Slackware-current ChangeLog (2016-10-31)
Mon Oct 31 23:38:24 UTC 2016
Packages
Upgraded
- ap/mariadb-10.0.28-i586-1.txz
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
(* Security fix *) - k/kernel-source-4.4.29_smp-noarch-1.txz
This kernel fixes a security issue known as “Dirty COW”. A race
condition was found in the way the Linux kernel's memory subsystem
handled the copy-on-write (COW) breakage of private read-only
memory mappings. An unprivileged local user could use this flaw to
gain write access to otherwise read-only memory mappings and thus
increase their privileges on the system.
For more information, see:
https://dirtycow.ninja/
https://www.kb.cert.org/vuls/id/243144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
(* Security fix *) - n/php-5.6.27-i586-1.txz
This release fixes bugs and security issues.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.27
(* Security fix *) - x/libX11-1.6.4-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory read in XGetImage() or write in XListFonts().
Affected versions libX11 ⇐ 1.6.3.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943
(* Security fix *) - x/libXfixes-5.0.3-i586-1.txz
Insufficient validation of data from the X server can cause an integer
overflow on 32 bit architectures.
Affected versions : libXfixes ⇐ 5.0.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
(* Security fix *) - x/libXi-1.7.8-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected versions libXi ⇐ 1.7.6.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946
(* Security fix *) - x/libXrandr-1.5.1-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected versions: libXrandr ⇐ 1.5.0.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
(* Security fix *) - x/libXrender-0.9.10-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected version: libXrender ⇐ 0.9.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
(* Security fix *) - x/libXtst-1.2.3-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected version libXtst ⇐ 1.2.2.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
(* Security fix *) - x/libXv-1.0.11-i586-1.txz
Insufficient validation of data from the X server can cause out of boundary
memory and memory corruption.
Affected version libXv ⇐ 1.0.10.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
(* Security fix *) - x/libXvMC-1.0.10-i586-1.txz
Insufficient validation of data from the X server can cause a one byte buffer
read underrun.
Affected version: libXvMC ⇐ 1.0.9.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
(* Security fix *) - xap/mozilla-firefox-49.0.2-i586-1.txz
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)