Slackwarearm-14.2 ChangeLog (2014-04-25)
Fri Apr 25 18:37:44 UTC 2014
Packages
Upgraded
- a/bash-4.3.011-arm-1.tgz
- a/gawk-4.1.1-arm-1.txz
- a/grep-2.18-arm-1.txz
- ap/vim-7.4.258-arm-1.txz
- l/libyaml-0.1.6-arm-1.txz
This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
where a specially crafted string could cause a heap overflow leading to
arbitrary code execution.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
(* Security fix *) - n/php-5.4.27-arm-1.txz
This update fixes a security issue in the in the awk script detector
which allows context-dependent attackers to cause a denial of service
(CPU consumption) via a crafted ASCII file that triggers a large amount
of backtracking.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
(* Security fix *) - xap/vim-gvim-7.4.258-arm-1.txz
Rebuilt
- n/openssh-6.6p1-arm-2.txz
Fixed a bug with curve25519-sha256 that caused a key exchange failure in
about 1 in 512 connection attempts.