Slackware64-current ChangeLog (2017-02-28)
Tue Feb 28 23:51:55 UTC 2017
Packages
Rebuilt
- a/coreutils-8.26-x86_64-2.txz
Added a few more file extensions to /etc/DIR_COLORS, including .lz. - a/etc-14.2-x86_64-9.txz
Added cgred group to /etc/group.new. (cgred:x:41:) - a/libcgroup-0.41-x86_64-2.txz
Fixed rc.cgred to source the correct config file.
Changed /usr/bin/cgexec from setuid root to setgid cgred.
Don't remove the entire cgroup file system with “rc.cgconfig stop”.
Thanks to chris.willing. - a/shadow-4.2.1-x86_64-2.txz
Patched a potential security issue that allows any local user to send
SIGKILL to other processes with root privileges. Note that Slackware
is not vulnerable since the bug only affects systems that use PAM.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
(* Security fix *) - l/libimobiledevice-1.2.0-x86_64-2.txz
Patched to fix mounting iOS 10 devices. Thanks to qunying. - xap/windowmaker-0.95.7-x86_64-3.txz
Disabled overly verbose logging of warnings to syslog. Thanks to B Watson.
Upgraded
- a/util-linux-2.29.2-x86_64-1.txz
This update fixes a potential security issue that allows any local user
to send SIGKILL to other processes with root privileges. Note that
Slackware is not vulnerable since we do not use /bin/su from util-linux,
and the bug only affects systems that use PAM.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
(* Security fix *) - n/curl-7.53.1-x86_64-1.txz
Fixes SSL_VERIFYSTATUS ignored security issue.
(Issue only existed in Slackware -current, not in any -stable releases)
For more information, see:
https://curl.haxx.se/docs/adv_20170222.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2629
(* Security fix *) - n/libqmi-1.16.2-x86_64-1.txz
Shared library .so-version bump.