news:2018:08:17:slackware64-current-changelog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

news:2018:08:17:slackware64-current-changelog [2018/08/17 22:08] – created Giuseppe Di Terlizzinews:2018:08:17:slackware64-current-changelog [2018/08/20 03:45] (current) Giuseppe Di Terlizzi
Line 11: Line 11:
   * [[slackware64.current>ap/mariadb-10.3.9-x86_64-1.txz]] \\   This update fixes bugs and security issues. \\   For more information, see: \\     https://mariadb.com/kb/en/mariadb-1039-release-notes/ \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3060 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 \\   (* Security fix *)   * [[slackware64.current>ap/mariadb-10.3.9-x86_64-1.txz]] \\   This update fixes bugs and security issues. \\   For more information, see: \\     https://mariadb.com/kb/en/mariadb-1039-release-notes/ \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3060 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 \\   (* Security fix *)
   * [[slackware64.current>d/kernel-headers-4.14.63-x86-1.txz]]   * [[slackware64.current>d/kernel-headers-4.14.63-x86-1.txz]]
-  * [[slackware64.current>k/kernel-source-4.14.63-noarch-1.txz]]+  * [[slackware64.current>k/kernel-source-4.14.63-noarch-1.txz]] \\    EFI_VARS m -> y \\    EFI_VARS_PSTORE m -> y \\   +HOTPLUG_SMT y
   * [[slackware64.current>l/expat-2.2.6-x86_64-1.txz]]   * [[slackware64.current>l/expat-2.2.6-x86_64-1.txz]]
   * [[slackware64.current>n/ntp-4.2.8p12-x86_64-1.txz]] \\   This release improves on one security fix in ntpd: \\     LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack \\     While fixed in ntp-4.2.8p7 and with significant additional protections for \\     this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in \\     the new noepeer support. Originally reported by Matt Van Gundy of Cisco. \\     Edge-case hole reported by Martin Burnicki of Meinberg. \\   And fixes another security issue in ntpq and ntpdc: \\     LOW: Sec 3505: The openhost() function used during command-line hostname \\     processing by ntpq and ntpdc can write beyond its buffer limit, which \\     could allow  an attacker to achieve code execution or escalate to higher \\     privileges via a long string as the argument for an IPv4 or IPv6 \\     command-line parameter. NOTE: It is unclear whether there are any common \\     situations in which ntpq or ntpdc is used with a command line from an \\     untrusted source. Reported by Fakhri Zulkifli. \\   For more information, see: \\     http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327 \\   (* Security fix *)   * [[slackware64.current>n/ntp-4.2.8p12-x86_64-1.txz]] \\   This release improves on one security fix in ntpd: \\     LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack \\     While fixed in ntp-4.2.8p7 and with significant additional protections for \\     this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in \\     the new noepeer support. Originally reported by Matt Van Gundy of Cisco. \\     Edge-case hole reported by Martin Burnicki of Meinberg. \\   And fixes another security issue in ntpq and ntpdc: \\     LOW: Sec 3505: The openhost() function used during command-line hostname \\     processing by ntpq and ntpdc can write beyond its buffer limit, which \\     could allow  an attacker to achieve code execution or escalate to higher \\     privileges via a long string as the argument for an IPv4 or IPv6 \\     command-line parameter. NOTE: It is unclear whether there are any common \\     situations in which ntpq or ntpdc is used with a command line from an \\     untrusted source. Reported by Fakhri Zulkifli. \\   For more information, see: \\     http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327 \\   (* Security fix *)
  • news/2018/08/17/slackware64-current-changelog.1534536497.txt.gz
  • Last modified: 6 years ago
  • by Giuseppe Di Terlizzi