Slackware64-13.37 ChangeLog (2015-06-11)
Thu Jun 11 21:31:47 UTC 2015
Packages
Upgraded
- patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz
Fixes several bugs and security issues:
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
o Race condition handling NewSessionTicket (CVE-2015-1791)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
(* Security fix *) - patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz