Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-14.1 ChangeLog (2014-03-28) ====== ====== Fri Mar 28 03:43:11 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.14.1>patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz]] \\ This update fixes four security issues. \\ For more information, see: \\ http://curl.haxx.se/docs/adv_20140326A.html \\ http://curl.haxx.se/docs/adv_20140326B.html \\ http://curl.haxx.se/docs/adv_20140326C.html \\ http://curl.haxx.se/docs/adv_20140326D.html \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522 \\ (* Security fix *) * [[slackware64.14.1>patches/packages/httpd-2.4.9-x86_64-1_slack14.1.txz]] \\ This update addresses two security issues. \\ Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults \\ when logging truncated cookies. Clean up the cookie logging parser to \\ recognize only the cookie=value pairs, not valueless cookies. \\ mod_dav: Keep track of length of cdata properly when removing leading \\ spaces. Eliminates a potential denial of service from specifically crafted \\ DAV WRITE requests. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438 \\ (* Security fix *) * [[slackware64.14.1>patches/packages/mozilla-firefox-24.4.0esr-x86_64-1_slack14.1.txz]] \\ This release contains security fixes and improvements. \\ For more information, see: \\ http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html \\ (* Security fix *) * [[slackware64.14.1>patches/packages/mozilla-nss-3.16-x86_64-1_slack14.1.txz]] \\ This update fixes a security issue: \\ The cert_TestHostName function in lib/certdb/certdb.c in the \\ certificate-checking implementation in Mozilla Network Security Services \\ (NSS) before 3.16 accepts a wildcard character that is embedded in an \\ internationalized domain name's U-label, which might allow man-in-the-middle \\ attackers to spoof SSL servers via a crafted certificate. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 \\ (* Security fix *) * [[slackware64.14.1>patches/packages/mozilla-thunderbird-24.4.0-x86_64-1_slack14.1.txz]] \\ This release contains security fixes and improvements. \\ For more information, see: \\ http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html \\ (* Security fix *) * [[slackware64.14.1>patches/packages/openssh-6.6p1-x86_64-1_slack14.1.txz]] \\ This update fixes a security issue when using environment passing with \\ a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be \\ tricked into accepting any environment variable that contains the \\ characters before the wildcard character. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532 \\ (* Security fix *) * [[slackware64.14.1>patches/packages/seamonkey-2.25-x86_64-1_slack14.1.txz]] \\ This update contains security fixes and improvements. \\ For more information, see: \\ http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html \\ (* Security fix *) * [[slackware64.14.1>patches/packages/seamonkey-solibs-2.25-x86_64-1_slack14.1.txz]] {{tag>slackware changelog slackware64-14.1 2014-03}} news/2014/03/28/slackware64-14.1-changelog.txt Last modified: 5 months agoby Giuseppe Di Terlizzi Log In