Slackware-13.0 ChangeLog (2008-07-29)

Tue Jul 29 13:22:03 CDT 2008

n/proftpd-1.3.1-i486-2.tgz: Recompiled against new OpenSSL, since this
evidently checks the OpenSSL version and will only run against the
libraries it was compiled against. A small patch was also added to
account for changes in the system includes.
Thanks to Martin Schmitz for the info and a pointer to the patch.

Mon Jul 28 22:45:58 CDT 2008

a/openssl-solibs-0.9.8h-i486-1.tgz:
Upgraded to OpenSSL 0.9.8h shared libraries (see below).
(* Security fix *)
a/sysvinit-scripts-1.2-noarch-21.tgz: For now, quiet error output from
update-mime-database, since KDE4 causes some “noise”.
ap/vim-7.1.330-i486-1.tgz:
Upgraded to vim-7.1.330. This fixes several security issues related to
the automatic processing of untrusted files.
For more information, see:
http://www.rdancer.org/vulnerablevim.html
(* Security fix *)
  • n/openldap-client-2.3.43-i486-1.tgz
    This release fixes a security issue in slapd (our package does not ship it.)
    n/openssh-5.1p1-i486-1.tgz:
    Upgraded to openssh-5.1p1.
    When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or
    it is possible to be unable to log back into sshd!
    n/openssl-0.9.8h-i486-1.tgz:
    Upgraded to OpenSSL 0.9.8h.
    The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
    If OpenSSL was compiled using non-default options (Slackware's package
    is not), then a malicious packet could cause a crash. Also, a malformed
    TLS handshake could also lead to a crash.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
    When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
    it is possible to be unable to log back into sshd!
    (* Security fix *)
  • news/2008/07/29/slackware-13.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi