Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.2 ChangeLog (2017-12-20) ====== ====== Wed Dec 20 03:05:58 UTC 2017 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.2>patches/packages/ruby-2.2.9-i586-1_slack14.2.txz]] \\ This update fixes a security issue: \\ Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile \\ use Kernel#open to open a local file. If the localfile argument starts with \\ the pipe character "|", the command following the pipe character is executed. \\ The default value of localfile is File.basename(remotefile), so malicious FTP \\ servers could cause arbitrary command execution. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405 \\ (* Security fix *) {{tag>slackware changelog slackware-14.2 2017-12}} news/2017/12/20/slackware-14.2-changelog.txt Last modified: 9 months agoby Giuseppe Di Terlizzi Log In