Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-14.2 ChangeLog (2016-12-28) ====== ====== Wed Dec 28 21:05:19 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.14.2>patches/packages/python-2.7.13-x86_64-1_slack14.2.txz]] \\ This release fixes security issues: \\ Issue #27850: Remove 3DES from ssl module's default cipher list to counter \\ measure sweet32 attack (CVE-2016-2183). \\ Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the \\ HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates \\ that the script is in CGI mode. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110 \\ (* Security fix *) * [[slackware64.14.2>patches/packages/samba-4.4.8-x86_64-1_slack14.2.txz]] \\ This release fixes security issues: \\ CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer \\ Overflow Remote Code Execution Vulnerability). \\ CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers \\ in trusted realms). \\ CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege \\ elevation). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126 \\ (* Security fix *) {{tag>slackware changelog slackware64-14.2 2016-12}} news/2016/12/28/slackware64-14.2-changelog.txt Last modified: 5 months agoby Giuseppe Di Terlizzi Log In