Slackware-14.2 ChangeLog (2018-12-06)

Thu Dec 6 04:38:11 UTC 2018

  • patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz
    This update fixes a security issue:
    Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and
    padding oracle verification.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868
    (* Security fix *)
  • patches/packages/nettle-3.4.1-i586-1_slack14.2.txz
    This update fixes a security issue:
    A Bleichenbacher type side-channel based padding oracle attack was found
    in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5
    data. An attacker who is able to run a process on the same physical core
    as the victim process, could use this flaw to extract plaintext or in some
    cases downgrade any TLS connections to a vulnerable server.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869
    (* Security fix *)
  • news/2018/12/06/slackware-14.2-changelog.txt
  • Last modified: 2 years ago
  • by Giuseppe Di Terlizzi