This is an old revision of the document!
Slackware64-current ChangeLog (2014-04-21)
Mon Apr 21 20:09:48 UTC 2014
Packages
Upgraded
- l/libyaml-0.1.6-x86_64-1.txz (Security fix)
- n/php-5.4.27-x86_64-1.txz (Security fix)
ChangeLog
Mon Apr 21 20:09:48 UTC 2014 l/libyaml-0.1.6-x86_64-1.txz: Upgraded. This update fixes a heap overflow in URI escape parsing of YAML in Ruby, where a specially crafted string could cause a heap overflow leading to arbitrary code execution. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525 https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/ (* Security fix *) n/php-5.4.27-x86_64-1.txz: Upgraded. This update fixes a security issue in the in the awk script detector which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 (* Security fix *)