Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.2 ChangeLog (2018-08-17) ====== ====== Fri Aug 17 16:52:04 UTC 2018 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.2>patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz]] \\ This release improves on one security fix in ntpd: \\ LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack \\ While fixed in ntp-4.2.8p7 and with significant additional protections for \\ this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in \\ the new noepeer support. Originally reported by Matt Van Gundy of Cisco. \\ Edge-case hole reported by Martin Burnicki of Meinberg. \\ And fixes another security issue in ntpq and ntpdc: \\ LOW: Sec 3505: The openhost() function used during command-line hostname \\ processing by ntpq and ntpdc can write beyond its buffer limit, which \\ could allow an attacker to achieve code execution or escalate to higher \\ privileges via a long string as the argument for an IPv4 or IPv6 \\ command-line parameter. NOTE: It is unclear whether there are any common \\ situations in which ntpq or ntpdc is used with a command line from an \\ untrusted source. Reported by Fakhri Zulkifli. \\ For more information, see: \\ http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327 \\ (* Security fix *) * [[slackware.14.2>patches/packages/samba-4.6.16-i586-1_slack14.2.txz]] \\ This is a security release in order to address the following defects: \\ Insufficient input validation on client directory listing in libsmbclient. \\ A malicious server could return a directory entry that could corrupt \\ libsmbclient memory. \\ Confidential attribute disclosure from the AD LDAP server. \\ Missing access control checks allow discovery of confidential attribute \\ values via authenticated LDAP search expressions. \\ For more information, see: \\ https://www.samba.org/samba/security/CVE-2018-10858.html \\ https://www.samba.org/samba/security/CVE-2018-10919.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919 \\ (* Security fix *) {{tag>slackware changelog slackware-14.2 2018-08}} news/2018/08/17/slackware-14.2-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In