Slackware-13.1 ChangeLog (2013-08-06)
Tue Aug 6 05:23:34 UTC 2013
Packages
Upgraded
- patches/packages/bind-9.8.5_P2-i486-1_slack13.1.txz
This update fixes a security issue where a specially crafted query can cause
BIND to terminate abnormally, resulting in a denial of service.
For more information, see:
https://kb.isc.org/article/AA-01015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
(* Security fix *) - patches/packages/httpd-2.2.25-i486-1_slack13.1.txz
This update addresses two security issues:
* SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client
data written to the RewriteLog is escaped to prevent terminal escape
sequences from entering the log file.
* SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request
against a URI handled by mod_dav_svn with the source href (sent as part of
the request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
(* Security fix *) - patches/packages/samba-3.5.22-i486-1_slack13.1.txz
This update fixes missing integer wrap protection in an EA list reading
that can allow authenticated or guest connections to cause the server to
loop, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
(* Security fix *)