This is an old revision of the document!
Slackware64-14.1 ChangeLog (2016-10-31)
Mon Oct 31 23:38:24 UTC 2016
Packages
Upgraded
- patches/packages/inputproto-2.3.2-noarch-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/libX11-1.6.4-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory read in XGetImage() or write in XListFonts().
Affected versions libX11 ⇐ 1.6.3.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
(* Security fix *) - patches/packages/libXfixes-5.0.3-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause an integer
overflow on 32 bit architectures.
Affected versions : libXfixes ⇐ 5.0.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
(* Security fix *) - patches/packages/libXi-1.7.8-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected versions libXi ⇐ 1.7.6.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
(* Security fix *) - patches/packages/libXrandr-1.5.1-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected versions: libXrandr ⇐ 1.5.0.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
(* Security fix *) - patches/packages/libXrender-0.9.10-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected version: libXrender ⇐ 0.9.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
(* Security fix *) - patches/packages/libXtst-1.2.3-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected version libXtst ⇐ 1.2.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
(* Security fix *) - patches/packages/libXv-1.0.11-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause out of boundary
memory and memory corruption.
Affected version libXv ⇐ 1.0.10.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
(* Security fix *) - patches/packages/libXvMC-1.0.10-x86_64-1_slack14.1.txz
Insufficient validation of data from the X server can cause a one byte buffer
read underrun.
Affected version: libXvMC ⇐ 1.0.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
(* Security fix *) - patches/packages/libxcb-1.11.1-x86_64-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/linux-3.10.104/*
This kernel fixes a security issue known as “Dirty COW”. A race condition
was found in the way the Linux kernel's memory subsystem handled the
copy-on-write (COW) breakage of private read-only memory mappings. An
unprivileged local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://dirtycow.ninja/
https://www.kb.cert.org/vuls/id/243144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
(* Security fix *) - patches/packages/mariadb-5.5.53-x86_64-1_slack14.1.txz
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
(* Security fix *) - patches/packages/php-5.6.27-x86_64-1_slack14.1.txz
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.27
(* Security fix *) - patches/packages/randrproto-1.5.0-noarch-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/xcb-proto-1.11-x86_64-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/xextproto-7.3.0-x86_64-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/xproto-7.0.29-noarch-1_slack14.1.txz
This update is a prerequisite for other security updates. - patches/packages/xscreensaver-5.36-x86_64-1_slack14.1.txz
Here's an upgrade to the latest xscreensaver.