Slackware-14.0 ChangeLog (2016-12-28)
Wed Dec 28 21:05:19 UTC 2016
Packages
Upgraded
- patches/packages/python-2.7.13-i486-1_slack14.0.txz
This release fixes security issues:
Issue #27850: Remove 3DES from ssl module's default cipher list to counter
measure sweet32 attack (CVE-2016-2183).
Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110
(* Security fix *)