ChangeLog for: 2010-10-21 00:14:23
a/glibc-solibs-2.12.1-x86_64-2.txz: Rebuilt.
Patched "dynamic linker expands $ORIGIN in setuid library search path".
This security issue allows a local attacker to gain root if they can create
a hard link to a setuid root binary. Thanks to Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://seclists.org/fulldisclosure/2010/Oct/257
(* Security fix *)
a/glibc-zoneinfo-2.12.1-noarch-2.txz: Rebuilt.
a/sysklogd-1.5-x86_64-1.txz: Upgraded.
l/glibc-2.12.1-x86_64-2.txz: Rebuilt.
l/glibc-i18n-2.12.1-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.12.1-x86_64-2.txz: Rebuilt.
xap/mozilla-firefox-3.6.11-x86_64-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
xap/mozilla-thunderbird-3.1.5-x86_64-1.txz: Upgraded.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
(* Security fix *)