Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.0 ChangeLog (2015-01-12) ====== ====== Mon Jan 12 21:22:13 UTC 2015 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.0>patches/packages/openssl-solibs-1.0.1k-arm-1_slack14.0.txz]] \\ (* Security fix *) * [[slackwarearm.14.0>patches/packages/openssl-1.0.1k-arm-1_slack14.0.txz]] \\ This update fixes several security issues: \\ DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) \\ DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) \\ no-ssl3 configuration sets method to NULL (CVE-2014-3569) \\ ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) \\ RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) \\ DH client certificates accepted without verification [Server] (CVE-2015-0205) \\ Certificate fingerprints can be modified (CVE-2014-8275) \\ Bignum squaring may produce incorrect results (CVE-2014-3570) \\ For more information, see: \\ https://www.openssl.org/news/secadv_20150108.txt \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-14.0 2015-01}} news/2015/01/12/slackwarearm-14.0-changelog.txt Last modified: 3 years agoby Giuseppe Di Terlizzi Log In