Slackware64-13.0 ChangeLog (2015-02-16)

Mon Feb 16 19:33:36 UTC 2015

  • patches/packages/patch-2.7.4-x86_64-1_slack13.0.txz
    Patch no longer follows symbolic links to input and output files. This
    ensures that symbolic links created by git-style patches cannot cause
    patch to write outside the working directory.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
    (* Security fix *)
  • patches/packages/sudo-1.8.12-x86_64-1_slack13.0.txz
    This update fixes a potential security issue by only passing the TZ
    environment variable it is considered safe. This prevents exploiting bugs
    in glibc's TZ parser that could be used to read files that the user does
    not have access to, or to cause a denial of service.
    For more information, see:
    http://www.sudo.ws/sudo/alerts/tz.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680
    (* Security fix *)
  • news/2015/02/16/slackware64-13.0-changelog.txt
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi