Slackwarearm-14.2 ChangeLog (2020-04-17)
Fri Apr 17 08:08:08 UTC 2020
Packages
Upgraded
- patches/packages/bind-9.11.18-arm-1_slack14.2.txz
This update fixes a security issue:
DNS rebinding protection was ineffective when BIND 9 is configured as a
forwarding DNS server. Found and responsibly reported by Tobias Klein.
[GL #1574]
(* Security fix *) - patches/packages/git-2.17.4-arm-1_slack14.2.txz
This update fixes a security issue:
With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol. Credit for finding the
vulnerability goes to Felix Wilhelm of Google Project Zero.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
(* Security fix *) - patches/packages/openvpn-2.4.9-arm-1_slack14.1.txz
This update fixes a security issue:
Fix illegal client float. Thanks to Lev Stipakov.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
(* Security fix *)