Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
news:2013:12:16:slackware64-current-changelog [2015/03/10 01:14]
Giuseppe Di Terlizzi creata
news:2013:12:16:slackware64-current-changelog [2015/03/26 10:44] (current)
Giuseppe Di Terlizzi
Line 2: Line 2:
  
 ====== Mon Dec 16 20:51:01 UTC 2013 ====== ====== Mon Dec 16 20:51:01 UTC 2013 ======
- 
- 
 ===== Packages ===== ===== Packages =====
  
 ==== Rebuilt ==== ==== Rebuilt ====
-  * [[slackware64.current>​d/​llvm-3.3-x86_64-3.txz]] (Security fix) +  * [[slackware64.current>​d/​llvm-3.3-x86_64-3.txz]] ​\\   The LLVM package included binaries with an rpath pointing to the build \\   ​location in /tmp.   This allows an attacker with write access to /tmp to \\   add modified libraries ​(and execute arbitrary code) as any user running \\   the LLVM binaries. ​ This updated package rebuilds LLVM to exclude the \\   build directories from the rpath information. \\   ​Thanks to Christopher Oliver for the bug report. \\   ​(* ​Security fix *
-  * [[slackware64.current>​l/​libjpeg-v8a-x86_64-2.txz]] (Security fix)+  * [[slackware64.current>​l/​libjpeg-v8a-x86_64-2.txz]] ​\\   Fix use of uninitialized memory when decoding images with missing SOS data \\   for the luminance component ​(Y) in presence of valid chroma data (Cr, Cb). \\   This could allow remote attackers to obtain sensitive information from \\   ​uninitialized memory locations via a crafted JPEG image. \\   For more information,​ see: \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2013-6629 \\   ​(* ​Security fix *)
  
