Slackware-11.0 ChangeLog (2012-02-08)
Wed Feb 8 01:21:42 UTC 2012
Packages
Upgraded
- patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz
This update fixes a use-after-free() memory corruption error,
and possibly other unspecified issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
(* Security fix *) - patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz
Minor version bump, this also works around a hard to trigger heap overflow
in glibc (glibc zoneinfo caching vuln). For there to be any possibility
to trigger the glibc bug within vsftpd, the non-default option
“chroot_local_user” must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug
Nevertheless:
(* Security fix *)