Slackwarearm-current ChangeLog (2014-08-10)
Sun Aug 10 12:30:19 UTC 2014
Packages
Rebuilt
- a/gpm-1.20.7-arm-3.txz
Removed the mouse-t.el file, which is older than the version in Emacs.
Thanks to Richard Cranium. - n/dhcpcd-6.0.5-arm-3.txz
This update fixes a security issue where a specially crafted packet
received from a malicious DHCP server causes dhcpcd to enter an infinite
loop causing a denial of service.
Thanks to Tobias Stoeckmann for the bug report.
(* Security fix *) - xap/xscreensaver-5.29-arm-2.txz
Disabled nag screen that says “This version of XScreenSaver is very old!
Please upgrade!” when the age of the software exceeds 12 months. - isolinux/*
Upgraded
- a/kernel-firmware-20140809git-noarch-1.txz
- a/kernel-modules-armv7-3.15.9_armv7-arm-1.txz
- a/kernel-modules-kirkwood-3.15.9_kirkwood-arm-1.txz
- a/kernel_armv7-3.15.9-arm-1.txz
- a/kernel_kirkwood-3.15.9-arm-1.txz
- a/openssl-solibs-1.0.1i-arm-1.txz
(* Security fix *) - k/kernel-source-3.15.9-arm-1.txz
- n/openssl-1.0.1i-arm-1.txz
This update fixes several security issues:
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
Information leak in pretty printing functions (CVE-2014-3508)
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
SRP buffer overrun (CVE-2014-3512)
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
For more information, see:
https://www.openssl.org/news/secadv_20140806.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
(* Security fix *) - n/samba-4.1.11-arm-1.txz
This update fixes a remote code execution attack on unauthenticated nmbd
NetBIOS name services. A malicious browser can send packets that may
overwrite the heap of the target nmbd NetBIOS name services daemon.
It may be possible to use this to generate a remote code execution
vulnerability as the superuser (root).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
(* Security fix *) - kernels/*
Giuseppe Di Terlizzi