Tue Feb 15 20:00:48 UTC 202220220215200048_15.0

patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt. If root's mailbox did not already exist, it would be created with insecure permissions leading to possible local information disclosure. This update ensures that a new mailbox will be created with proper permissions and ownership, and corrects the permissions on an existing mailbox if they are found to be incorrect. Thanks to Martin for the bug report. (* Security fix *) patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded. This release fixes a security issue in chsh(1) and chfn(8): By default, these utilities had been linked with libreadline, which allows the INPUTRC environment variable to be abused to produce an error message containing data from an arbitrary file. So, don't link these utilities with libreadline as it does not use secure_getenv() (or a similar concept), or sanitize the config file path to avoid vulnerabilities that could occur in set-user-ID or set-group-ID programs. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2022-02-15 20:00:48 +0000
committer: Eric Hameleers <alien@slackware.com> 2022-02-16 13:29:58 +0100
commit: c9881ad9794a314c7c9d106a6f82d19f07cda088 (patch)
tree: 196a5646afe2bf7edaab38ad306d42a6d56967fe /ChangeLog.txt
parent: 9a5f4fd634196e1d4257a31e89f24291b0398bc5 (diff)
download: current-c9881ad9794a314c7c9d106a6f82d19f07cda088.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index e77b8e83..dd0f6434 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,23 @@
+Tue Feb 15 20:00:48 UTC 2022
+patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz:  Rebuilt.
+  If root's mailbox did not already exist, it would be created with insecure
+  permissions leading to possible local information disclosure. This update
+  ensures that a new mailbox will be created with proper permissions and
+  ownership, and corrects the permissions on an existing mailbox if they are
+  found to be incorrect. Thanks to Martin for the bug report.
+  (* Security fix *)
+patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz:  Upgraded.
+  This release fixes a security issue in chsh(1) and chfn(8):
+  By default, these utilities had been linked with libreadline, which allows
+  the INPUTRC environment variable to be abused to produce an error message
+  containing data from an arbitrary file. So, don't link these utilities with
+  libreadline as it does not use secure_getenv() (or a similar concept), or
+  sanitize the config file path to avoid vulnerabilities that could occur in
+  set-user-ID or set-group-ID programs.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
+  (* Security fix *)
++--------------------------+
 Mon Feb 14 00:10:38 UTC 2022
 patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes potential denial-of-service vulnerabilities.
author	Patrick J Volkerding <volkerdi@slackware.com>	2022-02-15 20:00:48 +0000
committer	Eric Hameleers <alien@slackware.com>	2022-02-16 13:29:58 +0100
commit	c9881ad9794a314c7c9d106a6f82d19f07cda088 (patch)
tree	196a5646afe2bf7edaab38ad306d42a6d56967fe /ChangeLog.txt
parent	9a5f4fd634196e1d4257a31e89f24291b0398bc5 (diff)
download	current-c9881ad9794a314c7c9d106a6f82d19f07cda088.tar.gz