This is an old revision of the document!


Slackware-10.0 ChangeLog (2009-01-15)

Wed Jan 14 20:37:39 CST 2009

patches/packages/bind-9.3.6_P1-i486-1_slack10.0.tgz:
Upgraded to bind-9.3.6-P1.
Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
DSA_do_verify functions to prevent spoofing answers returned from zones using
the DNSKEY algorithms DSA and NSEC3DSA.
For more information, see:
https://www.isc.org/node/373
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
(* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack10.0.tgz:
[Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
For more information, see:
https://lists.ntp.org/pipermail/announce/2009-January/000055.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
(* Security fix *)
  • news/2009/01/15/slackware-10.0-changelog.1486075419.txt.gz
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi