.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libXres-1.2.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libXres-1.2.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libXres-1.2.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 package: 1253ba59f7e08295d24a434a75faf448 libXres-1.2.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f42004623a5f42c6280bf540decadb81 libXres-1.2.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 4256978c619753254402fc77ca2fc1fc libXres-1.2.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 2e1e0fea3a504c181e58cb5bfc0cf22a libXres-1.2.0-x86_64-1_slack14.2.txz Slackware -current package: 9cfb1ab01a0178323c37a518621ff02b x/libXres-1.2.0-i586-1.txz Slackware x86_64 -current package: 8bcf91141af69be10620e6e4f529b0c5 x/libXres-1.2.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libXres-1.2.0-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@xxxxxxxxxxxxx +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@xxxxxxxxxxxxx with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlnnrOUACgkQakRjwEAQIjMVKgCghcRM8L2nzT+okGAVDzzKeEAN WuUAnjhlqYGmGWfoszRSvdEpVaX8JsnD =bZN5 -----END PGP SIGNATURE-----