ChangeLog for: 2010-10-28 23:13:53
a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt.
Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads." This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)
a/glibc-zoneinfo-2.12.1-noarch-3.txz: Rebuilt.
Upgraded to tzcode2010n and tzdata2010n.
a/grep-2.7-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.0.23-x86_64-3.txz: Rebuilt.
Don't try to load ALSA OSS modules if they aren't available.
Thanks to John Fitzgerald for the patch.
l/glibc-2.12.1-x86_64-3.txz: Rebuilt.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)
l/glibc-i18n-2.12.1-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.12.1-x86_64-3.txz: Rebuilt.
xap/mozilla-firefox-3.6.12-x86_64-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)