Slackware64-13.37 ChangeLog (2016-03-10)
Thu Mar 10 23:43:47 UTC 2016
Packages
Upgraded
- patches/packages/openssh-7.2p2-x86_64-1_slack13.37.txz
This release fixes a security bug:
sshd(8): sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.
For more information, see:
http://www.openssh.com/txt/x11fwd.adv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
(* Security fix *)
Thu Mar 10 02:46:49 UTC 2016
Packages
Upgraded
- patches/packages/bind-9.9.8_P4-x86_64-1_slack13.37.txz
Fixed security issues:
Fix resolver assertion failure due to improper DNAME handling when
parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
Malformed control messages can trigger assertions in named and rndc.
(CVE-2016-1285) [RT #41666]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
(* Security fix *)