Slackware64-14.2 ChangeLog (2016-06-24)
Fri Jun 24 23:37:19 UTC 2016
Sorry about the delay, but we had to wait for this kernel. At least we were
able to get some other good fixes in this week while we were waiting.
Packages
Rebuilt
- a/aaa_elflibs-14.2-x86_64-23.txz
- isolinux/initrd.img
- usb-and-pxe-installers/usbboot.img
Upgraded
- a/kernel-generic-4.4.14-x86_64-1.txz
- a/kernel-huge-4.4.14-x86_64-1.txz
- a/kernel-modules-4.4.14-x86_64-1.txz
- ap/mariadb-10.0.26-x86_64-1.txz
- d/kernel-headers-4.4.14-x86-1.txz
- k/kernel-source-4.4.14-noarch-1.txz
This kernel release fixes two security issues:
Corrupted offset allows for arbitrary decrements in compat
IPT_SO_SET_REPLACE setsockopt. Risk: High. Impact: Kernel memory
corruption, leading to elevation of privileges or kernel code execution.
This occurs in a compat_setsockopt() call that is normally restricted to
root, however, Linux 3/4 kernels that support user and network namespaces
can allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
Out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt.
Risk: Medium. Impact: Out of bounds heap memory access, leading to a
Denial of Service (or possibly heap disclosure or further impact).
This occurs in a setsockopt() call that is normally restricted to root,
however, Linux 3/4 kernels that support user and network namespaces can
allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
For more information, see:
http://www.openwall.com/lists/oss-security/2016/06/24/5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
(* Security fix *) - l/libpng-1.6.23-x86_64-1.txz
- l/librsvg-2.40.16-x86_64-1.txz
- n/php-5.6.23-x86_64-1.txz
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.23
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773
(* Security fix *) - kernels/*