diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-11-07 19:57:12 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-11-08 13:30:36 +0100 |
| commit | 206ee03fe7b74a0f85d75c5e783efaa2991f2c56 (patch) | |
| tree | 72f0f43a428134664e2d5e03781ed2d98c28fa6a /ChangeLog.rss | |
| parent | 61421702483f2787ddd715f29cdae4d4a8222528 (diff) | |
| download | current-206ee03fe7b74a0f85d75c5e783efaa2991f2c56.tar.gz current-206ee03fe7b74a0f85d75c5e783efaa2991f2c56.tar.xz | |
Tue Nov 7 19:57:12 UTC 202320231107195712_15.0
patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded.
The sudoers plugin has been modified to make it more resilient to ROWHAMMER
attacks on authentication and policy matching.
The sudoers plugin now constructs the user time stamp file path name using
the user-ID instead of the user name. This avoids a potential problem with
user names that contain a path separator ('/') being interpreted as part of
the path name.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42465
https://www.cve.org/CVERecord?id=CVE-2023-42456
(* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 1cd19cbb0..457b9bacb 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,31 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Tue, 31 Oct 2023 18:49:18 GMT</pubDate> - <lastBuildDate>Wed, 1 Nov 2023 12:30:06 GMT</lastBuildDate> + <pubDate>Tue, 7 Nov 2023 19:57:12 GMT</pubDate> + <lastBuildDate>Wed, 8 Nov 2023 12:30:22 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Tue, 7 Nov 2023 19:57:12 GMT</title> + <pubDate>Tue, 7 Nov 2023 19:57:12 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20231107195712</link> + <guid isPermaLink="false">20231107195712</guid> + <description> + <![CDATA[<pre> +patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. + The sudoers plugin has been modified to make it more resilient to ROWHAMMER + attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using + the user-ID instead of the user name. This avoids a potential problem with + user names that contain a path separator ('/') being interpreted as part of + the path name. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-42465 + https://www.cve.org/CVERecord?id=CVE-2023-42456 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Tue, 31 Oct 2023 18:49:18 GMT</title> <pubDate>Tue, 31 Oct 2023 18:49:18 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20231031184918</link> |