Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Last revision Both sides next revision
news:2014:04:08:slackware-14.1-changelog [2015/03/10 12:24]
Giuseppe Di Terlizzi creata
news:2014:04:08:slackware-14.1-changelog [2015/03/10 12:44]
Giuseppe Di Terlizzi
Line 7: Line 7:
  
 ==== Upgraded ==== ==== Upgraded ====
-  * [[slackware.14.1>patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz]] (Security fix)+  * [[slackware.14.1>patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz]] \\   This update fixes two security issues: \\   A missing bounds check in the handling of the TLS heartbeat extension \\   can be used to reveal up to 64k of memory to a connected client or server. \\   Thanks for Neel Mehta of Google Security for discovering this bug and to \\   Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for \\   preparing the fix. \\   Fix for the attack described in the paper "Recovering OpenSSL \\   ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" \\   by Yuval Yarom and Naomi Benger. Details can be obtained from: \\   http://eprint.iacr.org/2014/140 \\   For more information, see: \\     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 \\     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 \\   (Security fix *)
   * [[slackware.14.1>patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz]]   * [[slackware.14.1>patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz]]
-===== ChangeLog ===== 
-<code> 
-Tue Apr  8 14:19:51 UTC 2014 
-patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded. 
-  This update fixes two security issues: 
-  A missing bounds check in the handling of the TLS heartbeat extension 
-  can be used to reveal up to 64k of memory to a connected client or server. 
-  Thanks for Neel Mehta of Google Security for discovering this bug and to 
-  Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for 
-  preparing the fix. 
-  Fix for the attack described in the paper "Recovering OpenSSL 
-  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" 
-  by Yuval Yarom and Naomi Benger. Details can be obtained from: 
-  http://eprint.iacr.org/2014/140 
-  For more information, see: 
-    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 
-    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 
-  (* Security fix *) 
-patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded. 
-</code> 
- 
  
  
 {{tag>slackware changelog slackware-14.1 2014/04}} {{tag>slackware changelog slackware-14.1 2014/04}}
  
  • news/2014/04/08/slackware-14.1-changelog.txt
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi