This is an old revision of the document!


Slackware64-current ChangeLog (2014-09-24)

Wed Sep 24 22:52:53 UTC 2014

Wed Sep 24 22:52:53 UTC 2014
a/bash-4.3.025-x86_64-1.txz:  Upgraded.
  This update fixes a vulnerability in bash related to how environment
  variables are processed:  trailing code in function definitions was
  executed, independent of the variable name.  In many common configurations
  (such as the use of CGI scripts), this vulnerability is exploitable over
  the network.  Thanks to Stephane Chazelas for discovering this issue.
  For more information, see:
    http://seclists.org/oss-sec/2014/q3/650
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
  (* Security fix *)
l/mozilla-nss-3.16.5-x86_64-1.txz:  Upgraded.
  Fixed an RSA Signature Forgery vulnerability.
  For more information, see:
    https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
  (* Security fix *)
  • news/2014/09/24/slackware64-current-changelog.1425946377.txt.gz
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi