From: "Slackware Security Team" To: Sent: Wednesday, September 13, 2000 7:58 PM Subject: [slackware-security]: xchat input validation bug fixed An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current. The problem is described in detail at this site: http://www.securityfocus.com/bid/1601 Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the xchat.tgz package available in the Slackware -current branch. ======================================== xchat 1.5.7 AVAILABLE - (gtk1/xchat.tgz) ======================================== The input validation bug has been fixed in this release of XChat. The new xchat.tgz package is available from: ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/gtk/xchat.t gz For verification purposes, we provide the following checksums: 16-bit "sum" checksum: 2394041667 1288299 gtk1/xchat.tgz 128-bit MD5 message digest: b388d7eb7914a6d456f49f0b0f62fcb8 gtk1/xchat.tgz INSTALLATION INSTRUCTIONS FOR THE xchat.tgz PACKAGE: --------------------------------------------------- Make sure that no users have XChat running, then issue this command: # upgradepkg xchat.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team http://www.slackware.com +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+