Slackware-13.0 ChangeLog (2010-10-28)

Thu Oct 28 22:13:53 UTC 2010

  • patches/packages/glibc-2.9-i486-5_slack13.0.txz
    Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
    during setuid loads.” This security issue allows a local attacker to
    gain root by specifying an unsafe DSO in the library search path to be
    used with a setuid binary in LD_AUDIT mode.
    Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
    (* Security fix *)
  • patches/packages/glibc-i18n-2.9-i486-5_slack13.0.txz
  • patches/packages/glibc-profile-2.9-i486-5_slack13.0.txz
  • patches/packages/glibc-solibs-2.9-i486-5_slack13.0.txz
    (* Security fix *)
  • patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
    Rebuilt to tzcode2010n and tzdata2010n.
  • patches/packages/mozilla-firefox-3.6.12-i686-1.txz
    This fixes some security issues.
    For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
    (* Security fix *)
  • news/2010/10/28/slackware-13.0-changelog.txt
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi