Slackware-12.0 ChangeLog (2010-10-28)
Thu Oct 28 22:13:53 UTC 2010
Packages
Rebuilt
- patches/packages/glibc-2.5-i486-6_slack12.0.tgz
Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads.” This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *) - patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
- patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
- patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
(* Security fix *) - patches/packages/glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Rebuilt to tzcode2010n and tzdata2010n.