Slackwarearm-14.2 ChangeLog (2016-12-15)
Thu Dec 15 04:44:44 UTC 2016
Packages
Upgraded
- patches/packages/device-tree-compiler-1.4.2-arm-1_slack14.2.txz
- patches/packages/kernel-firmware-20161211git-noarch-1_slack14.2.txz
- patches/packages/linux-4.4.38/*
This kernel fixes a security issue with a race condition in
net/packet/af_packet.c that can be exploited to gain kernel code execution
from unprivileged processes.
Thanks to Philip Pettersson for discovering the bug and providing a patch.
For more information, see:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655
(* Security fix *) - patches/packages/loudmouth-1.5.3-arm-1_slack14.2.txz
This update is needed for the mcabber security update. - patches/packages/mcabber-1.0.4-arm-1_slack14.2.txz
This update fixes a security issue which can lead to a malicious actor
MITMing a conversation, or adding themselves as an entity on a third
parties roster (thereby granting themselves the associated priviledges
such as observing when the user is online).
For more information, see:
https://gultsch.de/gajim_roster_push_and_message_interception.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9928
(* Security fix *) - patches/packages/php-5.6.29-arm-1_slack14.2.txz
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.29
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935
(* Security fix *)