This is an old revision of the document!
Slackware64-14.2 ChangeLog (2016-12-12)
Mon Dec 12 21:25:50 UTC 2016
Packages
Upgraded
- patches/packages/linux-4.4.38/*
This kernel fixes a security issue with a race condition in
net/packet/af_packet.c that can be exploited to gain kernel code execution
from unprivileged processes.
Thanks to Philip Pettersson for discovering the bug and providing a patch.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655
(* Security fix *) - patches/packages/loudmouth-1.5.3-x86_64-1_slack14.2.txz
This update is needed for the mcabber security update. - patches/packages/mcabber-1.0.4-x86_64-1_slack14.2.txz
This update fixes a security issue which can lead to a malicious actor
MITMing a conversation, or adding themselves as an entity on a third
parties roster (thereby granting themselves the associated priviledges
such as observing when the user is online).
For more information, see:
https://gultsch.de/gajim_roster_push_and_message_interception.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9928
(* Security fix *) - patches/packages/php-5.6.29-x86_64-1_slack14.2.txz
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.29
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935
(* Security fix *)