This is an old revision of the document!
Slackwarearm-14.0 ChangeLog (2014-01-16)
Thu Jan 16 19:39:01 UTC 2014
Packages
Upgraded
- patches/packages/libXfont-1.4.7-arm-1_slack14.0.tgz
This update fixes a stack overflow when reading a BDF font file containing
a longer than expected string, which could lead to crashes or privilege
escalation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
(* Security fix *) - patches/packages/openssl-1.0.1f-arm-1_slack14.0.tgz
This update fixes the following security issues:
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
(* Security fix *) - patches/packages/php-5.4.24-arm-1_slack14.0.tgz
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
which allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted certificate that is not
properly handled by the openssl_x509_parse function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
(* Security fix *)