Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.1 ChangeLog (2016-02-24) ====== ====== Wed Feb 24 19:20:21 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.1>patches/packages/bind-9.9.8_P3-arm-1_slack14.1.txz]] \\ This release fixes two possible denial-of-service issues: \\ render_ecs errors were mishandled when printing out a OPT record resulting \\ in a assertion failure. (CVE-2015-8705) [RT #41397] \\ Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 \\ (* Security fix *) * [[slackwarearm.14.1>patches/packages/libgcrypt-1.5.5-arm-1_slack14.1.txz]] \\ Mitigate chosen cipher text attacks on ECDH with Weierstrass curves. \\ Use ciphertext blinding for Elgamal decryption. \\ For more information, see: \\ http://www.cs.tau.ac.IL/~tromer/ecdh/ \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591 \\ (* Security fix *) * [[slackwarearm.14.1>patches/packages/ntp-4.2.8p6-arm-1_slack14.1.txz]] \\ In addition to bug fixes and enhancements, this release fixes \\ several low and medium severity vulnerabilities. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158 \\ (* Security fix *) ==== Rebuilt ==== * [[slackwarearm.14.1>patches/packages/glibc-2.17-arm-17_slack14.1.txz]] \\ This update provides a patch to fix the stack-based buffer overflow in \\ libresolv that could allow specially crafted DNS responses to seize \\ control of execution flow in the DNS client (CVE-2015-7547). However, \\ due to a patch applied to Slackware's glibc back in 2009 (don't use the \\ gethostbyname4() lookup method as it was causing some cheap routers to \\ misbehave), we were not vulnerable to that issue. Nevertheless it seems \\ prudent to patch the overflows anyway even if we're not currently using \\ the code in question. Thanks to mancha for the backported patch. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 \\ (* Security fix *) * [[slackwarearm.14.1>patches/packages/glibc-i18n-2.17-arm-17_slack14.1.txz]] * [[slackwarearm.14.1>patches/packages/glibc-profile-2.17-arm-17_slack14.1.txz]] * [[slackwarearm.14.1>patches/packages/glibc-solibs-2.17-arm-17_slack14.1.txz]] {{tag>slackware changelog slackwarearm-14.1 2016-02}} news/2016/02/24/slackwarearm-14.1-changelog.txt Last modified: 12 months agoby Giuseppe Di Terlizzi Log In