 ==== Upgraded ==== ==== Upgraded ====
-  * [[slackware64.current>​d/​ruby-1.9.3_p484-x86_64-1.txz]] (Security fix) +  * [[slackware64.current>​d/​ruby-1.9.3_p484-x86_64-1.txz]] ​\\   This update fixes a heap overflow in floating point parsing. ​ A specially \\   ​crafted string could cause a heap overflow leading to a denial of service \\   ​attack via segmentation faults and possibly arbitrary code execution. \\   For more information,​ see: \\     ​https://​www.ruby-lang.org/​en/​news/​2013/​11/​22/​heap-overflow-in-floating-point-parsing-cve-2013-4164/​ \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2013-4164 \\   (Security fix *
-  * [[slackware64.current>​l/​cairo-1.12.16-x86_64-1.txz]] +  * [[slackware64.current>​l/​cairo-1.12.16-x86_64-1.txz]] ​\\   ​Removed --enable-xcb-shm (may cause instability with GTK+3). \\   ​Removed --enable-xlib-xcb (causes GIMP slowdown). \\   Added --enable-ft and --enable-gl. \\   If there are no problems reported with this update, perhaps it should be \\   ​issued as a 14.1 bugfix? 
-  * [[slackware64.current>​l/​libiodbc-3.52.8-x86_64-1.txz]] (Security fix)+  * [[slackware64.current>​l/​libiodbc-3.52.8-x86_64-1.txz]] ​\\   This update fixes an rpath pointing to a location in /tmp that was found in \\   two test programs ​(iodbctest and iodbctestw). ​ This could have allowed a \\   local attacker with write access to /tmp to add modified libraries (and \\   ​execute arbitrary code) as any user running the test programs. \\   ​Thanks to Christopher Oliver for the bug report. \\   ​(* ​Security fix *)
   * [[slackware64.current>​l/​seamonkey-solibs-2.23-x86_64-1.txz]]   * [[slackware64.current>​l/​seamonkey-solibs-2.23-x86_64-1.txz]]
-  * [[slackware64.current>​xap/​mozilla-firefox-26.0-x86_64-1.txz]] ​(Security fix) +  * [[slackware64.current>​xap/​mozilla-firefox-26.0-x86_64-1.txz]] ​\\   This release contains security fixes and improvements. ​\\   For more information,​ see: \\     http://​www.mozilla.org/​security/​known-vulnerabilities/​firefox.html ​\\   (* Security fix *) 
-  * [[slackware64.current>​xap/​mozilla-thunderbird-24.2.0-x86_64-1.txz]] (Security fix) +  * [[slackware64.current>​xap/​mozilla-thunderbird-24.2.0-x86_64-1.txz]] \\   This update contains security fixes and improvements. ​\\   For more information,​ see: \\     http://​www.mozilla.org/​security/​known-vulnerabilities/​thunderbird.html ​\\   (* Security fix *) 
-  * [[slackware64.current>​xap/​seamonkey-2.23-x86_64-1.txz]] (Security fix) +  * [[slackware64.current>​xap/​seamonkey-2.23-x86_64-1.txz]] \\   This update contains security fixes and improvements. ​\\   For more information,​ see: \\     http://​www.mozilla.org/​security/​known-vulnerabilities/​seamonkey.html ​\\   (* Security fix *)
-===== ChangeLog ===== +
-<​code>​ +
-Mon Dec 16 20:51:01 UTC 2013 +
-d/​llvm-3.3-x86_64-3.txz: ​ Rebuilt. +
-  The LLVM package included binaries with an rpath pointing to the build +
-  location in /tmp.   ​This allows an attacker with write access to /tmp to +
-  add modified libraries (and execute arbitrary code) as any user running +
-  the LLVM binaries. ​ This updated package rebuilds LLVM to exclude the +
-  build directories from the rpath information. +
-  Thanks to Christopher Oliver for the bug report. +
-  (* Security fix *) +
-d/​ruby-1.9.3_p484-x86_64-1.txz: ​ Upgraded. +
-  This update fixes a heap overflow in floating point parsing. ​ A specially +
-  crafted string could cause a heap overflow leading to a denial of service +
-  attack via segmentation faults and possibly arbitrary code execution. +
-  For more information,​ see: +
-    https://​www.ruby-lang.org/​en/​news/​2013/​11/​22/​heap-overflow-in-floating-point-parsing-cve-2013-4164/​ +
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2013-4164 +
-  (* Security fix *) +
-l/​cairo-1.12.16-x86_64-1.txz: ​ Upgraded. +
-  Removed --enable-xcb-shm (may cause instability with GTK+3). +
-  Removed --enable-xlib-xcb (causes GIMP slowdown). +
-  Added --enable-ft and --enable-gl. +
-  If there are no problems reported with this update, perhaps it should be +
-  issued as a 14.1 bugfix? +
-l/​libiodbc-3.52.8-x86_64-1.txz: ​ Upgraded. +
-  This update fixes an rpath pointing to a location in /tmp that was found in +
-  two test programs (iodbctest and iodbctestw). ​ This could have allowed a +
-  local attacker with write access to /tmp to add modified libraries (and +
-  execute arbitrary code) as any user running the test programs. +
-  Thanks to Christopher Oliver for the bug report. +
-  (* Security fix *) +
-l/​libjpeg-v8a-x86_64-2.txz: ​ Rebuilt. +
-  Fix use of uninitialized memory when decoding images with missing SOS data +
-  for the luminance component (Y) in presence of valid chroma data (Cr, Cb). +
-  This could allow remote attackers to obtain sensitive information from +
-  uninitialized memory locations via a crafted JPEG image. +
-  For more information,​ see: +
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2013-6629 +
-  (* Security fix *) +
-l/​seamonkey-solibs-2.23-x86_64-1.txz: ​ Upgraded. +
-xap/​mozilla-firefox-26.0-x86_64-1.txz: ​ Upgraded. +
-  ​This release contains security fixes and improvements. +
-  ​For more information,​ see: +
-    ​http://​www.mozilla.org/​security/​known-vulnerabilities/​firefox.html +
-  ​(* Security fix *) +
-xap/​mozilla-thunderbird-24.2.0-x86_64-1.txz:  Upgraded. +
-  ​This update contains security fixes and improvements. +
-  ​For more information,​ see: +
-    ​http://​www.mozilla.org/​security/​known-vulnerabilities/​thunderbird.html +
-  ​(* Security fix *) +
-xap/​seamonkey-2.23-x86_64-1.txz:  Upgraded. +
-  ​This update contains security fixes and improvements. +
-  ​For more information,​ see: +
-    ​http://​www.mozilla.org/​security/​known-vulnerabilities/​seamonkey.html +
-  ​(* Security fix *) +
-</​code>​ +
  
  
-{{tag>news 2013/​12 ​slackware64-current ​changelog}}+{{tag>slackware changelog ​slackware64-current ​2013/12}}
  
  • news/2013/12/16/slackware64-current-changelog.1425946453.txt.gz
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi