Security Update: kernel, php
It seems that the release of Slackware 14.2 will have to wait again since Pat just bumped the kernel to 4.4.14 to fix 2 security vulnerabilities which he mentioned in detail in the latest batch of updates:
In current, we have more updates coming in:
Other than kernel update which was only applied for current, php is also updated to 5.6.23 for Slackware 14.0, 14.1, and current. This update is also considered a security update.This kernel release fixes two security issues:
Corrupted offset allows for arbitrary decrements in compat
IPT_SO_SET_REPLACE setsockopt. Risk: High. Impact: Kernel memory
corruption, leading to elevation of privileges or kernel code execution.
This occurs in a compat_setsockopt() call that is normally restricted to
root, however, Linux 3/4 kernels that support user and network namespaces
can allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
Out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt.
Risk: Medium. Impact: Out of bounds heap memory access, leading to a
Denial of Service (or possibly heap disclosure or further impact).
This occurs in a setsockopt() call that is normally restricted to root,
however, Linux 3/4 kernels that support user and network namespaces can
allow an unprivileged user to trigger this functionality. This is
exploitable from inside a container.
For more information, see:
http://www.openwall.com/lists/oss-security/2016/06/24/5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
(* Security fix *)
In current, we have more updates coming in:
- mariadb: Upgraded to 10.0.26
- libpng: Upgraded to 1.6.23
- librsvg: Upgraded to 2.40