Slackware-14.2 ChangeLog (2016-02-26)
Fri Feb 26 22:54:05 UTC 2016
Packages
Upgraded
- a/btrfs-progs-v4.4.1-i586-1.txz
- a/kernel-generic-4.4.3-i586-1.txz
- a/kernel-generic-smp-4.4.3_smp-i686-1.txz
- a/kernel-huge-4.4.3-i586-1.txz
- a/kernel-huge-smp-4.4.3_smp-i686-1.txz
- a/kernel-modules-4.4.3-i586-1.txz
- a/kernel-modules-smp-4.4.3_smp-i686-1.txz
- a/sdparm-1.10-i586-1.txz
- ap/mariadb-10.0.24-i586-1.txz
- d/gdb-7.11-i586-1.txz
- d/kernel-headers-4.4.3_smp-x86-1.txz
- k/kernel-source-4.4.3_smp-noarch-1.txz
- l/gtk+3-3.18.8-i586-1.txz
- l/libical-2.0.0-i586-1.txz
Shared library .so-version bump. - l/libssh-0.7.3-i586-1.txz
Fixed weak key generation. Due to a bug in the ephemeral secret key
generation for the diffie-hellman-group1 and diffie-hellman-group14
methods, ephemeral secret keys of size 128 bits are generated, instead
of the recommended sizes of 1024 and 2048 bits, giving a practical
security of 63 bits.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
(* Security fix *) - l/sg3_utils-1.42-i586-1.txz
- n/libssh2-1.7.0-i586-1.txz
Fixed weak key generation. During the SSHv2 handshake when libssh2 is to
get a suitable value for 'group order' in the Diffle Hellman negotiation,
it would pass in number of bytes to a function that expected number of bits.
This would result in the library generating numbers using only an 8th the
number of random bits than what were intended: 128 or 256 bits instead of
1023 or 2047. Using such drastically reduced amount of random bits for
Diffie Hellman weakended the handshake security significantly.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787
(* Security fix *) - x/mesa-11.1.2-i586-1.txz
- extra/linux-4.4.3-nosmp-sdk/*
- kernels/*
Rebuilt
- kde/kdepimlibs-4.14.10-i586-2.txz
Recompiled against libical-2.0.0. - n/bluez-5.37-i586-2.txz
Recompiled against libical-2.0.0. - xfce/orage-4.12.1-i586-3.txz
Recompiled against libical-2.0.0. - isolinux/initrd.img
- usb-and-pxe-installers/usbboot.img