Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-14.1 ChangeLog (2014-02-20) ====== ====== Thu Feb 20 00:30:49 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.14.1>patches/packages/gnutls-3.1.21-x86_64-1_slack14.1.txz]] \\ This update fixes a flaw where a version 1 intermediate certificate would be \\ considered as a CA certificate by GnuTLS by default. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959 \\ (* Security fix *) \\ patches/packages/linux-3.10.17-2/*: \\ These are new kernels that fix CVE-2014-0038, a bug that can allow local \\ users to gain a root shell. \\ Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel \\ packages, or on UEFI systems, copy the appropriate kernel to \\ /boot/efi/EFI/Slackware/vmlinuz). \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038 \\ (* Security fix *) * [[slackware64.14.1>patches/packages/mariadb-5.5.35-x86_64-1_slack14.1.txz]] \\ This update fixes a buffer overflow in the mysql command line client which \\ may allow malicious or compromised database servers to cause a denial of \\ service (crash) and possibly execute arbitrary code via a long server \\ version string. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 \\ (* Security fix *) ==== Rebuilt ==== * [[slackware64.14.1>patches/packages/shadow-4.1.5.1-x86_64-3_slack14.1.txz]] \\ Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c" \\ (CVE-2005-4890) by detaching the controlling terminal in the non-PAM \\ case via a TIOCNOTTY request. Bi-directional protection is excessive \\ and breaks a commonly-used methods for privilege escalation on non-PAM \\ systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript). \\ This update relaxes the restriction and only detaches the controlling \\ tty when the callee is not root (which is, after all, the threat vector). \\ Thanks to mancha for the patch (and the above information). {{tag>slackware changelog slackware64-14.1 2014-02}} news/2014/02/20/slackware64-14.1-changelog.txt Last modified: 6 months agoby Giuseppe Di Terlizzi Log In