Slackware-current ChangeLog (2017-03-23)
Thu Mar 23 21:38:23 UTC 2017
Packages
Upgraded
- n/mcabber-1.0.5-i586-1.txz
This update fixes a security issue:
An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP
clients allows a remote attacker to impersonate any user, including
contacts, in the vulnerable application's display. This allows for various
kinds of social engineering attacks.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5604
(* Security fix *) - n/samba-4.6.1-i586-1.txz
This update fixes a security issue:
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619
(* Security fix *)
Rebuilt
- a/lilo-24.2-i586-4.txz
Issue a warning rather than a fatal error for colons in /dev/disk/by-id/
device names. Thanks to alex14641 on LQ.