Slackwarearm-14.1 ChangeLog (2014-02-14)
Fri Feb 14 19:31:41 UTC 2014
Packages
Upgraded
- patches/packages/cairo-1.12.16-arm-1_slack14.1.tgz
This is a bugfix update that was tested in -current and found to resolve
some outstanding issues with the package that shipped in Slackware 14.1.
Removed –enable-xcb-shm (may cause instability with GTK+3).
Removed –enable-xlib-xcb (causes GIMP slowdown).
Added –enable-ft and –enable-gl. - patches/packages/curl-7.35.0-arm-1_slack14.1.tgz
This update fixes a flaw where libcurl could, in some circumstances, reuse
the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
request.
For more information, see:
http://curl.haxx.se/docs/adv_20140129.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
(* Security fix *) - patches/packages/pidgin-2.10.9-arm-1_slack14.1.tgz
This update fixes various security issues and other bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
(* Security fix *)
Rebuilt
- patches/packages/ntp-4.2.6p5-arm-5_slack14.1.tgz
All stable versions of NTP remain vulnerable to a remote attack where the
“ntpdc -c monlist” command can be used to amplify network traffic as part
of a denial of service attack. By default, Slackware is not vulnerable
since it includes “noquery” as a default restriction. However, it is
vulnerable if this restriction is removed. To help mitigate this flaw,
“disable monitor” has been added to the default ntp.conf (which will disable
the monlist command even if other queries are allowed), and the default
restrictions have been extended to IPv6 as well.
All users of the NTP daemon should make sure that their ntp.conf contains
“disable monitor” to prevent misuse of the NTP service. The new ntp.conf
file will be installed as /etc/ntp.conf.new with a package upgrade, but the
changes will need to be merged into any existing ntp.conf file by the admin.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
http://www.kb.cert.org/vuls/id/348126
(* Security fix *)