This is an old revision of the document!
Slackwarearm-14.2 ChangeLog (2016-05-02)
Mon May 2 21:12:21 UTC 2016
Packages
Upgraded
- a/lvm2-2.02.152-arm-1.txz
- ap/gphoto2-2.5.10-arm-1.txz
- ap/mariadb-10.0.25-arm-1.txz
- ap/vim-7.4.1811-arm-1.txz
- d/git-2.8.2-arm-1.txz
- d/perl-5.22.2-arm-1.txz
- d/ruby-2.2.5-arm-1.txz
- d/subversion-1.9.4-arm-1.txz
This release fixes two security issues:
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check.
For more information, see:
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
(* Security fix *) - l/libgphoto2-2.5.10-arm-1.txz
- l/poppler-0.43.0-arm-1.txz
Shared library .so-version bump. - n/ntp-4.2.8p7-arm-1.txz
This release patches several low and medium severity security issues:
CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
AKA: ntp-sybil - MITIGATION ONLY
CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
botch
CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
properly validated
CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
MATCH_ASSOC
CVE-2016-2519: ctl_getitem() return value not always checked
CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
CVE-2015-7704: KoD fix: peer associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode is broken
CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
(* Security fix *) - n/php-5.6.21-arm-1.txz
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.21
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
(* Security fix *) - n/whois-5.2.12-arm-1.txz
- x/libdrm-2.4.68-arm-1.txz
- x/xf86-input-evdev-2.10.2-arm-1.txz
- xap/vim-gvim-7.4.1811-arm-1.txz
Rebuilt
- ap/cups-filters-1.8.3-arm-2.txz
Recompiled against poppler-0.43.0. - kde/calligra-2.9.11-arm-3.txz
Recompiled against poppler-0.43.0. - n/yptools-2.14-arm-6.txz
Don't remove unmerged .new config files. Thanks to christian laubscher. - xfce/tumbler-0.1.31-arm-6.txz
Recompiled against poppler-0.43.0.