This is an old revision of the document!
Slackware-12.0 ChangeLog (2011-02-10)
Thu Feb 10 21:19:38 UTC 2011
Packages
Upgraded
- patches/packages/apr-1.3.12-i486-1_slack12.0.tgz
- patches/packages/apr-util-1.3.10-i486-1_slack12.0.tgz
Fixes a memory leak and DoS in apr_brigade_split_line().
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
(* Security fix *) - patches/packages/expat-2.0.1-i486-2_slack12.0.tgz
Fixed various crash and hang bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
(* Security fix *) - patches/packages/httpd-2.2.17-i486-1_slack12.0.tgz
This fixes some denial of service bugs in the bundled libraries.
On Slackware we do not use the bundled expat or apr-util, so the
issues are also fixed in those external libraries.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
(* Security fix *) - patches/packages/openssl-0.9.8r-i486-1_slack12.0.tgz
This OpenSSL update fixes an “OCSP stapling vulnerability”.
For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.org/news/secadv_20110208.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
(* Security fix *)
Patched certwatch to work with recent versions of “file”.
Thanks to Ulrich Schäfer and Jan Rafaj. - patches/packages/openssl-solibs-0.9.8r-i486-1_slack12.0.tgz
(* Security fix *) - patches/packages/sudo-1.7.4p6-i486-1_slack12.0.tgz
Fix Runas group password checking.
For more information, see the included CHANGES and NEWS files, and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
(* Security fix *)