news:2013:12:16:slackware-current-changelog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Last revisionBoth sides next revision
news:2013:12:16:slackware-current-changelog [2015/03/10 12:22] – creata Giuseppe Di Terlizzinews:2013:12:16:slackware-current-changelog [2015/03/10 12:43] Giuseppe Di Terlizzi
Line 7: Line 7:
  
 ==== Rebuilt ==== ==== Rebuilt ====
-  * [[slackware.current>d/llvm-3.3-i486-3.txz]] (Security fix) +  * [[slackware.current>d/llvm-3.3-i486-3.txz]] \\   The LLVM package included binaries with an rpath pointing to the build \\   location in /tmp.   This allows an attacker with write access to /tmp to \\   add modified libraries (and execute arbitrary code) as any user running \\   the LLVM binaries.  This updated package rebuilds LLVM to exclude the \\   build directories from the rpath information. \\   Thanks to Christopher Oliver for the bug report. \\   (* Security fix *
-  * [[slackware.current>l/libjpeg-v8a-i486-2.txz]] (Security fix)+  * [[slackware.current>l/libjpeg-v8a-i486-2.txz]] \\   Fix use of uninitialized memory when decoding images with missing SOS data \\   for the luminance component (Y) in presence of valid chroma data (Cr, Cb). \\   This could allow remote attackers to obtain sensitive information from \\   uninitialized memory locations via a crafted JPEG image. \\   For more information, see: \\     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 \\   (* Security fix *)
  
 ==== Upgraded ==== ==== Upgraded ====
-  * [[slackware.current>d/ruby-1.9.3_p484-i486-1.txz]] (Security fix) +  * [[slackware.current>d/ruby-1.9.3_p484-i486-1.txz]] \\   This update fixes a heap overflow in floating point parsing.  A specially \\   crafted string could cause a heap overflow leading to a denial of service \\   attack via segmentation faults and possibly arbitrary code execution. \\   For more information, see: \\     https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ \\     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 \\   (Security fix *
-  * [[slackware.current>l/cairo-1.12.16-i486-1.txz]] +  * [[slackware.current>l/cairo-1.12.16-i486-1.txz]] \\   Removed --enable-xcb-shm (may cause instability with GTK+3). \\   Removed --enable-xlib-xcb (causes GIMP slowdown). \\   Added --enable-ft and --enable-gl. \\   If there are no problems reported with this update, perhaps it should be \\   issued as a 14.1 bugfix? 
-  * [[slackware.current>l/libiodbc-3.52.8-i486-1.txz]] (Security fix)+  * [[slackware.current>l/libiodbc-3.52.8-i486-1.txz]] \\   This update fixes an rpath pointing to a location in /tmp that was found in \\   two test programs (iodbctest and iodbctestw).  This could have allowed a \\   local attacker with write access to /tmp to add modified libraries (and \\   execute arbitrary code) as any user running the test programs. \\   Thanks to Christopher Oliver for the bug report. \\   (* Security fix *)
   * [[slackware.current>l/seamonkey-solibs-2.23-i486-1.txz]]   * [[slackware.current>l/seamonkey-solibs-2.23-i486-1.txz]]
-  * [[slackware.current>xap/mozilla-firefox-26.0-i486-1.txz]] (Security fix) +  * [[slackware.current>xap/mozilla-firefox-26.0-i486-1.txz]] \\   This release contains security fixes and improvements. \\   For more information, see: \\     http://www.mozilla.org/security/known-vulnerabilities/firefox.html \\   (* Security fix *) 
-  * [[slackware.current>xap/mozilla-thunderbird-24.2.0-i486-1.txz]] (Security fix) +  * [[slackware.current>xap/mozilla-thunderbird-24.2.0-i486-1.txz]] \\   This update contains security fixes and improvements. \\   For more information, see: \\     http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html \\   (* Security fix *) 
-  * [[slackware.current>xap/seamonkey-2.23-i486-1.txz]] (Security fix) +  * [[slackware.current>xap/seamonkey-2.23-i486-1.txz]] \\   This update contains security fixes and improvements. \\   For more information, see: \\     http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html \\   (* Security fix *)
-===== ChangeLog ===== +
-<code> +
-Mon Dec 16 20:51:01 UTC 2013 +
-d/llvm-3.3-i486-3.txz:  Rebuilt. +
-  The LLVM package included binaries with an rpath pointing to the build +
-  location in /tmp.   This allows an attacker with write access to /tmp to +
-  add modified libraries (and execute arbitrary code) as any user running +
-  the LLVM binaries.  This updated package rebuilds LLVM to exclude the +
-  build directories from the rpath information. +
-  Thanks to Christopher Oliver for the bug report. +
-  (* Security fix *) +
-d/ruby-1.9.3_p484-i486-1.txz:  Upgraded. +
-  This update fixes a heap overflow in floating point parsing.  A specially +
-  crafted string could cause a heap overflow leading to a denial of service +
-  attack via segmentation faults and possibly arbitrary code execution. +
-  For more information, see: +
-    https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ +
-    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 +
-  (* Security fix *) +
-l/cairo-1.12.16-i486-1.txz:  Upgraded. +
-  Removed --enable-xcb-shm (may cause instability with GTK+3). +
-  Removed --enable-xlib-xcb (causes GIMP slowdown). +
-  Added --enable-ft and --enable-gl. +
-  If there are no problems reported with this update, perhaps it should be +
-  issued as a 14.1 bugfix? +
-l/libiodbc-3.52.8-i486-1.txz:  Upgraded. +
-  This update fixes an rpath pointing to a location in /tmp that was found in +
-  two test programs (iodbctest and iodbctestw).  This could have allowed a +
-  local attacker with write access to /tmp to add modified libraries (and +
-  execute arbitrary code) as any user running the test programs. +
-  Thanks to Christopher Oliver for the bug report. +
-  (* Security fix *) +
-l/libjpeg-v8a-i486-2.txz:  Rebuilt. +
-  Fix use of uninitialized memory when decoding images with missing SOS data +
-  for the luminance component (Y) in presence of valid chroma data (Cr, Cb). +
-  This could allow remote attackers to obtain sensitive information from +
-  uninitialized memory locations via a crafted JPEG image. +
-  For more information, see: +
-    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 +
-  (* Security fix *) +
-l/seamonkey-solibs-2.23-i486-1.txz:  Upgraded. +
-xap/mozilla-firefox-26.0-i486-1.txz:  Upgraded. +
-  This release contains security fixes and improvements. +
-  For more information, see: +
-    http://www.mozilla.org/security/known-vulnerabilities/firefox.html +
-  (* Security fix *) +
-xap/mozilla-thunderbird-24.2.0-i486-1.txz:  Upgraded. +
-  This update contains security fixes and improvements. +
-  For more information, see: +
-    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html +
-  (* Security fix *) +
-xap/seamonkey-2.23-i486-1.txz:  Upgraded. +
-  This update contains security fixes and improvements. +
-  For more information, see: +
-    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html +
-  (* Security fix *) +
-</code> +
  
  
 {{tag>slackware changelog slackware-current 2013/12}} {{tag>slackware changelog slackware-current 2013/12}}
  
  • news/2013/12/16/slackware-current-changelog.txt
  • Last modified: 9 years ago
  • by Giuseppe Di Terlizzi