Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
news:2014:06:06:slackware64-current-changelog [2015/03/10 12:04]
Giuseppe Di Terlizzi
news:2014:06:06:slackware64-current-changelog [2015/03/26 10:43]
Giuseppe Di Terlizzi
Line 2: Line 2:
  
 ====== Fri Jun  6 04:27:01 UTC 2014 ====== ====== Fri Jun  6 04:27:01 UTC 2014 ======
- 
- 
 ===== Packages ===== ===== Packages =====
  
 ==== Upgraded ==== ==== Upgraded ====
-  * [[slackware64.current>​a/​openssl-solibs-1.0.1h-x86_64-1.txz]] (Security fix)+  * [[slackware64.current>​a/​openssl-solibs-1.0.1h-x86_64-1.txz]] ​\\   (Security fix *)
   * [[slackware64.current>​ap/​nano-2.3.4-x86_64-1.txz]]   * [[slackware64.current>​ap/​nano-2.3.4-x86_64-1.txz]]
-  * [[slackware64.current>​l/​libtasn1-3.6-x86_64-1.txz]] (Security fix) +  * [[slackware64.current>​l/​libtasn1-3.6-x86_64-1.txz]] ​\\   ​Multiple security issues have been corrected in the libtasn1 library. \\   These errors allow a remote attacker to cause a denial of service, or \\   ​possibly to execute arbitrary code. \\   For more information,​ see: \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3467 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3468 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3469 \\   (Security fix *
-  * [[slackware64.current>​n/​gnutls-3.2.15-x86_64-1.txz]] (Security fix)+  * [[slackware64.current>​n/​gnutls-3.2.15-x86_64-1.txz]] ​\\   A security issue has been corrected in gnutls. ​ This vulnerability \\   ​affects the client side of the gnutls library. ​ A server that sends \\   a specially crafted ServerHello could corrupt the memory of a requesting \\   ​client. ​ This may allow a remote attacker to execute arbitrary code. \\   ​Additional vulnerabilities in the embedded libtasn1 library have also \\   been patched. \\   For more information,​ see: \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3465 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3466 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3467 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3468 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3469 \\   (Security fix *)
   * [[slackware64.current>​n/​irssi-0.8.16-x86_64-1.txz]]   * [[slackware64.current>​n/​irssi-0.8.16-x86_64-1.txz]]
-  * [[slackware64.current>​n/​openssl-1.0.1h-x86_64-1.txz]] (Security fix) +  * [[slackware64.current>​n/​openssl-1.0.1h-x86_64-1.txz]] ​\\   ​Multiple security issues have been corrected, including a possible \\   ​man-in-the-middle attack where weak keying material is forced, denial \\   of service, and the execution of arbitrary code. \\   For more information,​ see: \\     ​http://​www.openssl.org/​news/​secadv_20140605.txt \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2010-5298 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0195 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0198 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0221 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0224 \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3470 \\   (Security fix *
-  * [[slackware64.current>​n/​sendmail-8.14.9-x86_64-1.txz]] (Security fix)+  * [[slackware64.current>​n/​sendmail-8.14.9-x86_64-1.txz]] ​\\   This release fixes one security related bug by properly closing file \\   ​descriptors ​(except stdin, stdout, and stderr) before executing programs. \\   This bug could enable local users to interfere with an open SMTP \\   ​connection if they can execute their own program for mail delivery \\   ​(e.g.,​ via procmail or the prog mailer). \\   For more information,​ see: \\     ​http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3956 \\   ​(* ​Security fix *)
   * [[slackware64.current>​n/​sendmail-cf-8.14.9-noarch-1.txz]]   * [[slackware64.current>​n/​sendmail-cf-8.14.9-noarch-1.txz]]
-===== ChangeLog ===== 
-<​code>​ 
-Fri Jun  6 04:27:01 UTC 2014 
-a/​openssl-solibs-1.0.1h-x86_64-1.txz: ​ Upgraded. 
-  (* Security fix *) 
-ap/​nano-2.3.4-x86_64-1.txz: ​ Upgraded. 
-l/​libtasn1-3.6-x86_64-1.txz: ​ Upgraded. 
-  Multiple security issues have been corrected in the libtasn1 library. 
-  These errors allow a remote attacker to cause a denial of service, or 
-  possibly to execute arbitrary code. 
-  For more information,​ see: 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3467 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3468 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3469 
-  (* Security fix *) 
-n/​gnutls-3.2.15-x86_64-1.txz: ​ Upgraded. 
-  A security issue has been corrected in gnutls. ​ This vulnerability 
-  affects the client side of the gnutls library. ​ A server that sends 
-  a specially crafted ServerHello could corrupt the memory of a requesting 
-  client. ​ This may allow a remote attacker to execute arbitrary code. 
-  Additional vulnerabilities in the embedded libtasn1 library have also 
-  been patched. 
-  For more information,​ see: 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3465 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3466 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3467 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3468 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3469 
-  (* Security fix *) 
-n/​irssi-0.8.16-x86_64-1.txz: ​ Upgraded. 
-n/​openssl-1.0.1h-x86_64-1.txz: ​ Upgraded. 
-  Multiple security issues have been corrected, including a possible 
-  man-in-the-middle attack where weak keying material is forced, denial 
-  of service, and the execution of arbitrary code. 
-  For more information,​ see: 
-    http://​www.openssl.org/​news/​secadv_20140605.txt 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2010-5298 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0195 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0198 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0221 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-0224 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3470 
-  (* Security fix *) 
-n/​sendmail-8.14.9-x86_64-1.txz: ​ Upgraded. 
-  This release fixes one security related bug by properly closing file 
-  descriptors (except stdin, stdout, and stderr) before executing programs. 
-  This bug could enable local users to interfere with an open SMTP 
-  connection if they can execute their own program for mail delivery 
-  (e.g., via procmail or the prog mailer). 
-  For more information,​ see: 
-    http://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2014-3956 
-  (* Security fix *) 
-n/​sendmail-cf-8.14.9-noarch-1.txz: ​ Upgraded. 
-</​code>​ 
- 
  
  
 {{tag>​slackware changelog slackware64-current 2014/06}} {{tag>​slackware changelog slackware64-current 2014/06}}
  
  • news/2014/06/06/slackware64-current-changelog.txt
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi