Next revision | Previous revision |
news:2014:04:21:slackware64-current-changelog [2015/03/10 01:13] – creata Giuseppe Di Terlizzi | news:2014:04:21:slackware64-current-changelog [2015/03/26 10:43] (current) – Giuseppe Di Terlizzi |
---|
| |
====== Mon Apr 21 20:09:48 UTC 2014 ====== | ====== Mon Apr 21 20:09:48 UTC 2014 ====== |
> | |
| |
===== Packages ===== | ===== Packages ===== |
| |
==== Upgraded ==== | ==== Upgraded ==== |
* [[slackware64.current>l/libyaml-0.1.6-x86_64-1.txz]] (Security fix) | * [[slackware64.current>l/libyaml-0.1.6-x86_64-1.txz]] \\ This update fixes a heap overflow in URI escape parsing of YAML in Ruby, \\ where a specially crafted string could cause a heap overflow leading to \\ arbitrary code execution. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525 \\ https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/ \\ (* Security fix *) |
* [[slackware64.current>n/php-5.4.27-x86_64-1.txz]] (Security fix) | * [[slackware64.current>n/php-5.4.27-x86_64-1.txz]] \\ This update fixes a security issue in the in the awk script detector \\ which allows context-dependent attackers to cause a denial of service \\ (CPU consumption) via a crafted ASCII file that triggers a large amount \\ of backtracking. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 \\ (* Security fix *) |
===== ChangeLog ===== | |
<code> | |
Mon Apr 21 20:09:48 UTC 2014 | |
l/libyaml-0.1.6-x86_64-1.txz: Upgraded. | |
This update fixes a heap overflow in URI escape parsing of YAML in Ruby, | |
where a specially crafted string could cause a heap overflow leading to | |
arbitrary code execution. | |
For more information, see: | |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525 | |
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/ | |
(* Security fix *) | |
n/php-5.4.27-x86_64-1.txz: Upgraded. | |
This update fixes a security issue in the in the awk script detector | |
which allows context-dependent attackers to cause a denial of service | |
(CPU consumption) via a crafted ASCII file that triggers a large amount | |
of backtracking. | |
For more information, see: | |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 | |
(* Security fix *) | |
</code> | |
| |
| |
{{tag>news 2014/04 slackware64-current changelog}} | {{tag>slackware changelog slackware64-current 2014/04}} |
| |