Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.2 ChangeLog (2014-08-10) ====== ====== Sun Aug 10 12:30:19 UTC 2014 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackwarearm.14.2>a/gpm-1.20.7-arm-3.txz]] \\ Removed the mouse-t.el file, which is older than the version in Emacs. \\ Thanks to Richard Cranium. * [[slackwarearm.14.2>n/dhcpcd-6.0.5-arm-3.txz]] \\ This update fixes a security issue where a specially crafted packet \\ received from a malicious DHCP server causes dhcpcd to enter an infinite \\ loop causing a denial of service. \\ Thanks to Tobias Stoeckmann for the bug report. \\ (* Security fix *) * [[slackwarearm.14.2>xap/xscreensaver-5.29-arm-2.txz]] \\ Disabled nag screen that says "This version of XScreenSaver is very old! \\ Please upgrade!" when the age of the software exceeds 12 months. * [[slackwarearm.14.2>isolinux/*]] ==== Upgraded ==== * [[slackwarearm.14.2>a/kernel-firmware-20140809git-noarch-1.txz]] * [[slackwarearm.14.2>a/kernel-modules-armv7-3.15.9_armv7-arm-1.txz]] * [[slackwarearm.14.2>a/kernel-modules-kirkwood-3.15.9_kirkwood-arm-1.txz]] * [[slackwarearm.14.2>a/kernel_armv7-3.15.9-arm-1.txz]] * [[slackwarearm.14.2>a/kernel_kirkwood-3.15.9-arm-1.txz]] * [[slackwarearm.14.2>a/openssl-solibs-1.0.1i-arm-1.txz]] \\ (* Security fix *) * [[slackwarearm.14.2>k/kernel-source-3.15.9-arm-1.txz]] * [[slackwarearm.14.2>n/openssl-1.0.1i-arm-1.txz]] \\ This update fixes several security issues: \\ Double Free when processing DTLS packets (CVE-2014-3505) \\ DTLS memory exhaustion (CVE-2014-3506) \\ DTLS memory leak from zero-length fragments (CVE-2014-3507) \\ Information leak in pretty printing functions (CVE-2014-3508) \\ Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) \\ OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) \\ OpenSSL TLS protocol downgrade attack (CVE-2014-3511) \\ SRP buffer overrun (CVE-2014-3512) \\ Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) \\ For more information, see: \\ https://www.openssl.org/news/secadv_20140806.txt \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139 \\ (* Security fix *) * [[slackwarearm.14.2>n/samba-4.1.11-arm-1.txz]] \\ This update fixes a remote code execution attack on unauthenticated nmbd \\ NetBIOS name services. A malicious browser can send packets that may \\ overwrite the heap of the target nmbd NetBIOS name services daemon. \\ It may be possible to use this to generate a remote code execution \\ vulnerability as the superuser (root). \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560 \\ (* Security fix *) * [[slackwarearm.14.2>kernels/*]] {{tag>slackware changelog slackwarearm-14.2 2014-08}} news/2014/08/10/slackwarearm-14.2-changelog.txt Last modified: 5 months agoby Giuseppe Di Terlizzi Log In