Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2018-03-01) ====== ====== Thu Mar 1 23:24:54 UTC 2018 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.1>patches/packages/dhcp-4.4.1-i486-1_slack14.1.txz]] \\ This update fixes two security issues: \\ Corrected an issue where large sized 'X/x' format options were causing \\ option handling logic to overwrite memory when expanding them to human \\ readable form. Reported by Felix Wilhelm, Google Security Team. \\ Option reference count was not correctly decremented in error path \\ when parsing buffer for options. Reported by Felix Wilhelm, Google \\ Security Team. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733 \\ (* Security fix *) * [[slackware.14.1>patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz]] \\ This release addresses five security issues in ntpd: \\ * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: \\ ephemeral association attack. While fixed in ntp-4.2.8p7, there are \\ significant additional protections for this issue in 4.2.8p11. \\ Reported by Matt Van Gundy of Cisco. \\ * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer \\ read overrun leads to undefined behavior and information leak. \\ Reported by Yihan Lian of Qihoo 360. \\ * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated \\ ephemeral associations. Reported on the questions@ list. \\ * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode \\ cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \\ * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet \\ can reset authenticated interleaved association. \\ Reported by Miroslav Lichvar of Red Hat. \\ For more information, see: \\ http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 \\ (* Security fix *) {{tag>slackware changelog slackware-14.1 2018-03}} news/2018/03/01/slackware-14.1-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In