Slackware-13.0 ChangeLog (2010-10-28)
Thu Oct 28 22:13:53 UTC 2010
Packages
Rebuilt
- patches/packages/glibc-2.9-i486-5_slack13.0.txz
Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads.” This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *) - patches/packages/glibc-i18n-2.9-i486-5_slack13.0.txz
- patches/packages/glibc-profile-2.9-i486-5_slack13.0.txz
Upgraded
- patches/packages/glibc-solibs-2.9-i486-5_slack13.0.txz
(* Security fix *) - patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Rebuilt to tzcode2010n and tzdata2010n. - patches/packages/mozilla-firefox-3.6.12-i686-1.txz
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)