This is an old revision of the document!
Slackwarearm-14.1 ChangeLog (2014-09-25)
Thu Sep 25 21:50:49 UTC 2014
Packages
Rebuilt
- patches/packages/bash-4.2.048-arm-2_slack14.1.txz
Patched an additional trailing string processing vulnerability discovered
by Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
(* Security fix *)
Thu Sep 25 17:26:04 UTC 2014
Packages
Upgraded
- patches/packages/bash-4.2.048-arm-1_slack14.1.txz
This update fixes a vulnerability in bash related to how environment
variables are processed: trailing code in function definitions was
executed, independent of the variable name. In many common configurations
(such as the use of CGI scripts), this vulnerability is exploitable over
the network. Thanks to Stephane Chazelas for discovering this issue.
For more information, see:
http://seclists.org/oss-sec/2014/q3/650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
(* Security fix *) - patches/packages/mozilla-nss-3.16.5-arm-1_slack14.1.txz
Fixed an RSA Signature Forgery vulnerability.
For more information, see:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
(* Security fix *)