Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2014-03-18) ====== ====== Tue Mar 18 08:13:31 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/udisks-1.0.5-arm-1.tgz]] \\ This update fixes a stack-based buffer overflow when handling long path \\ names. A malicious, local user could use this flaw to create a \\ specially-crafted directory structure that could lead to arbitrary code \\ execution with the privileges of the udisks daemon (root). \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004 \\ (* Security fix *) * [[slackwarearm.current>a/udisks2-2.1.3-arm-1.tgz]] \\ This update fixes a stack-based buffer overflow when handling long path \\ names. A malicious, local user could use this flaw to create a \\ specially-crafted directory structure that could lead to arbitrary code \\ execution with the privileges of the udisks daemon (root). \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004 \\ (* Security fix *) * [[slackwarearm.current>n/gnutls-3.1.22-arm-1.tgz]] \\ Fixed a security issue where a specially crafted certificate could \\ bypass certificate validation checks. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 \\ (* Security fix *) * [[slackwarearm.current>n/mutt-1.5.23-arm-1.tgz]] \\ This update fixes a buffer overflow where malformed RFC2047 header \\ lines could result in denial of service or potentially the execution \\ of arbitrary code as the user running mutt. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467 \\ (* Security fix *) * [[slackwarearm.current>n/php-5.4.26-arm-1.tgz]] \\ This update fixes a flaw where a specially crafted data file may cause a \\ segfault or 100% CPU consumption when a web page uses fileinfo() on it. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 \\ (* Security fix *) * [[slackwarearm.current>n/samba-4.1.6-arm-1.tgz]] \\ This update fixes two security issues: \\ CVE-2013-4496: \\ Samba versions 3.4.0 and above allow the administrator to implement \\ locking out Samba accounts after a number of bad password attempts. \\ However, all released versions of Samba did not implement this check for \\ password changes, such as are available over multiple SAMR and RAP \\ interfaces, allowing password guessing attacks. \\ CVE-2013-6442: \\ Samba versions 4.0.0 and above have a flaw in the smbcacls command. If \\ smbcacls is used with the "-C|--chown name" or "-G|--chgrp name" \\ command options it will remove the existing ACL on the object being \\ modified, leaving the file or directory unprotected. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-current 2014/03}} news/2014/03/18/slackwarearm-current-changelog.txt Last modified: 8 years agoby Giuseppe Di Terlizzi Log In