Slackware-12.0 ChangeLog (2010-12-24)
Fri Dec 24 00:53:19 UTC 2010
Packages
Upgraded
- patches/packages/php-5.2.16-i486-1_slack12.0.tgz
This fixes many bugs, including some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
(* Security fix *) - patches/packages/proftpd-1.3.3d-i486-1_slack12.0.tgz
This update fixes an unbounded copy operation in sql_prepare_where() that
could be exploited to execute arbitrary code. However, this only affects
servers that use the sql_mod module (which Slackware does not ship), and
in addition the ability to exploit this depends on an SQL injection bug
that was already fixed in proftpd-1.3.2rc2 (this according to upstream).
So in theory, this fix should only be of academic interest.
But in practice, better safe than sorry.
(* Security fix *)