Slackware-14.2 ChangeLog (2017-09-18)
Mon Sep 18 19:15:03 UTC 2017
Packages
Rebuilt
- patches/packages/httpd-2.4.27-i586-2_slack14.2.txz
This update patches a security issue (“Optionsbleed”) with the OPTIONS http
method which may leak arbitrary pieces of memory to a potential attacker.
Thanks to Hanno Bo:ck.
For more information, see:
http://seclists.org/oss-sec/2017/q3/477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
(* Security fix *)
Upgraded
- patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz
Mitigate a local side-channel attack on Curve25519 dubbed “May
the Fourth be With You”.
For more information, see:
https://eprint.iacr.org/2017/806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379
(* Security fix *) - patches/packages/ruby-2.2.8-i586-1_slack14.2.txz
This release includes several security fixes.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
(* Security fix *)