Slackwarearm-14.2 ChangeLog (2014-02-25)

Tue Feb 25 20:34:37 UTC 2014

  • a/kernel-firmware-20140224git-noarch-1.tgz
  • a/kernel-modules-armv7-3.13.5_armv7-arm-1.tgz
  • a/kernel-modules-kirkwood-3.13.5_kirkwood-arm-1.tgz
  • a/kernel_armv7-3.13.5-arm-1.tgz
  • a/kernel_kirkwood-3.13.5-arm-1.tgz
  • ap/mariadb-5.5.35-arm-1.tgz
    This update fixes a buffer overflow in the mysql command line client which
    may allow malicious or compromised database servers to cause a denial of
    service (crash) and possibly execute arbitrary code via a long server
    version string.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
    (* Security fix *)
  • k/kernel-source-3.13.5-arm-1.tgz
  • n/gnutls-3.1.21-arm-1.tgz
    This update fixes a flaw where a version 1 intermediate certificate would be
    considered as a CA certificate by GnuTLS by default.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
    (* Security fix *)
  • kernels/*
  • a/shadow-4.1.5.1-arm-3.tgz
    Shadow 4.1.5 addressed a tty-hijacking vulnerability in “su -c”
    (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
    case via a TIOCNOTTY request. Bi-directional protection is excessive
    and breaks a commonly-used methods for privilege escalation on non-PAM
    systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
    This update relaxes the restriction and only detaches the controlling
    tty when the callee is not root (which is, after all, the threat vector).
    Thanks to mancha for the patch (and the above information).
  • isolinux/*
  • news/2014/02/25/slackwarearm-14.2-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi