Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2014-04-08) ====== ====== Tue Apr 8 14:19:51 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.1>patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz]] \\ This update fixes two security issues: \\ A missing bounds check in the handling of the TLS heartbeat extension \\ can be used to reveal up to 64k of memory to a connected client or server. \\ Thanks for Neel Mehta of Google Security for discovering this bug and to \\ Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for \\ preparing the fix. \\ Fix for the attack described in the paper "Recovering OpenSSL \\ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" \\ by Yuval Yarom and Naomi Benger. Details can be obtained from: \\ http://eprint.iacr.org/2014/140 \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 \\ (* Security fix *) * [[slackware.14.1>patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz]] {{tag>slackware changelog slackware-14.1 2014-04}} news/2014/04/08/slackware-14.1-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In