diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index e77b8e83b..dd0f64342 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,23 @@ +Tue Feb 15 20:00:48 UTC 2022 +patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt. + If root's mailbox did not already exist, it would be created with insecure + permissions leading to possible local information disclosure. This update + ensures that a new mailbox will be created with proper permissions and + ownership, and corrects the permissions on an existing mailbox if they are + found to be incorrect. Thanks to Martin for the bug report. + (* Security fix *) +patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded. + This release fixes a security issue in chsh(1) and chfn(8): + By default, these utilities had been linked with libreadline, which allows + the INPUTRC environment variable to be abused to produce an error message + containing data from an arbitrary file. So, don't link these utilities with + libreadline as it does not use secure_getenv() (or a similar concept), or + sanitize the config file path to avoid vulnerabilities that could occur in + set-user-ID or set-group-ID programs. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563 + (* Security fix *) ++--------------------------+ Mon Feb 14 00:10:38 UTC 2022 patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded. This update fixes potential denial-of-service vulnerabilities. |