news:2014:09:29:slackware-current-changelog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revisionBoth sides next revision
news:2014:09:29:slackware-current-changelog [2014/10/25 00:53] – creata Giuseppe Di Terlizzinews:2014:09:29:slackware-current-changelog [2015/03/10 12:42] Giuseppe Di Terlizzi
Line 1: Line 1:
-====== Slackware-current ChangeLog (2014/09/29) ======+====== Slackware-current ChangeLog (2014-09-29) ======
  
-<code> +====== Mon Sep 29 18:41:23 UTC 2014 ====== 
-Mon Sep 29 18:41:23 UTC 2014 +
-a/bash-4.3.027-x86_64-1.txz:  Upgraded. +
-  Another bash update.  Here's some information included with the patch: +
-    "This patch changes the encoding bash uses for exported functions to avoid +
-    clashes with shell variables and to avoid depending only on an environment +
-    variable's contents to determine whether or not to interpret it as a shell +
-    function." +
-  After this update, an environment variable will not go through the parser +
-  unless it follows this naming structure:  BASH_FUNC_*%% +
-  Most scripts never expected to import functions from environment variables, +
-  so this change (although not backwards compatible) is not likely to break +
-  many existing scripts.  It will, however, close off access to the parser as +
-  an attack surface in the vast majority of cases.  There's already another +
-  vulnerability similar to CVE-2014-6271 for which there is not yet a fix, +
-  but this hardening patch prevents it (and likely many more similar ones). +
-  Thanks to Florian Weimer and Chet Ramey. +
-  (* Security fix *) +
-</code>+
  
-{{tag>news slackware changelog}}+===== Packages ===== 
 + 
 +==== Upgraded ==== 
 +  * [[slackware.current>a/bash-4.3.027-i486-1.txz]] \\   Another bash update.  Here's some information included with the patch: \\     "This patch changes the encoding bash uses for exported functions to avoid \\     clashes with shell variables and to avoid depending only on an environment \\     variable's contents to determine whether or not to interpret it as a shell \\     function." \\   After this update, an environment variable will not go through the parser \\   unless it follows this naming structure:  BASH_FUNC_*%% \\   Most scripts never expected to import functions from environment variables, \\   so this change (although not backwards compatible) is not likely to break \\   many existing scripts.  It will, however, close off access to the parser as \\   an attack surface in the vast majority of cases.  There's already another \\   vulnerability similar to CVE-2014-6271 for which there is not yet a fix, \\   but this hardening patch prevents it (and likely many more similar ones). \\   Thanks to Florian Weimer and Chet Ramey. \\   (* Security fix *) 
 + 
 + 
 +{{tag>slackware changelog slackware-current 2014/09}}
  
  • news/2014/09/29/slackware-current-changelog.txt
  • Last modified: 9 years ago
  • by Giuseppe Di Terlizzi