Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-13.1 ChangeLog (2017-09-08) ====== ====== Fri Sep 8 17:56:01 UTC 2017 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackware64.13.1>patches/packages/bash-4.1.017-x86_64-2_slack13.1.txz]] \\ This update fixes two security issues found in bash before 4.4: \\ The expansion of '\h' in the prompt string allows remote authenticated users \\ to execute arbitrary code via shell metacharacters placed in 'hostname' of a \\ machine. The theoretical attack vector is a hostile DHCP server providing a \\ crafted hostname, but this is unlikely to occur in a normal Slackware \\ configuration as we ignore the hostname provided by DHCP. \\ Specially crafted SHELLOPTS+PS4 environment variables used against bogus \\ setuid binaries using system()/popen() allowed local attackers to execute \\ arbitrary code as root. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543 \\ (* Security fix *) {{tag>slackware changelog slackware64-13.1 2017-09}} news/2017/09/08/slackware64-13.1-changelog.txt Last modified: 3 years agoby Giuseppe Di Terlizzi Log In