Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-13.37 ChangeLog (2016-03-03) ====== ====== Thu Mar 3 05:41:26 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.13.37>patches/packages/mailx-12.5-i486-1_slack13.37.txz]] \\ Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues \\ that could allow a local attacker to cause mailx to execute arbitrary \\ shell commands through the use of a specially-crafted email address. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844 \\ (* Security fix *) ==== Rebuilt ==== * [[slackware.13.37>patches/packages/openssl-0.9.8zh-i486-2_slack13.37.txz]] \\ This update fixes the following security issues: \\ Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) \\ Double-free in DSA code (CVE-2016-0705) \\ Memory leak in SRP database lookups (CVE-2016-0798) \\ BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) \\ Fix memory issues in BIO_*printf functions (CVE-2016-0799) \\ Side channel attack on modular exponentiation (CVE-2016-0702) \\ To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or \\ weak ciphers have been removed. \\ For more information, see: \\ https://www.openssl.org/news/secadv/20160301.txt \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702 \\ (* Security fix *) * [[slackware.13.37>patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.37.txz]] {{tag>slackware changelog slackware-13.37 2016-03}} news/2016/03/03/slackware-13.37-changelog.txt Last modified: 13 months agoby Giuseppe Di Terlizzi Log In