diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-01-25 06:16:36 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-01-25 12:00:01 +0100 |
| commit | 1269f459323b2536a51bb8c7e11cdffdebb185ef (patch) | |
| tree | 40da05e5d51a28f6e27d274cb15613bac01ed77c /ChangeLog.txt | |
| parent | 2ecaab4b8a696aa03b61d68c4f2665798a43a15a (diff) | |
| download | current-1269f459323b2536a51bb8c7e11cdffdebb185ef.tar.gz current-1269f459323b2536a51bb8c7e11cdffdebb185ef.tar.xz | |
Tue Jan 25 06:16:36 UTC 202220220125061636
It may look like we're currently experiencing more stuckness, but this will
lead us to Quality. We'll have this release in the can before you know it.
a/aaa_glibc-solibs-2.33-x86_64-5.txz: Rebuilt.
a/aaa_libraries-15.0-x86_64-16.txz: Rebuilt.
Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-firmware-20220124_eb8ea1b-noarch-1.txz: Upgraded.
a/kernel-generic-5.15.16-x86_64-2.txz: Upgraded.
a/kernel-huge-5.15.16-x86_64-2.txz: Upgraded.
-9P_FSCACHE n
9P_FS m -> y
Thanks to peake.
a/kernel-modules-5.15.16-x86_64-2.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-27.txz: Rebuilt.
mkinitrd_command_generator.sh: properly detect partitions of a RAID device.
Thanks to perrin4869.
a/util-linux-2.37.3-x86_64-1.txz: Upgraded.
This release fixes two security mount(8) and umount(8) issues:
An issue related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
Improper UID check in libmount allows an unprivileged user to unmount
FUSE filesystems of users with similar UID.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
(* Security fix *)
ap/vim-8.2.4212-x86_64-1.txz: Upgraded.
d/git-2.35.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.16-x86-2.txz: Upgraded.
k/kernel-source-5.15.16-noarch-2.txz: Upgraded.
l/expat-2.4.3-x86_64-2.txz: Rebuilt.
Fix signed integer overflow in function XML_GetBuffer for when
XML_CONTEXT_BYTES is defined to >0 (which is both common and
default). Impact is denial of service or other undefined behavior.
While we're here, also patch a memory leak on output file opening error.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
(* Security fix *)
l/fluidsynth-2.2.5-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-5.txz: Rebuilt.
This update patches two security issues:
Unexpected return value from glibc's realpath().
Off-by-one buffer overflow/underflow in glibc's getcwd().
Thanks to Qualys Research Labs for reporting these issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
(* Security fix *)
l/glibc-i18n-2.33-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-5.txz: Rebuilt.
l/tdb-1.4.6-x86_64-1.txz: Upgraded.
x/xf86-input-libinput-1.2.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.5.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.5.1/releasenotes/
xap/vim-gvim-8.2.4212-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 3d18b6417..648e263d9 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,66 @@ +Tue Jan 25 06:16:36 UTC 2022 +It may look like we're currently experiencing more stuckness, but this will +lead us to Quality. We'll have this release in the can before you know it. +a/aaa_glibc-solibs-2.33-x86_64-5.txz: Rebuilt. +a/aaa_libraries-15.0-x86_64-16.txz: Rebuilt. + Rebuilt to pick up the patched libexpat.so.1.8.3. +a/kernel-firmware-20220124_eb8ea1b-noarch-1.txz: Upgraded. +a/kernel-generic-5.15.16-x86_64-2.txz: Upgraded. +a/kernel-huge-5.15.16-x86_64-2.txz: Upgraded. + -9P_FSCACHE n + 9P_FS m -> y + Thanks to peake. +a/kernel-modules-5.15.16-x86_64-2.txz: Upgraded. +a/mkinitrd-1.4.11-x86_64-27.txz: Rebuilt. + mkinitrd_command_generator.sh: properly detect partitions of a RAID device. + Thanks to perrin4869. +a/util-linux-2.37.3-x86_64-1.txz: Upgraded. + This release fixes two security mount(8) and umount(8) issues: + An issue related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. + Improper UID check in libmount allows an unprivileged user to unmount + FUSE filesystems of users with similar UID. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996 + (* Security fix *) +ap/vim-8.2.4212-x86_64-1.txz: Upgraded. +d/git-2.35.0-x86_64-1.txz: Upgraded. +d/kernel-headers-5.15.16-x86-2.txz: Upgraded. +k/kernel-source-5.15.16-noarch-2.txz: Upgraded. +l/expat-2.4.3-x86_64-2.txz: Rebuilt. + Fix signed integer overflow in function XML_GetBuffer for when + XML_CONTEXT_BYTES is defined to >0 (which is both common and + default). Impact is denial of service or other undefined behavior. + While we're here, also patch a memory leak on output file opening error. + Thanks to marav. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852 + (* Security fix *) +l/fluidsynth-2.2.5-x86_64-1.txz: Upgraded. +l/glibc-2.33-x86_64-5.txz: Rebuilt. + This update patches two security issues: + Unexpected return value from glibc's realpath(). + Off-by-one buffer overflow/underflow in glibc's getcwd(). + Thanks to Qualys Research Labs for reporting these issues. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999 + (* Security fix *) +l/glibc-i18n-2.33-x86_64-5.txz: Rebuilt. +l/glibc-profile-2.33-x86_64-5.txz: Rebuilt. +l/tdb-1.4.6-x86_64-1.txz: Upgraded. +x/xf86-input-libinput-1.2.1-x86_64-1.txz: Upgraded. +xap/mozilla-thunderbird-91.5.1-x86_64-1.txz: Upgraded. + This is a bugfix release. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/91.5.1/releasenotes/ +xap/vim-gvim-8.2.4212-x86_64-1.txz: Upgraded. +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Sun Jan 23 19:36:54 UTC 2022 l/imagemagick-7.1.0_20-x86_64-1.txz: Upgraded. Built using --with-fftw. Thanks to stormbr. |