Slackware64-14.2 ChangeLog (2016-12-28)
Wed Dec 28 21:05:19 UTC 2016
Packages
Upgraded
- patches/packages/python-2.7.13-x86_64-1_slack14.2.txz
This release fixes security issues:
Issue #27850: Remove 3DES from ssl module's default cipher list to counter
measure sweet32 attack (CVE-2016-2183).
Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110
(* Security fix *) - patches/packages/samba-4.4.8-x86_64-1_slack14.2.txz
This release fixes security issues:
CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers
in trusted realms).
CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126
(* Security fix *)