Slackwarearm-14.0 ChangeLog (2014-04-25)
Fri Apr 25 18:36:23 UTC 2014
Packages
Upgraded
- patches/packages/libyaml-0.1.6-arm-1_slack14.0.txz
This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
where a specially crafted string could cause a heap overflow leading to
arbitrary code execution.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
(* Security fix *) - patches/packages/php-5.4.27-arm-1_slack14.0.txz
This update fixes a security issue in the in the awk script detector
which allows context-dependent attackers to cause a denial of service
(CPU consumption) via a crafted ASCII file that triggers a large amount
of backtracking.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
(* Security fix *)
Rebuilt
- patches/packages/openssh-6.6p1-arm-2_slack14.0.txz
Fixed a bug with curve25519-sha256 that caused a key exchange failure in
about 1 in 512 connection attempts.