This is an old revision of the document!


Slackware-14.1 ChangeLog (2014-04-08)

Tue Apr 8 14:19:51 UTC 2014

Tue Apr  8 14:19:51 UTC 2014
patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded.
  • news/2014/04/08/slackware-14.1-changelog.1425986644.txt.gz
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi