This is an old revision of the document!
Slackware-14.2 ChangeLog (2018-12-06)
Thu Dec 6 04:38:11 UTC 2018
Packages
Upgraded
- patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz
This update fixes a security issue:
Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and
padding oracle verification.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868
(* Security fix *) - patches/packages/nettle-3.4.1-i586-1_slack14.2.txz
This update fixes a security issue:
A Bleichenbacher type side-channel based padding oracle attack was found
in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5
data. An attacker who is able to run a process on the same physical core
as the victim process, could use this flaw to extract plaintext or in some
cases downgrade any TLS connections to a vulnerable server.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869
(* Security fix *)