Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.0 ChangeLog (2016-03-03) ====== ====== Thu Mar 3 05:41:26 UTC 2016 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackware.14.0>patches/packages/mailx-12.5-i486-2_slack14.0.txz]] \\ Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues \\ that could allow a local attacker to cause mailx to execute arbitrary \\ shell commands through the use of a specially-crafted email address. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844 \\ (* Security fix *) ==== Upgraded ==== * [[slackware.14.0>patches/packages/openssl-1.0.1s-i486-1_slack14.0.txz]] \\ This update fixes the following security issues: \\ Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) \\ Double-free in DSA code (CVE-2016-0705) \\ Memory leak in SRP database lookups (CVE-2016-0798) \\ BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) \\ Fix memory issues in BIO_*printf functions (CVE-2016-0799) \\ Side channel attack on modular exponentiation (CVE-2016-0702) \\ To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or \\ weak ciphers have been removed. \\ For more information, see: \\ https://www.openssl.org/news/secadv/20160301.txt \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702 \\ (* Security fix *) * [[slackware.14.0>patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.0.txz]] * [[slackware.14.0>patches/packages/php-5.6.18-i486-1_slack14.1.txz]] \\ This release fixes bugs and security issues. \\ For more information, see: \\ http://php.net/ChangeLog-5.php#5.6.18 \\ (* Security fix *) {{tag>slackware changelog slackware-14.0 2016-03}} news/2016/03/03/slackware-14.0-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In