Slackware-13.1 ChangeLog (2015-02-16)
Mon Feb 16 19:33:36 UTC 2015
Packages
Upgraded
- patches/packages/patch-2.7.4-i486-1_slack13.1.txz
Patch no longer follows symbolic links to input and output files. This
ensures that symbolic links created by git-style patches cannot cause
patch to write outside the working directory.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
(* Security fix *) - patches/packages/sudo-1.8.12-i486-1_slack13.1.txz
This update fixes a potential security issue by only passing the TZ
environment variable it is considered safe. This prevents exploiting bugs
in glibc's TZ parser that could be used to read files that the user does
not have access to, or to cause a denial of service.
For more information, see:
http://www.sudo.ws/sudo/alerts/tz.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680
(* Security fix *)