Slackware-11.0 ChangeLog (2012-02-08)

Wed Feb 8 01:21:42 UTC 2012

  • patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz
    This update fixes a use-after-free() memory corruption error,
    and possibly other unspecified issues.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
    (* Security fix *)
  • patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz
    Minor version bump, this also works around a hard to trigger heap overflow
    in glibc (glibc zoneinfo caching vuln). For there to be any possibility
    to trigger the glibc bug within vsftpd, the non-default option
    “chroot_local_user” must be set in /etc/vsftpd.conf.
    Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
    Nevertheless:
    (* Security fix *)
  • news/2012/02/08/slackware-11.0-changelog.txt
  • Last modified: 6 weeks ago
  • by Giuseppe Di Terlizzi