Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-current ChangeLog (2018-03-01) ====== ====== Thu Mar 1 23:24:54 UTC 2018 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.current>a/kernel-generic-4.14.23-i586-1.txz]] * [[slackware.current>a/kernel-generic-smp-4.14.23_smp-i686-1.txz]] * [[slackware.current>a/kernel-huge-4.14.23-i586-1.txz]] * [[slackware.current>a/kernel-huge-smp-4.14.23_smp-i686-1.txz]] * [[slackware.current>a/kernel-modules-4.14.23-i586-1.txz]] * [[slackware.current>a/kernel-modules-smp-4.14.23_smp-i686-1.txz]] * [[slackware.current>a/xfsprogs-4.15.1-i586-1.txz]] * [[slackware.current>ap/man-db-2.8.2-i586-1.txz]] * [[slackware.current>ap/mpg123-1.25.10-i586-1.txz]] * [[slackware.current>d/help2man-1.47.6-i586-1.txz]] * [[slackware.current>d/kernel-headers-4.14.23_smp-x86-1.txz]] * [[slackware.current>k/kernel-source-4.14.23_smp-noarch-1.txz]] * [[slackware.current>l/SDL2-2.0.8-i586-1.txz]] * [[slackware.current>l/libunistring-0.9.9-i586-1.txz]] * [[slackware.current>l/mozilla-nss-3.35-i586-1.txz]] \\ Upgraded to nss-3.35 and nspr-4.18. * [[slackware.current>l/sip-4.19.8-i586-1.txz]] * [[slackware.current>l/tevent-0.9.36-i586-1.txz]] * [[slackware.current>n/dhcp-4.4.1-i586-1.txz]] \\ This update fixes two security issues: \\ Corrected an issue where large sized 'X/x' format options were causing \\ option handling logic to overwrite memory when expanding them to human \\ readable form. Reported by Felix Wilhelm, Google Security Team. \\ Option reference count was not correctly decremented in error path \\ when parsing buffer for options. Reported by Felix Wilhelm, Google \\ Security Team. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733 \\ (* Security fix *) * [[slackware.current>n/dovecot-2.3.0.1-i586-1.txz]] \\ This release addresses three security issues in dovecot: \\ TLS SNI config lookups may lead to excessive memory usage, causing \\ imap-login/pop3-login VSZ limit to be reached and the process restarted. \\ Parsing invalid email addresses may cause a crash or leak memory contents \\ to attacker. First discovered by Aleksandar Nikolic of Cisco Talos. \\ Independently also discovered by "flxflndy" via HackerOne. \\ Aborted SASL authentication leaks memory in login process. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132 \\ (* Security fix *) * [[slackware.current>n/ntp-4.2.8p11-i586-1.txz]] \\ This release addresses five security issues in ntpd: \\ * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: \\ ephemeral association attack. While fixed in ntp-4.2.8p7, there are \\ significant additional protections for this issue in 4.2.8p11. \\ Reported by Matt Van Gundy of Cisco. \\ * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer \\ read overrun leads to undefined behavior and information leak. \\ Reported by Yihan Lian of Qihoo 360. \\ * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated \\ ephemeral associations. Reported on the questions@ list. \\ * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode \\ cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \\ * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet \\ can reset authenticated interleaved association. \\ Reported by Miroslav Lichvar of Red Hat. \\ For more information, see: \\ http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 \\ (* Security fix *) * [[slackware.current>n/openvpn-2.4.5-i586-1.txz]] \\ rc.openvpn: handle multiple config files. \\ Thanks to Daniel Junior, Thomas Choi, and BrokenCog for helpful hints. * [[slackware.current>n/p11-kit-0.23.10-i586-1.txz]] * [[slackware.current>x/libinput-1.10.1-i586-1.txz]] * [[slackware.current>x/libxshmfence-1.3-i586-1.txz]] * [[slackware.current>xfce/xfce4-notifyd-0.4.2-i586-1.txz]] * [[slackware.current>xfce/xfce4-settings-4.12.2-i586-1.txz]] * [[slackware.current>extra/linux-4.14.23-nosmp-sdk/*]] * [[slackware.current>kernels/*]] ==== Rebuilt ==== * [[slackware.current>a/lilo-24.2-i586-7.txz]] \\ liloconfig: prevent extraneous Windows partitions from being added \\ to lilo.conf. Thanks to allend. \\ liloconfig: display a notice when the script is scanning for partitions \\ (which may take some time) so that it doesn't appear to be stalled. * [[slackware.current>isolinux/initrd.img]] * [[slackware.current>usb-and-pxe-installers/usbboot.img]] {{tag>slackware changelog slackware-current 2018/03}} news/2018/03/01/slackware-current-changelog.txt Last modified: 6 years agoby Giuseppe Di Terlizzi Log In