ChangeLog for: 2010-10-28 23:13:53

a/glibc-solibs-2.12.1-x86_64-3.txz:  Rebuilt.
  Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs
  during setuid loads."  This security issue allows a local attacker to
  gain root by specifying an unsafe DSO in the library search path to be
  used with a setuid binary in LD_AUDIT mode.
  Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
  (* Security fix *)
a/glibc-zoneinfo-2.12.1-noarch-3.txz:  Rebuilt.
  Upgraded to tzcode2010n and tzdata2010n.
a/grep-2.7-x86_64-1.txz:  Upgraded.
ap/alsa-utils-1.0.23-x86_64-3.txz:  Rebuilt.
  Don't try to load ALSA OSS modules if they aren't available.
  Thanks to John Fitzgerald for the patch.
l/glibc-2.12.1-x86_64-3.txz:  Rebuilt.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
  (* Security fix *)
l/glibc-i18n-2.12.1-x86_64-3.txz:  Rebuilt.
l/glibc-profile-2.12.1-x86_64-3.txz:  Rebuilt.
xap/mozilla-firefox-3.6.12-x86_64-1.txz:  Upgraded.
  This fixes some security issues.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
  (* Security fix *)