Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.0 ChangeLog (2017-09-08) ====== ====== Fri Sep 8 17:56:01 UTC 2017 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackware.14.0>patches/packages/bash-4.2.053-i486-2_slack14.0.txz]] \\ This update fixes two security issues found in bash before 4.4: \\ The expansion of '\h' in the prompt string allows remote authenticated users \\ to execute arbitrary code via shell metacharacters placed in 'hostname' of a \\ machine. The theoretical attack vector is a hostile DHCP server providing a \\ crafted hostname, but this is unlikely to occur in a normal Slackware \\ configuration as we ignore the hostname provided by DHCP. \\ Specially crafted SHELLOPTS+PS4 environment variables used against bogus \\ setuid binaries using system()/popen() allowed local attackers to execute \\ arbitrary code as root. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543 \\ (* Security fix *) ==== Upgraded ==== * [[slackware.14.0>patches/packages/tcpdump-4.9.2-i486-1_slack14.0.txz]] \\ This update fixes bugs and many security issues (see the included \\ CHANGES file). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725 \\ (* Security fix *) {{tag>slackware changelog slackware-14.0 2017-09}} news/2017/09/08/slackware-14.0-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In