Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-current ChangeLog (2014-02-20) ====== ====== Thu Feb 20 00:30:49 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.current>a/kernel-firmware-20140215git-noarch-1.txz]] * [[slackware.current>a/kernel-generic-3.10.30-i486-1.txz]] * [[slackware.current>a/kernel-generic-smp-3.10.30_smp-i686-1.txz]] * [[slackware.current>a/kernel-huge-3.10.30-i486-1.txz]] * [[slackware.current>a/kernel-huge-smp-3.10.30_smp-i686-1.txz]] * [[slackware.current>a/kernel-modules-3.10.30-i486-1.txz]] * [[slackware.current>a/kernel-modules-smp-3.10.30_smp-i686-1.txz]] * [[slackware.current>ap/mariadb-5.5.35-i486-1.txz]] \\ This update fixes a buffer overflow in the mysql command line client which \\ may allow malicious or compromised database servers to cause a denial of \\ service (crash) and possibly execute arbitrary code via a long server \\ version string. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 \\ (* Security fix *) * [[slackware.current>d/kernel-headers-3.10.30_smp-x86-1.txz]] * [[slackware.current>k/kernel-source-3.10.30_smp-noarch-1.txz]] * [[slackware.current>n/gnutls-3.1.21-i486-1.txz]] \\ This update fixes a flaw where a version 1 intermediate certificate would be \\ considered as a CA certificate by GnuTLS by default. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959 \\ (* Security fix *) * [[slackware.current>xap/mozilla-firefox-27.0.1-i486-1.txz]] * [[slackware.current>extra/linux-3.10.30-nosmp-sdk/*]] * [[slackware.current>kernels/*]] ==== Rebuilt ==== * [[slackware.current>a/shadow-4.1.5.1-i486-3.txz]] \\ Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c" \\ (CVE-2005-4890) by detaching the controlling terminal in the non-PAM \\ case via a TIOCNOTTY request. Bi-directional protection is excessive \\ and breaks a commonly-used methods for privilege escalation on non-PAM \\ systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript). \\ This update relaxes the restriction and only detaches the controlling \\ tty when the callee is not root (which is, after all, the threat vector). \\ Thanks to mancha for the patch (and the above information). * [[slackware.current>isolinux/initrd.img]] * [[slackware.current>usb-and-pxe-installers/usbboot.img]] {{tag>slackware changelog slackware-current 2014/02}} news/2014/02/20/slackware-current-changelog.txt Last modified: 9 years agoby Giuseppe Di Terlizzi Log In