Slackware-13.0 ChangeLog (2013-10-14)
Mon Oct 14 22:09:17 UTC 2013
Packages
Upgraded
- patches/packages/gnupg-1.4.15-i486-1_slack13.0.txz
Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
Protect against rogue keyservers sending secret keys.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
(* Security fix *)
Rebuilt
- patches/packages/gnutls-2.8.4-i486-2_slack13.0.txz
[Updated to the correct version to fix fetching the “latest” from gnu.org]
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
Other minor security issues are patched as well.
Thanks to mancha for backporting these patches.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
(* Security fix *) - patches/packages/xorg-server-1.6.3-i486-3_slack13.0.txz
Patched a use-after-free bug that can cause an X server crash or
memory corruption.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
(* Security fix *) - patches/packages/xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
- patches/packages/xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
- patches/packages/xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz