Slackware-12.0 ChangeLog (2010-10-28)

Thu Oct 28 22:13:53 UTC 2010

  • patches/packages/glibc-2.5-i486-6_slack12.0.tgz
    Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
    during setuid loads.” This security issue allows a local attacker to
    gain root by specifying an unsafe DSO in the library search path to be
    used with a setuid binary in LD_AUDIT mode.
    Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
    (* Security fix *)
  • patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
  • patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
  • patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
    (* Security fix *)
  • patches/packages/glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
    Rebuilt to tzcode2010n and tzdata2010n.
  • news/2010/10/28/slackware-12.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi