Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2017-10-19) ====== ====== Thu Oct 19 08:08:08 UTC 2017 ====== > \\ The mini root filesystem for -current has been updated: \\ ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/ \\ ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>ap/cups-2.2.5-arm-1.txz]] * [[slackwarearm.current>x/libXfont2-2.0.2-arm-1.txz]] \\ This update is a collection of minor fixes since 2.0.1, including \\ CVE-2017-13720 and CVE-2017-13722. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722 \\ (* Security fix *) * [[slackwarearm.current>x/libXres-1.2.0-arm-1.txz]] \\ Integer overflows may allow X servers to trigger allocation of insufficient \\ memory and a buffer overflow via vectors related to the (1) \\ XResQueryClients and (2) XResQueryClientResources functions. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988 \\ (* Security fix *) * [[slackwarearm.current>x/xorg-server-1.19.5-arm-1.txz]] \\ This update fixes integer overflows and other possible security issues. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187 \\ (* Security fix *) * [[slackwarearm.current>x/xorg-server-xephyr-1.19.5-arm-1.txz]] * [[slackwarearm.current>x/xorg-server-xnest-1.19.5-arm-1.txz]] * [[slackwarearm.current>x/xorg-server-xvfb-1.19.5-arm-1.txz]] ==== Rebuilt ==== * [[slackwarearm.current>n/wpa_supplicant-2.6-arm-2.txz]] \\ This update includes patches to mitigate the WPA2 protocol issues known \\ as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, \\ hijack TCP connections, and to forge and inject packets. This is the \\ list of vulnerabilities that are addressed here: \\ CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the \\ 4-way handshake. \\ CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. \\ CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way \\ handshake. \\ CVE-2017-13080: Reinstallation of the group key (GTK) in the group key \\ handshake. \\ CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group \\ key handshake. \\ CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) \\ Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) \\ while processing it. \\ CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. \\ CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) \\ PeerKey (TPK) key in the TDLS handshake. \\ CVE-2017-13087: reinstallation of the group key (GTK) when processing a \\ Wireless Network Management (WNM) Sleep Mode Response frame. \\ CVE-2017-13088: reinstallation of the integrity group key (IGTK) when \\ processing a Wireless Network Management (WNM) Sleep Mode Response frame. \\ For more information, see: \\ https://www.krackattacks.com/ \\ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 \\ (* Security fix *) * [[slackwarearm.current>x/xf86-video-armsoc-1.4.1-arm-9.txz]] * [[slackwarearm.current>x/xf86-video-fbdev-110.e0bce0d-arm-7.txz]] * [[slackwarearm.current>x/xf86-video-fbturbo-199.f9a6ed7-arm-10.txz]] * [[slackwarearm.current>x/xf86-video-opentegra-0.7.0-arm-9.txz]] {{tag>slackware changelog slackwarearm-current 2017/10}} news/2017/10/19/slackwarearm-current-changelog.txt Last modified: 7 years agoby Giuseppe Di Terlizzi Log In