Slackware64-14.1 ChangeLog (2013-12-16)

Mon Dec 16 20:51:01 UTC 2013

  • patches/packages/libjpeg-v8a-x86_64-2_slack14.1.txz
    Fix use of uninitialized memory when decoding images with missing SOS data
    for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
    This could allow remote attackers to obtain sensitive information from
    uninitialized memory locations via a crafted JPEG image.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
    (* Security fix *)
  • patches/packages/llvm-3.3-x86_64-3_slack14.1.txz
    The LLVM package included binaries with an rpath pointing to the build
    location in /tmp. This allows an attacker with write access to /tmp to
    add modified libraries (and execute arbitrary code) as any user running
    the LLVM binaries. This updated package rebuilds LLVM to exclude the
    build directories from the rpath information.
    Thanks to Christopher Oliver for the bug report.
    (* Security fix *)
  • news/2013/12/16/slackware64-14.1-changelog.txt
  • Last modified: 5 months ago
  • (external edit)