This is an old revision of the document!
Slackware64-13.1 ChangeLog (2016-08-06)
Sat Aug 6 19:29:16 UTC 2016
Packages
Upgraded
- patches/packages/curl-7.50.1-x86_64-1_slack13.1.txz
This release fixes security issues:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
For more information, see:
https://curl.haxx.se/docs/adv_20160803A.html
https://curl.haxx.se/docs/adv_20160803B.html
https://curl.haxx.se/docs/adv_20160803C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
(* Security fix *) - patches/packages/openssh-7.3p1-x86_64-1_slack13.1.txz
This is primarily a bugfix release, and also addresses security issues.
sshd(8): Mitigate a potential denial-of-service attack against the system's
crypt(3) function via sshd(8).
sshd(8): Mitigate timing differences in password authentication that could
be used to discern valid from invalid account names when long passwords were
sent and particular password hashing algorithms are in use on the server.
ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle
countermeasures.
ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC
before decrypting any ciphertext.
sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes.
For more information, see:
http://www.openssh.com/txt/release-7.3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
(* Security fix *) - patches/packages/stunnel-5.35-x86_64-1_slack13.1.txz
Fixes security issues:
Fixed malfunctioning “verify = 4”.
Fixed incorrectly enforced client certificate requests.
(* Security fix *)