Slackware-13.0 ChangeLog (2015-07-07)

Tue Jul 7 22:59:17 UTC 2015

  • patches/packages/bind-9.9.7_P1-i486-1_slack13.0.txz
    This update fixes a security issue where an attacker who can cause
    a validating resolver to query a zone containing specifically constructed
    contents can cause that resolver to fail an assertion and terminate due
    to a defect in validation code. This means that a recursive resolver that
    is performing DNSSEC validation can be deliberately stopped by an attacker
    who can cause the resolver to perform a query against a
    maliciously-constructed zone. This will result in a denial of service to
    clients who rely on that resolver.
    For more information, see:
    https://kb.isc.org/article/AA-01267/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
    (* Security fix *)
  • patches/packages/ntp-4.2.8p3-i486-1_slack13.0.txz
    This update fixes a security issue where under specific circumstances an
    attacker can send a crafted packet to cause a vulnerable ntpd instance to
    crash. Since this requires 1) ntpd set up to allow remote configuration
    (not allowed by default), and 2) knowledge of the configuration password,
    and 3) access to a computer entrusted to perform remote configuration,
    the vulnerability is considered low-risk.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146
    (* Security fix *)
  • news/2015/07/07/slackware-13.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi