Slackware-14.1 ChangeLog (2014-04-08) [Lotar's Wiki]

slackware changelog slackware-14.1 2014-04news:2014:04:08:slackware-14.1-changelog

This is an old revision of the document!

patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz
This update fixes two security issues:
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for
preparing the fix.
Fix for the attack described in the paper “Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
(* Security fix *)
patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz

slackware, changelog, slackware-14.1, 2014/04

news/2014/04/08/slackware-14.1-changelog.1425987876.txt.gz
Last modified: 9 years ago
by Giuseppe Di Terlizzi