Slackwarearm-current ChangeLog (2022-02-16)

Wed Feb 16 08:08:08 UTC 2022

  • a/aaa_base-15.0-arm-3.txz
    If root's mailbox did not already exist, it would be created with insecure
    permissions leading to possible local information disclosure. This update
    ensures that a new mailbox will be created with proper permissions and
    ownership, and corrects the permissions on an existing mailbox if they are
    found to be incorrect. Thanks to Martin for the bug report.
    (* Security fix *)
  • a/util-linux-2.37.4-arm-1.txz
    This release fixes a security issue in chsh(1) and chfn(8):
    By default, these utilities had been linked with libreadline, which allows
    the INPUTRC environment variable to be abused to produce an error message
    containing data from an arbitrary file. So, don't link these utilities with
    libreadline as it does not use secure_getenv() (or a similar concept), or
    sanitize the config file path to avoid vulnerabilities that could occur in
    set-user-ID or set-group-ID programs.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
    (* Security fix *)
  • news/2022/02/16/slackwarearm-current-changelog.txt
  • Last modified: 2 years ago
  • by Giuseppe Di Terlizzi