Slackwarearm-14.2 ChangeLog (2020-04-17)

Fri Apr 17 08:08:08 UTC 2020

  • patches/packages/bind-9.11.18-arm-1_slack14.2.txz
    This update fixes a security issue:
    DNS rebinding protection was ineffective when BIND 9 is configured as a
    forwarding DNS server. Found and responsibly reported by Tobias Klein.
    [GL #1574]
    (* Security fix *)
  • patches/packages/git-2.17.4-arm-1_slack14.2.txz
    This update fixes a security issue:
    With a crafted URL that contains a newline in it, the credential helper
    machinery can be fooled to give credential information for a wrong host.
    The attack has been made impossible by forbidding a newline character in
    any value passed via the credential protocol. Credit for finding the
    vulnerability goes to Felix Wilhelm of Google Project Zero.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
    (* Security fix *)
  • patches/packages/openvpn-2.4.9-arm-1_slack14.1.txz
    This update fixes a security issue:
    Fix illegal client float. Thanks to Lev Stipakov.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
    (* Security fix *)
  • news/2020/04/17/slackwarearm-14.2-changelog.txt
  • Last modified: 4 months ago
  • by Giuseppe Di Terlizzi