Slackwarearm-14.2 ChangeLog (2021-01-28)

Thu Jan 28 08:08:08 UTC 2021

  • patches/packages/glibc-zoneinfo-2021a-noarch-1_slack14.2.txz
    This package provides the latest timezone updates.
  • patches/packages/sudo-1.9.5p2-arm-1_slack14.2.txz
    When invoked as sudoedit, the same set of command line options
    are now accepted as for “sudo -e”. The -H and -P options are
    now rejected for sudoedit and “sudo -e” which matches the sudo
    1.7 behavior. This is part of the fix for CVE-2021-3156.
    Fixed a potential buffer overflow when unescaping backslashes
    in the command's arguments. Normally, sudo escapes special
    characters when running a command via a shell (sudo -s or sudo
    -i). However, it was also possible to run sudoedit with the -s
    or -i flags in which case no escaping had actually been done,
    making a buffer overflow possible. This fixes CVE-2021-3156.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
    (* Security fix *)
  • news/2021/01/28/slackwarearm-14.2-changelog.txt
  • Last modified: 5 months ago
  • by Giuseppe Di Terlizzi