Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.2 ChangeLog (2021-06-11) ====== ====== Fri Jun 11 08:08:08 UTC 2021 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.2>patches/packages/httpd-2.4.48-arm-1_slack14.2.txz]] \\ This release contains security fixes and improvements. \\ mod_http2: Fix a potential NULL pointer dereference. \\ Unexpected <Location> section matching with 'MergeSlashes OFF'. \\ mod_auth_digest: possible stack overflow by one nul byte while validating \\ the Digest nonce. \\ mod_session: Fix possible crash due to NULL pointer dereference, which \\ could be used to cause a Denial of Service with a malicious backend \\ server and SessionHeader. \\ mod_session: Fix possible crash due to NULL pointer dereference, which \\ could be used to cause a Denial of Service. \\ mod_proxy_http: Fix possible crash due to NULL pointer dereference, which \\ could be used to cause a Denial of Service. \\ mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end \\ negotiation. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567 \\ (* Security fix *) * [[slackwarearm.14.2>patches/packages/libX11-1.7.2-arm-1_slack14.2.txz]] \\ This is a bug fix release, correcting a regression introduced by and \\ improving the checks from the fix for CVE-2021-31535. ==== Rebuilt ==== * [[slackwarearm.14.2>patches/packages/polkit-0.113-arm-2_slack14.2.txz]] \\ This update includes a mitigation for local privilege escalation using \\ polkit_system_bus_name_get_creds_sync(). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-14.2 2021-06}} news/2021/06/11/slackwarearm-14.2-changelog.txt Last modified: 3 years agoby Giuseppe Di Terlizzi Log In