Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-14.2 ChangeLog (2016-08-06) ====== ====== Sat Aug 6 19:29:16 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.14.2>patches/packages/curl-7.50.1-x86_64-1_slack14.2.txz]] \\ This release fixes security issues: \\ TLS: switch off SSL session id when client cert is used \\ TLS: only reuse connections with the same client cert \\ curl_multi_cleanup: clear connection pointer for easy handles \\ For more information, see: \\ https://curl.haxx.se/docs/adv_20160803A.html \\ https://curl.haxx.se/docs/adv_20160803B.html \\ https://curl.haxx.se/docs/adv_20160803C.html \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421 \\ (* Security fix *) * [[slackware64.14.2>patches/packages/mozilla-firefox-45.3.0esr-x86_64-1_slack14.2.txz]] \\ This release contains security fixes and improvements. \\ For more information, see: \\ http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html \\ (* Security fix *) * [[slackware64.14.2>patches/packages/openssh-7.3p1-x86_64-1_slack14.2.txz]] \\ This is primarily a bugfix release, and also addresses security issues. \\ sshd(8): Mitigate a potential denial-of-service attack against the system's \\ crypt(3) function via sshd(8). \\ sshd(8): Mitigate timing differences in password authentication that could \\ be used to discern valid from invalid account names when long passwords were \\ sent and particular password hashing algorithms are in use on the server. \\ ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle \\ countermeasures. \\ ssh(1), sshd(8): Improve operation ordering of MAC verification for \\ Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC \\ before decrypting any ciphertext. \\ sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. \\ For more information, see: \\ http://www.openssh.com/txt/release-7.3 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325 \\ (* Security fix *) * [[slackware64.14.2>patches/packages/stunnel-5.35-x86_64-1_slack14.2.txz]] \\ Fixes security issues: \\ Fixed malfunctioning "verify = 4". \\ Fixed incorrectly enforced client certificate requests. \\ (* Security fix *) {{tag>slackware changelog slackware64-14.2 2016-08}} news/2016/08/06/slackware64-14.2-changelog.txt Last modified: 6 months agoby Giuseppe Di Terlizzi Log In