This is an old revision of the document!
Slackwarearm-14.1 ChangeLog (2013-08-06)
Tue Aug 6 21:39:12 UTC 2013
Packages
Upgraded
- n/bind-9.9.3_P2-arm-1.tgz
This update fixes a security issue where a specially crafted query can cause
BIND to terminate abnormally, resulting in a denial of service.
For more information, see:
https://kb.isc.org/article/AA-01015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
(* Security fix *) - n/httpd-2.4.6-arm-1.tgz
This update addresses two security issues:
* SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
a URI handled by mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
* SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
dirty flag is respected when saving sessions, and ensure the session ID
is changed each time the session changes. This changes the format of the
updatesession SQL statement. Existing configurations must be changed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
(* Security fix *) - n/samba-4.0.8-arm-1.tgz
This update fixes missing integer wrap protection in an EA list reading
that can allow authenticated or guest connections to cause the server to
loop, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
(* Security fix *)