Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.0 ChangeLog (2016-03-10) ====== ====== Thu Mar 10 23:43:47 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.0>patches/packages/openssh-7.2p2-i486-1_slack14.0.txz]] \\ This release fixes a security bug: \\ sshd(8): sanitise X11 authentication credentials to avoid xauth \\ command injection when X11Forwarding is enabled. \\ For more information, see: \\ http://www.openssh.com/txt/x11fwd.adv \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115 \\ (* Security fix *) ====== Thu Mar 10 02:46:49 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.0>patches/packages/bind-9.9.8_P4-i486-1_slack14.0.txz]] \\ Fixed security issues: \\ Fix resolver assertion failure due to improper DNAME handling when \\ parsing fetch reply messages. (CVE-2016-1286) [RT #41753] \\ Malformed control messages can trigger assertions in named and rndc. \\ (CVE-2016-1285) [RT #41666] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 \\ (* Security fix *) * [[slackware.14.0>patches/packages/mozilla-nss-3.23-i486-1_slack14.0.txz]] \\ Upgraded to nss-3.23 and nspr-4.12. \\ This release contains security fixes and improvements. \\ For more information, see: \\ http://www.mozilla.org/security/known-vulnerabilities/nss.html \\ (* Security fix *) {{tag>slackware changelog slackware-14.0 2016-03}} news/2016/03/10/slackware-14.0-changelog.txt Last modified: 9 months agoby Giuseppe Di Terlizzi Log In