Slackware-13.0 ChangeLog (2011-08-25)

Thu Aug 25 09:10:45 UTC 2011

  • patches/packages/php-5.3.8-i486-1_slack13.0.txz
    Security fixes vs. 5.3.6 (5.3.7 was not usable):
    Updated crypt_blowfish to 1.2. (CVE-2011-2483)
    Fixed crash in error_log(). Reported by Mateusz Kocielski
    Fixed buffer overflow on overlog salt in crypt().
    Fixed bug #54939 (File path injection vulnerability in RFC1867
    File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
    Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
    Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
    For those upgrading from PHP 5.2.x, be aware that quite a bit has
    changed, and it will very likely not 'drop in', but PHP 5.2.x is not
    supported by php.net any longer, so there wasn't a lot of choice
    in the matter. We're not able to support a security fork of
    PHP 5.2.x here either, so you'll have to just bite the bullet on
    this. You'll be better off in the long run. :)
    (* Security fix *)
  • news/2011/08/25/slackware-13.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi