Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2016-11-04) ====== ====== Fri Nov 4 03:31:38 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.1>patches/packages/bind-9.9.9_P4-i486-1_slack14.1.txz]] \\ This update fixes a denial-of-service vulnerability. A defect in BIND's \\ handling of responses containing a DNAME answer can cause a resolver to exit \\ after encountering an assertion failure in db.c or resolver.c. A server \\ encountering either of these error conditions will stop, resulting in denial \\ of service to clients. The risk to authoritative servers is minimal; \\ recursive servers are chiefly at risk. \\ For more information, see: \\ https://kb.isc.org/article/AA-01434 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 \\ (* Security fix *) * [[slackware.14.1>patches/packages/curl-7.51.0-i486-1_slack14.1.txz]] \\ This release fixes security issues: \\ CVE-2016-8615: cookie injection for other servers \\ CVE-2016-8616: case insensitive password comparison \\ CVE-2016-8617: OOB write via unchecked multiplication \\ CVE-2016-8618: double-free in curl_maprintf \\ CVE-2016-8619: double-free in krb5 code \\ CVE-2016-8620: glob parser write/read out of bounds \\ CVE-2016-8621: curl_getdate read out of bounds \\ CVE-2016-8622: URL unescape heap overflow via integer truncation \\ CVE-2016-8623: Use-after-free via shared cookies \\ CVE-2016-8624: invalid URL parsing with '#' \\ CVE-2016-8625: IDNA 2003 makes curl use wrong host \\ For more information, see: \\ https://curl.haxx.se/docs/adv_20161102A.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615 \\ https://curl.haxx.se/docs/adv_20161102B.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616 \\ https://curl.haxx.se/docs/adv_20161102C.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617 \\ https://curl.haxx.se/docs/adv_20161102D.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618 \\ https://curl.haxx.se/docs/adv_20161102E.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619 \\ https://curl.haxx.se/docs/adv_20161102F.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620 \\ https://curl.haxx.se/docs/adv_20161102G.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621 \\ https://curl.haxx.se/docs/adv_20161102H.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622 \\ https://curl.haxx.se/docs/adv_20161102I.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623 \\ https://curl.haxx.se/docs/adv_20161102J.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624 \\ https://curl.haxx.se/docs/adv_20161102K.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625 \\ (* Security fix *) * [[slackware.14.1>patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.1.txz]] \\ This package provides the latest timezone updates. {{tag>slackware changelog slackware-14.1 2016-11}} news/2016/11/04/slackware-14.1-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In