Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-current ChangeLog (2016-02-23) ====== ====== Tue Feb 23 19:31:59 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.current>a/glibc-solibs-2.23-x86_64-1.txz]] * [[slackware64.current>a/kernel-generic-4.4.2-x86_64-1.txz]] * [[slackware64.current>a/kernel-huge-4.4.2-x86_64-1.txz]] * [[slackware64.current>a/kernel-modules-4.4.2-x86_64-1.txz]] * [[slackware64.current>d/kernel-headers-4.4.2-x86-1.txz]] * [[slackware64.current>k/kernel-source-4.4.2-noarch-1.txz]] \\ Key .config changes for this kernel update: \\ CHECKPOINT_RESTORE n -> y \\ DEBUG_KERNEL n -> y \\ EXPERT n -> y \\ NR_CPUS 128 -> 256 \\ KALLSYMS_ALL y \\ LIVEPATCH y * [[slackware64.current>l/glibc-2.23-x86_64-1.txz]] \\ This update contains security fixes and improvements. \\ Of the security fixes, the most important and well-publicized is the \\ stack-based buffer overflow in libresolv that could allow specially \\ crafted DNS responses to seize control of execution flow in the DNS \\ client (CVE-2015-7547). However, due to a patch applied to Slackware's \\ glibc back in 2009 (don't use the gethostbyname4() lookup method as it \\ was causing some cheap routers to misbehave), we were not vulnerable to \\ that issue. The rest of the fixed security issues are less critical. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 \\ (* Security fix *) * [[slackware64.current>l/glibc-i18n-2.23-x86_64-1.txz]] * [[slackware64.current>l/glibc-profile-2.23-x86_64-1.txz]] * [[slackware64.current>l/libproxy-0.4.12-x86_64-1.txz]] * [[slackware64.current>n/bind-9.10.3_P3-x86_64-1.txz]] \\ This release fixes two possible denial-of-service issues: \\ render_ecs errors were mishandled when printing out a OPT record resulting \\ in a assertion failure. (CVE-2015-8705) [RT #41397] \\ Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 \\ (* Security fix *) * [[slackware64.current>n/libgcrypt-1.6.5-x86_64-1.txz]] \\ Mitigate side-channel attack on ECDH with Weierstrass curves. \\ For more information, see: \\ http://www.cs.tau.ac.IL/~tromer/ecdh/ \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511 \\ (* Security fix *) * [[slackware64.current>n/nmap-7.01-x86_64-1.txz]] * [[slackware64.current>n/ntp-4.2.8p6-x86_64-1.txz]] \\ In addition to bug fixes and enhancements, this release fixes \\ several low and medium severity vulnerabilities. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158 \\ (* Security fix *) * [[slackware64.current>x/xf86-video-amdgpu-1.0.1-x86_64-1.txz]] * [[slackware64.current>extra/tigervnc/tigervnc-1.6.0-x86_64-1.txz]] * [[slackware64.current>kernels/*]] ==== Rebuilt ==== * [[slackware64.current>a/procps-ng-3.3.10-x86_64-5.txz]] \\ Restored FROM field in w. Thanks to Stuart Winter. * [[slackware64.current>ap/cups-2.1.3-x86_64-2.txz]] \\ Corrected CXXFLAGS to fix build for older CPUs. Thanks to ecd102. * [[slackware64.current>ap/mc-4.8.15-x86_64-2.txz]] \\ Patched to fix displaying man pages. Thanks to DarkVision. * [[slackware64.current>l/GConf-3.2.6-x86_64-3.txz]] \\ Patched "GConf-WARNING **: Client failed to connect to the D-BUS daemon:" \\ and added a couple other patches from git. Thanks to Robby Workman. * [[slackware64.current>l/alsa-lib-1.1.0-x86_64-3.txz]] \\ Changed the default /etc/asound.conf.new to use a different configuration \\ for PulseAudio that is less likely to cause issues than the previous one, \\ especially on machines where the analog output is not recognized as card 0 \\ by the BIOS. Thanks to Ryan P.C. McQuen who went above and beyond on this \\ bug report by convincing upstream to recommend this on their website in \\ order to convince me to make the change. :-) * [[slackware64.current>xap/blueman-2.0.3-x86_64-2.txz]] \\ Rewrite launcher scripts to use #!/usr/bin/python2.7 rather than \\ #!/usr/bin/env python. \\ For details, see: https://github.com/blueman-project/blueman/issues/435 \\ Thanks to zakame and Robby Workman. * [[slackware64.current>isolinux/initrd.img]] * [[slackware64.current>usb-and-pxe-installers/usbboot.img]] {{tag>slackware changelog slackware64-current 2016/02}} news/2016/02/23/slackware64-current-changelog.txt Last modified: 8 years agoby Giuseppe Di Terlizzi Log In