news:2013:02:09:slackware-12.1-changelog

This is an old revision of the document!


Slackware-12.1 ChangeLog (2013-02-09)

Sat Feb 9 21:45:56 UTC 2013

  • patches/packages/openssl-0.9.8y-i486-1_slack12.1.tgz
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
    This addresses the flaw in CBC record processing discovered by
    Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
    at: http://www.isg.rhul.ac.uk/tls/
    Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
    Security Group at Royal Holloway, University of London
    (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
    Emilia Käsper for the initial patch.
    (CVE-2013-0169)
    [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
    Return an error when checking OCSP signatures when key is NULL.
    This fixes a DoS attack. (CVE-2013-0166)
    [Steve Henson]
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
    (* Security fix *)
  • patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.1.tgz
    (* Security fix *)
  • news/2013/02/09/slackware-12.1-changelog.1607330223.txt.gz
  • Last modified: 3 years ago
  • by Giuseppe Di Terlizzi