Slackware-13.0 ChangeLog (2009-06-03)
Wed Jun 3 18:17:19 CDT 2009
Packages
Patched makepkg to warn about possible
- a/pkgtools-12.34567890-noarch-6.tgz
problems with /usr/share/info usage. Thanks to Robby Workman.
Upgraded to liboil-0.3.16
- l/liboil-0.3.16-i486-1.txz
Upgraded to ntp-4.2.4p7
- n/ntp-4.2.4p7-i486-1.txz
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq
in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious
remote NTP server.
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in
ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code.
This does not affect the Slackware ntpd as it does not link with openssl.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
(* Security fix *)