Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.2 ChangeLog (2020-04-17) ====== ====== Fri Apr 17 08:08:08 UTC 2020 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.2>patches/packages/bind-9.11.18-arm-1_slack14.2.txz]] \\ This update fixes a security issue: \\ DNS rebinding protection was ineffective when BIND 9 is configured as a \\ forwarding DNS server. Found and responsibly reported by Tobias Klein. \\ [GL #1574] \\ (* Security fix *) * [[slackwarearm.14.2>patches/packages/git-2.17.4-arm-1_slack14.2.txz]] \\ This update fixes a security issue: \\ With a crafted URL that contains a newline in it, the credential helper \\ machinery can be fooled to give credential information for a wrong host. \\ The attack has been made impossible by forbidding a newline character in \\ any value passed via the credential protocol. Credit for finding the \\ vulnerability goes to Felix Wilhelm of Google Project Zero. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260 \\ (* Security fix *) * [[slackwarearm.14.2>patches/packages/openvpn-2.4.9-arm-1_slack14.1.txz]] \\ This update fixes a security issue: \\ Fix illegal client float. Thanks to Lev Stipakov. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-14.2 2020-04}} news/2020/04/17/slackwarearm-14.2-changelog.txt Last modified: 13 months agoby Giuseppe Di Terlizzi Log In