Repository 32bit  Forum
Repository 64bit  Wiki
Thu Feb 20 00:30:49 UTC 2014
patches/packages/gnutls-3.1.21-i486-1_slack14.1.txz: Upgraded.
  This update fixes a flaw where a version 1 intermediate certificate would be
  considered as a CA certificate by GnuTLS by default.
  For more information, see:
  (* Security fix *)
patches/packages/mariadb-5.5.35-i486-1_slack14.1.txz: Upgraded.
  This update fixes a buffer overflow in the mysql command line client which
  may allow malicious or compromised database servers to cause a denial of
  service (crash) and possibly execute arbitrary code via a long server
  version string.
  For more information, see:
  (* Security fix *)
patches/packages/shadow- Rebuilt.
  Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
  (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
  case via a TIOCNOTTY request. Bi-directional protection is excessive
  and breaks a commonly-used methods for privilege escalation on non-PAM
  systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
  This update relaxes the restriction and only detaches the controlling
  tty when the callee is not root (which is, after all, the threat vector).
  Thanks to mancha for the patch (and the above information).