Slackwarearm-14.1 ChangeLog (2013-09-11)
Wed Sep 11 19:15:19 UTC 2013
Packages
Upgraded
- a/kernel_versatile-3.10.11-arm-1.tgz
Patched to work with QEMU-1.6.0. This kernel has _only_ been
tested with QEMU-1.6.0, so please upgrade your QEMU installation
if you'd like to use this kernel.
Thanks to Keith C. Perry for the report. - d/perl-5.18.1-arm-1.tgz
Upgraded to DBI-1.628. Added gettext-1.05. - d/subversion-1.7.13-arm-1.tgz
This update fixes a local privilege escalation vulnerability via
symlink attack.
For more information, see:
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
(* Security fix *) - x/xcb-util-0.3.9-arm-1.tgz
This update bumps the shared library version, requiring some rebuilds.
Rebuilt
- l/glibc-2.17-arm-11.tgz
Compiled against Linux-3.10.11 headers.
Patched to remove pt_chown. Thanks to mancha.
Note that while this patches CVE-2013-2207 (a local privilege escalation
vulnerability), the vulnerability depends upon insecure and non-default
settings (“user_allow_other” in /etc/fuse.conf) and the patch is not
trivial to port to older versions of glibc. For older versions, the
best approach is to not set that option in fuse.conf, as it likely opens
up other holes as well. Another approach to mitigate this is to make
pt_chown a symlink to /bin/true, as the kernel has handled chowning
pseudo terminals for a long time and pt_chown isn't needed at all. - l/taglib-1.8-arm-2.tgz
Compile with -DCMAKE_BUILD_TYPE=Release to silence debug messages meant for
developers. Thanks to Seb.
Added
- a/os-prober-1.63-arm-1.tgz
This is a simple tool that searches partitions for bootable operating
systems.