Official patches for Slackware-14.2

Se avete problemi con l'installazione e la configurazione di Slackware postate qui. Non usate questo forum per argomenti generali... per quelli usate Gnu/Linux in genere.

Moderatore: Staff

Regole del forum
1) Citare sempre la versione di Slackware usata, la versione del Kernel e magari anche la versione della libreria coinvolta. Questi dati aiutano le persone che possono rispondere.
2) Per evitare confusione prego inserire in questo forum solo topic che riguardano appunto Slackware, se l'argomento è generale usate il forum Gnu/Linux in genere.
3) Leggere attentamente le risposte ricevute.
4) Scrivere i messaggi con il colore di default, evitare altri colori.
5) Scrivere in Italiano o in Inglese, se possibile grammaticalmente corretto, evitate stili di scrittura poco chiari, quindi nessuna abbreviazione tipo telegramma o scrittura stile SMS o CHAT.
6) Appena registrati è consigliato presentarsi nel forum dedicato.

La non osservanza delle regole porta a provvedimenti di vari tipo da parte dello staff, in particolare la non osservanza della regola 5 porta alla cancellazione del post e alla segnalazione dell'utente. In caso di recidività l'utente rischia il ban temporaneo.
Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Fri, 06 Dec 2013 01:20:17

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Dec  6 00:20:17 UTC 2013
patches/packages/mozilla-nss-3.15.3-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.22.1-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Mon, 16 Dec 2013 21:51:01

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Dec 16 20:51:01 UTC 2013
patches/packages/libiodbc-3.52.8-i486-1_slack14.1.txz:  Upgraded.
  This update fixes an rpath pointing to a location in /tmp that was found in
  two test programs (iodbctest and iodbctestw).  This could have allowed a
  local attacker with write access to /tmp to add modified libraries (and
  execute arbitrary code) as any user running the test programs.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)
patches/packages/libjpeg-v8a-i486-2_slack14.1.txz:  Rebuilt.
  Fix use of uninitialized memory when decoding images with missing SOS data
  for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
  This could allow remote attackers to obtain sensitive information from
  uninitialized memory locations via a crafted JPEG image.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
  (* Security fix *)
patches/packages/llvm-3.3-i486-3_slack14.1.txz:  Rebuilt.
  The LLVM package included binaries with an rpath pointing to the build
  location in /tmp.   This allows an attacker with write access to /tmp to
  add modified libraries (and execute arbitrary code) as any user running
  the LLVM binaries.  This updated package rebuilds LLVM to exclude the
  build directories from the rpath information.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)
patches/packages/mozilla-firefox-24.2.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.2.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
  (* Security fix *)
patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap overflow in floating point parsing.  A specially
  crafted string could cause a heap overflow leading to a denial of service
  attack via segmentation faults and possibly arbitrary code execution.
  For more information, see:
    https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
  (* Security fix *)
patches/packages/seamonkey-2.23-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.23-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Fri, 20 Dec 2013 23:46:10

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Dec 20 22:46:09 UTC 2013
patches/packages/gnupg-1.4.16-i486-1_slack14.1.txz:  Upgraded.
  Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
  Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
  For more information, see:
    http://www.cs.tau.ac.il/~tromer/acoustic/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Tue, 14 Jan 2014 04:54:48

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Jan 14 03:54:48 UTC 2014
patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a stack overflow when reading a BDF font file containing
  a longer than expected string, which could lead to crashes or privilege
  escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
  (* Security fix *)
patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz:  Upgraded.
patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz:  Upgraded.
  This update fixes the following security issues:
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz:  Upgraded.
patches/packages/php-5.4.24-i486-1_slack14.1.txz:  Upgraded.
  The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
  5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
  parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
  which allows remote attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via a crafted certificate that is not
  properly handled by the openssl_x509_parse function.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
  (* Security fix *)
patches/packages/samba-4.1.4-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a heap-based buffer overflow that may allow AD domain
  controllers to execute arbitrary code via an invalid fragment length in
  a DCE-RPC packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Tue, 28 Jan 2014 22:07:14

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Jan 28 21:07:13 UTC 2014
patches/packages/bind-9.9.4_P2-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a defect in the handling of NSEC3-signed zones that can
  cause BIND to be crashed by a specific set of queries.
  NOTE:  According to the second link below, Slackware is probably not
  vulnerable since we aren't using glibc-2.18 yet.  Might as well fix it
  anyway, though.
  For more information, see:
    https://kb.isc.org/article/AA-01078
    https://kb.isc.org/article/AA-01085
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)
patches/packages/mozilla-nss-3.15.4-i486-1_slack14.1.txz:  Upgraded.
  Upgraded to nss-3.15.4 and nspr-4.10.3.
  Fixes a possible man-in-the-middle issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Sat, 01 Feb 2014 01:56:38

