ChangeLog for: 2010-12-24 01:53:19
a/acpid-2.0.7-x86_64-1.txz: Upgraded.
a/dbus-1.4.1-x86_64-1.txz: Upgraded.
a/lvm2-2.02.79-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.6-x86_64-2.txz: Rebuilt.
Properly handle module options. Thanks to crocket.
l/freetype-2.4.4-x86_64-1.txz: Upgraded.
n/bluez-4.81-x86_64-1.txz: Upgraded.
n/php-5.3.4-x86_64-1.txz: Upgraded.
This fixes many bugs, including some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409
(* Security fix *)
n/proftpd-1.3.3d-x86_64-1.txz: Upgraded.
This update fixes an unbounded copy operation in sql_prepare_where() that
could be exploited to execute arbitrary code. However, this only affects
servers that use the sql_mod module (which Slackware does not ship), and
in addition the ability to exploit this depends on an SQL injection bug
that was already fixed in proftpd-1.3.2rc2 (this according to upstream).
So in theory, this fix should only be of academic interest.
But in practice, better safe than sorry.
(* Security fix *)