Slackware-current ChangeLog (2014-08-08)
Fri Aug 8 19:02:50 UTC 2014
Welcome pi kernel! Unless we reach kernel 3.14.159, this is probably the best
approximation we're going to get.
Packages
Upgraded
- a/openssl-solibs-1.0.1i-i486-1.txz
(* Security fix *) - n/openssl-1.0.1i-i486-1.txz
This update fixes several security issues:
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
Information leak in pretty printing functions (CVE-2014-3508)
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
SRP buffer overrun (CVE-2014-3512)
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
For more information, see:
https://www.openssl.org/news/secadv_20140806.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
(* Security fix *)