Slackwarearm-14.2 ChangeLog (2017-10-06)
Fri Oct 06 08:08:08 UTC 2017
Packages
Upgraded
- patches/packages/curl-7.56.0-arm-1_slack14.2.txz
This update fixes a security issue:
libcurl may read outside of a heap allocated buffer when doing FTP.
For more information, see:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
(* Security fix *) - patches/packages/openjpeg-2.3.0-arm-1_slack14.2.txz
This update fixes security issues which may lead to a denial of service
or possibly remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164
(* Security fix *)
Rebuilt
- patches/packages/xorg-server-1.18.3-arm-4.txz
This update fixes two security issues:
Xext/shm: Validate shmseg resource id, otherwise it can belong to a
non-existing client and abort X server with FatalError “client not
in use”, or overwrite existing segment of another existing client.
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13723
(* Security fix *) - patches/packages/xorg-server-xephyr-1.18.3-arm-4.txz
- patches/packages/xorg-server-xnest-1.18.3-arm-4.txz
- patches/packages/xorg-server-xvfb-1.18.3-arm-4.txz