Slackwarearm-current ChangeLog (2014-04-02)
Wed Apr 2 19:31:23 UTC 2014
Packages
Upgraded
- a/kernel-modules-armv7-3.13.7_armv7-arm-1.tgz
- a/kernel-modules-kirkwood-3.13.7_kirkwood-arm-1.tgz
- a/kernel_armv7-3.13.7-arm-1.txz
- a/kernel_kirkwood-3.13.7-arm-1.txz
- ap/mpg123-1.18.0-arm-1.tgz
- k/kernel-source-3.13.7-arm-1.txz
- l/apr-1.5.0-arm-1.txz
- l/apr-util-1.5.3-arm-1.txz
- l/mozilla-nss-3.16-arm-1.txz
This update fixes a security issue:
The cert_TestHostName function in lib/certdb/certdb.c in the
certificate-checking implementation in Mozilla Network Security Services
(NSS) before 3.16 accepts a wildcard character that is embedded in an
internationalized domain name's U-label, which might allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
(* Security fix *) - n/curl-7.36.0-arm-1.txz
This update fixes four security issues.
For more information, see:
http://curl.haxx.se/docs/adv_20140326A.html
http://curl.haxx.se/docs/adv_20140326B.html
http://curl.haxx.se/docs/adv_20140326C.html
http://curl.haxx.se/docs/adv_20140326D.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
(* Security fix *) - n/httpd-2.4.9-arm-1.txz
This update addresses two security issues.
Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
when logging truncated cookies. Clean up the cookie logging parser to
recognize only the cookie=value pairs, not valueless cookies.
mod_dav: Keep track of length of cdata properly when removing leading
spaces. Eliminates a potential denial of service from specifically crafted
DAV WRITE requests.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
(* Security fix *) - n/openssh-6.6p1-arm-1.txz
This update fixes a security issue when using environment passing with
a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
tricked into accepting any environment variable that contains the
characters before the wildcard character.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
(* Security fix *) - n/tin-2.2.0-arm-1.txz
- kernels/*
Rebuilt
- isolinux/*
tar is now version 1.26.
Giuseppe Di Terlizzi