Security Updates

The following packages have been either updated or patched to ensure the security of SolusOS 2.

These are the updated packages as of SolusOS 2.201337.4.0-2

Package
Old Version
New Version
Description of issue
NVD Link
sudo1.8.6-51.8.7-6sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.CVE-2013-1776
libtiff4.0.3-34.0.3-4Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.CVE-2013-42436

Remember, if you discover a security issue within SolusOS 2, you should still report it, even in these alpha stages. Although it may not appear to be the highest priority for a system in such a busy development phase, it is essential that the appropriate steps are taken to forward all security issues upstream so that all projects can benefit.