The Slackware Linux Project: Mailing List Info

Mailing List Info
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
Archives
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] m4 (SSA:2008-098-01)
Date: Mon, 7 Apr 2008 11:50:07 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  m4 (SSA:2008-098-01)

New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688


Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/m4-1.4.11-i486-1_slack12.0.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m4-1.4.11-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m4-1.4.11-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m4-1.4.11-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/m4-1.4.11-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/m4-1.4.11-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/m4-1.4.11-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/m4-1.4.11-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/m4-1.4.11-i486-1_slack12.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/m4-1.4.11-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
1179fae2c4429945c3e6441fed82709d  m4-1.4.11-i386-1_slack8.1.tgz

Slackware 9.0 package:
d9e5769918dc1741db6bb2619f060995  m4-1.4.11-i386-1_slack9.0.tgz

Slackware 9.1 package:
796f62a0d275b1e9bc4bad8d40595a4e  m4-1.4.11-i486-1_slack9.1.tgz

Slackware 10.0 package:
032835fa9f150839ca0dfac4c73a5498  m4-1.4.11-i486-1_slack10.0.tgz

Slackware 10.1 package:
e0dd3949d996a8fa12bc480fe2d4eda5  m4-1.4.11-i486-1_slack10.1.tgz

Slackware 10.2 package:
690aa0ae07fcb68096b7122f304a9ea1  m4-1.4.11-i486-1_slack10.2.tgz

Slackware 11.0 package:
c48865785be7e2ea5357a43bd625a17f  m4-1.4.11-i486-1_slack11.0.tgz

Slackware 12.0 package:
6655deb1e644f356b2ccf74edd3c9d4e  m4-1.4.11-i486-1_slack12.0.tgz

Slackware -current package:
b56a401503f4285ff0f660bc6da769b8  m4-1.4.11-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg m4-1.4.11-i486-1_slack12.0.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkf5yf0ACgkQakRjwEAQIjNNvgCfeufBwAekfHgHEokUxPc65bDd
+mIAnjc7Ouf+IjiSmT9LypKqdm+UXPRU
=XJwz
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.