Slackware64-current ChangeLog (2016-02-26)
Fri Feb 26 22:54:05 UTC 2016
Packages
Upgraded
- l/libical-2.0.0-x86_64-1.txz
Shared library .so-version bump. - l/libssh-0.7.3-x86_64-1.txz
Fixed weak key generation. Due to a bug in the ephemeral secret key
generation for the diffie-hellman-group1 and diffie-hellman-group14
methods, ephemeral secret keys of size 128 bits are generated, instead
of the recommended sizes of 1024 and 2048 bits, giving a practical
security of 63 bits.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
(* Security fix *) - n/libssh2-1.7.0-x86_64-1.txz
Fixed weak key generation. During the SSHv2 handshake when libssh2 is to
get a suitable value for 'group order' in the Diffle Hellman negotiation,
it would pass in number of bytes to a function that expected number of bits.
This would result in the library generating numbers using only an 8th the
number of random bits than what were intended: 128 or 256 bits instead of
1023 or 2047. Using such drastically reduced amount of random bits for
Diffie Hellman weakended the handshake security significantly.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787
(* Security fix *)
Rebuilt
- kde/kdepimlibs-4.14.10-x86_64-2.txz
Recompiled against libical-2.0.0. - n/bluez-5.37-x86_64-2.txz
Recompiled against libical-2.0.0. - xfce/orage-4.12.1-x86_64-3.txz
Recompiled against libical-2.0.0.