Slackware Security Update: emacs and dnsmasq

Straight to the issues, I received two emails from Slackware Security mailing list detailing the following issues (italicised text is added myself):

New emacs packages are available for Slackware 10.1 and -current to (fix) a security issue with the movemail utility for retrieving mail from a POP mail server. If used to connect to a malicious POP server, it is possible for the server to cause the execution of arbitrary code as the user running emacs.

New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

There are also tons of updates for Slackware-current, including heavy stuff like the glibc packages. You can use the Slackware package browser to obtain an updated version of these packages for your Slackware installation. Lazier and smarter people like me will use updating tools such as Swaret or slapt-get 🙂