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Feb  1 00:56:38 UTC 2014
patches/packages/cairo-1.12.16-i486-1_slack14.1.txz:  Upgraded.
  This is a bugfix update that was tested in -current and found to resolve
  some outstanding issues with the package that shipped in Slackware 14.1.
  Removed --enable-xcb-shm (may cause instability with GTK+3).
  Removed --enable-xlib-xcb (causes GIMP slowdown).
  Added --enable-ft and --enable-gl.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Mon, 03 Feb 2014 21:58:32

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Feb  3 20:58:32 UTC 2014
patches/packages/pidgin-2.10.9-i486-1_slack14.1.txz:  Upgraded.
  This update fixes various security issues and other bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Sat, 08 Feb 2014 19:41:15

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Sat Feb  8 18:41:15 UTC 2014
patches/packages/mozilla-firefox-24.3.0esr-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-24.3.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.24-i486-1_slack14.1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.24-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Fri, 14 Feb 2014 00:45:53

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 13 23:45:53 UTC 2014
patches/packages/curl-7.35.0-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where libcurl could, in some circumstances, reuse
  the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
  request.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140129.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
  (* Security fix *)
patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz:  Rebuilt.
  All stable versions of NTP remain vulnerable to a remote attack where the
  "ntpdc -c monlist" command can be used to amplify network traffic as part
  of a denial of service attack.  By default, Slackware is not vulnerable
  since it includes "noquery" as a default restriction.  However, it is
  vulnerable if this restriction is removed.  To help mitigate this flaw,
  "disable monitor" has been added to the default ntp.conf (which will disable
  the monlist command even if other queries are allowed), and the default
  restrictions have been extended to IPv6 as well.
  All users of the NTP daemon should make sure that their ntp.conf contains
  "disable monitor" to prevent misuse of the NTP service.  The new ntp.conf
  file will be installed as /etc/ntp.conf.new with a package upgrade, but the
  changes will need to be merged into any existing ntp.conf file by the admin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
    http://www.kb.cert.org/vuls/id/348126
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Thu, 20 Feb 2014 01:30:49

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 20 00:30:49 UTC 2014
patches/packages/gnutls-3.1.21-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a flaw where a version 1 intermediate certificate would be
  considered as a CA certificate by GnuTLS by default. 
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
  (* Security fix *)
patches/packages/mariadb-5.5.35-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a buffer overflow in the mysql command line client which
  may allow malicious or compromised database servers to cause a denial of
  service (crash) and possibly execute arbitrary code via a long server
  version string.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
  (* Security fix *)
patches/packages/shadow-4.1.5.1-i486-3_slack14.1.txz:  Rebuilt.
  Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
  (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
  case via a TIOCNOTTY request.  Bi-directional protection is excessive
  and breaks a commonly-used methods for privilege escalation on non-PAM
  systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
  This update relaxes the restriction and only detaches the controlling
  tty when the callee is not root (which is, after all, the threat vector).
  Thanks to mancha for the patch (and the above information).
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Thu, 27 Feb 2014 21:43:28

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Feb 27 20:43:28 UTC 2014
patches/packages/subversion-1.7.16-i486-1_slack14.1.txz:  Upgraded.
  Fix denial of service bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Tue, 04 Mar 2014 00:32:18

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Mon Mar  3 23:32:18 UTC 2014
patches/packages/gnutls-3.1.22-i486-1_slack14.1.txz:  Upgraded.
  Fixed a security issue where a specially crafted certificate could
  bypass certificate validation checks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Tue, 11 Mar 2014 08:06:18

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Tue Mar 11 07:06:18 UTC 2014
patches/packages/udisks-1.0.5-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
patches/packages/udisks2-2.1.3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Thu, 13 Mar 2014 04:32:38

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Thu Mar 13 03:32:38 UTC 2014
patches/packages/mutt-1.5.23-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a buffer overflow where malformed RFC2047 header
  lines could result in denial of service or potentially the execution
  of arbitrary code as the user running mutt.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Slacky BOT Packager
Linux 3.x
Linux 3.x
Messaggi: 812
Iscritto il: mar 19 giu 2012, 11:18

New patches for slackware-14.1 on Fri, 14 Mar 2014 01:44:48

Messaggio da Slacky BOT Packager »

Hey guys,
new patches have been released for slackware-14.1. Follows the relevant part of ChangeLog.txt:

Codice: Seleziona tutto

Fri Mar 14 00:44:48 UTC 2014
patches/packages/samba-4.1.6-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  CVE-2013-4496:
  Samba versions 3.4.0 and above allow the administrator to implement
  locking out Samba accounts after a number of bad password attempts.
  However, all released versions of Samba did not implement this check for
  password changes, such as are available over multiple SAMR and RAP
  interfaces, allowing password guessing attacks.
  CVE-2013-6442:
  Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
  smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
  command options it will remove the existing ACL on the object being
  modified, leaving the file or directory unprotected.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
  (* Security fix *)
+--------------------------+
Have fun,
Slacky BOT Packager

Rispondi