Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2014-01-14) ====== ====== Tue Jan 14 03:54:48 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.1>patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz]] \\ This update fixes a stack overflow when reading a BDF font file containing \\ a longer than expected string, which could lead to crashes or privilege \\ escalation. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 \\ (* Security fix *) * [[slackware.14.1>patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz]] \\ This update fixes the following security issues: \\ Fix for TLS record tampering bug CVE-2013-4353 \\ Fix for TLS version checking bug CVE-2013-6449 \\ Fix for DTLS retransmission bug CVE-2013-6450 \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 \\ (* Security fix *) * [[slackware.14.1>patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz]] * [[slackware.14.1>patches/packages/php-5.4.24-i486-1_slack14.1.txz]] \\ The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before \\ 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly \\ parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, \\ which allows remote attackers to execute arbitrary code or cause a denial \\ of service (memory corruption) via a crafted certificate that is not \\ properly handled by the openssl_x509_parse function. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 \\ (* Security fix *) * [[slackware.14.1>patches/packages/samba-4.1.4-i486-1_slack14.1.txz]] \\ This update fixes a heap-based buffer overflow that may allow AD domain \\ controllers to execute arbitrary code via an invalid fragment length in \\ a DCE-RPC packet. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408 \\ (* Security fix *) {{tag>slackware changelog slackware-14.1 2014-01}} news/2014/01/14/slackware-14.1-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In