Slackwarearm-14.2 ChangeLog (2016-05-11)
Wed May 11 02:03:04 UTC 2016
Packages
Rebuilt
- a/dcron-4.5-arm-5.txz
Patched bug where cron.update is not picked up while jobs are still running.
Thanks to Jeroen Hendriks. - ap/lxc-2.0.0-arm-4.txz
Applied “[PATCH] cgfsng: don't require that systemd subsystem be mounted”.
Thanks to Johannes Schöpfer.
Upgraded
- ap/man-pages-4.06-noarch-1.txz
- ap/moc-2.5.1-arm-1.txz
- ap/slackpkg-2.82.1-noarch-1.txz
Updated ARM mirrors lists for Slackware 14.2. Removed -current as all -current
users need to switch to the 14.2 release for security updates, etc. - n/openvpn-2.3.11-arm-1.txz
- x/mesa-11.2.2-arm-1.txz
- xap/imagemagick-6.9.4_1-arm-1.txz
This release addresses several security issues in ImageMagick, including:
Insufficient shell characters filtering allows code execution (CVE-2016-3714)
Server Side Request Forgery (CVE-2016-3718)
File deletion (CVE-2016-3715)
File moving (CVE-2016-3716)
Local file read (CVE-2016-3717)
In addition, the default policy.xml config file has been modified to disable
all of the previously vulnerable coders, and to disable indirect reads.
For more information, see:
https://imagetragick.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
(* Security fix *)