Slackware64-14.0 ChangeLog (2016-06-03)
Fri Jun 3 23:36:07 UTC 2016
Packages
Rebuilt
- patches/packages/libxml2-2.9.4-x86_64-2_slack14.0.txz
Fix attribute decoding during XML schema validation.
Thanks to Andreas Vögele.
Upgraded
- patches/packages/ntp-4.2.8p8-x86_64-1_slack14.0.txz
This release patches one high and four low severity security issues:
CVE-2016-4957: Crypto-NAK crash
CVE-2016-4953: Bad authentication demobilizes ephemeral associations
CVE-2016-4954: Processing spoofed server packets
CVE-2016-4955: Autokey association reset
CVE-2016-4956: Broadcast interleave
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
(* Security fix *)