Slackware-14.1 ChangeLog (2014-03-28)
Fri Mar 28 03:43:11 UTC 2014
Packages
Upgraded
- patches/packages/curl-7.36.0-i486-1_slack14.1.txz
This update fixes four security issues.
For more information, see:
http://curl.haxx.se/docs/adv_20140326A.html
http://curl.haxx.se/docs/adv_20140326B.html
http://curl.haxx.se/docs/adv_20140326C.html
http://curl.haxx.se/docs/adv_20140326D.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
(* Security fix *) - patches/packages/httpd-2.4.9-i486-1_slack14.1.txz
This update addresses two security issues.
Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
when logging truncated cookies. Clean up the cookie logging parser to
recognize only the cookie=value pairs, not valueless cookies.
mod_dav: Keep track of length of cdata properly when removing leading
spaces. Eliminates a potential denial of service from specifically crafted
DAV WRITE requests.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
(* Security fix *) - patches/packages/mozilla-firefox-24.4.0esr-i486-1_slack14.1.txz
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *) - patches/packages/mozilla-nss-3.16-i486-1_slack14.1.txz
This update fixes a security issue:
The cert_TestHostName function in lib/certdb/certdb.c in the
certificate-checking implementation in Mozilla Network Security Services
(NSS) before 3.16 accepts a wildcard character that is embedded in an
internationalized domain name's U-label, which might allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
(* Security fix *) - patches/packages/mozilla-thunderbird-24.4.0-i486-1_slack14.1.txz
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *) - patches/packages/openssh-6.6p1-i486-1_slack14.1.txz
This update fixes a security issue when using environment passing with
a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
tricked into accepting any environment variable that contains the
characters before the wildcard character.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
(* Security fix *) - patches/packages/seamonkey-2.25-i486-1_slack14.1.txz
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)