Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-12.2 ChangeLog (2013-02-09) ====== ====== Sat Feb 9 21:45:56 UTC 2013 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.12.2>patches/packages/openssl-0.9.8y-i486-1_slack12.2.tgz]] \\ Make the decoding of SSLv3, TLS and DTLS CBC records constant time. \\ This addresses the flaw in CBC record processing discovered by \\ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found \\ at: http://www.isg.rhul.ac.uk/tls/ \\ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information \\ Security Group at Royal Holloway, University of London \\ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and \\ Emilia Käsper for the initial patch. \\ (CVE-2013-0169) \\ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] \\ Return an error when checking OCSP signatures when key is NULL. \\ This fixes a DoS attack. (CVE-2013-0166) \\ [Steve Henson] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 \\ (* Security fix *) * [[slackware.12.2>patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.2.tgz]] \\ (* Security fix *) {{tag>slackware changelog slackware-12.2 2013-02}} news/2013/02/09/slackware-12.2-changelog.txt Last modified: 6 months ago(external edit) Log In