This is an old revision of the document!
Slackwarearm-14.2 ChangeLog (2018-12-02)
Sun Dec 02 08:08:08 UTC 2018
Packages
Upgraded
- patches/packages/nano-3.2-arm-1_slack14.2.txz
- patches/packages/rp-pppoe-3.13-arm-1_slack14.2.txz
Rebuilt
- patches/packages/samba-4.6.16-arm-2_slack14.2.txz
This update patches some security issues:
CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server
CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT
CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server
CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers
CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported)
CVE-2018-16857: Bad password count in AD DC not always effective
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14629.html
https://www.samba.org/samba/security/CVE-2018-16841.html
https://www.samba.org/samba/security/CVE-2018-16851.html
https://www.samba.org/samba/security/CVE-2018-16852.html
https://www.samba.org/samba/security/CVE-2018-16853.html
https://www.samba.org/samba/security/CVE-2018-16857.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857
(* Security fix *)