Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.0 ChangeLog (2014-02-14) ====== ====== Fri Feb 14 19:32:57 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.0>patches/packages/curl-7.35.0-arm-1_slack14.0.tgz]] \\ This update fixes a flaw where libcurl could, in some circumstances, reuse \\ the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS \\ request. \\ For more information, see: \\ http://curl.haxx.se/docs/adv_20140129.html \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015 \\ (* Security fix *) * [[slackwarearm.14.0>patches/packages/pidgin-2.10.9-arm-1_slack14.0.tgz]] \\ This update fixes various security issues and other bugs. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020 \\ (* Security fix *) ==== Rebuilt ==== * [[slackwarearm.14.0>patches/packages/ntp-4.2.6p5-arm-3_slack14.0.tgz]] \\ All stable versions of NTP remain vulnerable to a remote attack where the \\ "ntpdc -c monlist" command can be used to amplify network traffic as part \\ of a denial of service attack. By default, Slackware is not vulnerable \\ since it includes "noquery" as a default restriction. However, it is \\ vulnerable if this restriction is removed. To help mitigate this flaw, \\ "disable monitor" has been added to the default ntp.conf (which will disable \\ the monlist command even if other queries are allowed), and the default \\ restrictions have been extended to IPv6 as well. \\ All users of the NTP daemon should make sure that their ntp.conf contains \\ "disable monitor" to prevent misuse of the NTP service. The new ntp.conf \\ file will be installed as /etc/ntp.conf.new with a package upgrade, but the \\ changes will need to be merged into any existing ntp.conf file by the admin. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 \\ http://www.kb.cert.org/vuls/id/348126 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-14.0 2014-02}} news/2014/02/14/slackwarearm-14.0-changelog.txt Last modified: 13 months agoby Giuseppe Di Terlizzi Log In