Slackwarearm-14.2 ChangeLog (2018-08-26)

Sun Aug 26 08:08:08 UTC 2018

  • patches/packages/linux-4.4.151/kernel-headers-4.4.151-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.151/kernel-modules-armv5-4.4.151_armv5-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.151/kernel-modules-armv7-4.4.151_armv7-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.151/kernel-source-4.4.151-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.151/kernel_armv5-4.4.151-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.151/kernel_armv7-4.4.151-arm-1_slack14.2.txz
  • patches/packages/ntp-4.2.8p12-arm-1_slack14.2.txz
    This release improves on one security fix in ntpd:
    LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
    While fixed in ntp-4.2.8p7 and with significant additional protections for
    this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
    the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
    Edge-case hole reported by Martin Burnicki of Meinberg.
    And fixes another security issue in ntpq and ntpdc:
    LOW: Sec 3505: The openhost() function used during command-line hostname
    processing by ntpq and ntpdc can write beyond its buffer limit, which
    could allow an attacker to achieve code execution or escalate to higher
    privileges via a long string as the argument for an IPv4 or IPv6
    command-line parameter. NOTE: It is unclear whether there are any common
    situations in which ntpq or ntpdc is used with a command line from an
    untrusted source. Reported by Fakhri Zulkifli.
    For more information, see:
    http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
    (* Security fix *)
  • news/2018/08/26/slackwarearm-14.2-changelog.txt
  • Last modified: 2 years ago
  • by Giuseppe Di Terlizzi