Slackware-14.0 ChangeLog (2021-06-07)
Mon Jun 7 18:53:49 UTC 2021
Packages
Upgraded
- patches/packages/httpd-2.4.48-i486-1_slack14.0.txz
This release contains security fixes and improvements.
mod_http2: Fix a potential NULL pointer dereference.
Unexpected <Location> section matching with 'MergeSlashes OFF'.
mod_auth_digest: possible stack overflow by one nul byte while validating
the Digest nonce.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service with a malicious backend
server and SessionHeader.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
negotiation.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
(* Security fix *) - patches/packages/libX11-1.7.2-i486-1_slack14.0.txz
This is a bug fix release, correcting a regression introduced by and
improving the checks from the fix for CVE-2021-31535.