Slackware-12.0 ChangeLog (2010-12-24) [Lotar's Wiki]

slackware changelog slackware-12.0 2010-12news:2010:12:24:slackware-12.0-changelog

patches/packages/php-5.2.16-i486-1_slack12.0.tgz
This fixes many bugs, including some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
(* Security fix *)
patches/packages/proftpd-1.3.3d-i486-1_slack12.0.tgz
This update fixes an unbounded copy operation in sql_prepare_where() that
could be exploited to execute arbitrary code. However, this only affects
servers that use the sql_mod module (which Slackware does not ship), and
in addition the ability to exploit this depends on an SQL injection bug
that was already fixed in proftpd-1.3.2rc2 (this according to upstream).
So in theory, this fix should only be of academic interest.
But in practice, better safe than sorry.
(* Security fix *)

slackware, changelog, slackware-12.0, 2010-12

news/2010/12/24/slackware-12.0-changelog.txt
Last modified: 12 months ago
by Giuseppe Di Terlizzi