| Both sides previous revision Previous revision Next revision | Previous revision |
| news:2014:01:14:slackware64-current-changelog [2015/03/10 12:05] – Giuseppe Di Terlizzi | news:2014:01:14:slackware64-current-changelog [2015/03/26 10:44] (current) – Giuseppe Di Terlizzi |
|---|
| |
| ====== Tue Jan 14 03:54:48 UTC 2014 ====== | ====== Tue Jan 14 03:54:48 UTC 2014 ====== |
| > | |
| |
| ===== Packages ===== | ===== Packages ===== |
| |
| * [[slackware64.current>a/openssl-solibs-1.0.1f-x86_64-1.txz]] | * [[slackware64.current>a/openssl-solibs-1.0.1f-x86_64-1.txz]] |
| * [[slackware64.current>d/llvm-3.4-x86_64-1.txz]] | * [[slackware64.current>d/llvm-3.4-x86_64-1.txz]] |
| * [[slackware64.current>n/openssl-1.0.1f-x86_64-1.txz]] (Security fix) | * [[slackware64.current>n/openssl-1.0.1f-x86_64-1.txz]] \\ This update fixes the following security issues: \\ Fix for TLS record tampering bug CVE-2013-4353 \\ Fix for TLS version checking bug CVE-2013-6449 \\ Fix for DTLS retransmission bug CVE-2013-6450 \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 \\ (* Security fix *) |
| * [[slackware64.current>n/php-5.4.24-x86_64-1.txz]] (Security fix) | * [[slackware64.current>n/php-5.4.24-x86_64-1.txz]] \\ The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before \\ 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly \\ parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, \\ which allows remote attackers to execute arbitrary code or cause a denial \\ of service (memory corruption) via a crafted certificate that is not \\ properly handled by the openssl_x509_parse function. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 \\ (* Security fix *) |
| * [[slackware64.current>n/samba-4.1.4-x86_64-1.txz]] (Security fix) | * [[slackware64.current>n/samba-4.1.4-x86_64-1.txz]] \\ This update fixes a heap-based buffer overflow that may allow AD domain \\ controllers to execute arbitrary code via an invalid fragment length in \\ a DCE-RPC packet. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408 \\ (* Security fix *) |
| * [[slackware64.current>x/libXfont-1.4.7-x86_64-1.txz]] (Security fix) | * [[slackware64.current>x/libXfont-1.4.7-x86_64-1.txz]] \\ This update fixes a stack overflow when reading a BDF font file containing \\ a longer than expected string, which could lead to crashes or privilege \\ escalation. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 \\ (* Security fix *) |
| ===== ChangeLog ===== | |
| <code> | |
| Tue Jan 14 03:54:48 UTC 2014 | |
| a/openssl-solibs-1.0.1f-x86_64-1.txz: Upgraded. | |
| d/llvm-3.4-x86_64-1.txz: Upgraded. | |
| n/openssl-1.0.1f-x86_64-1.txz: Upgraded. | |
| This update fixes the following security issues: | |
| Fix for TLS record tampering bug CVE-2013-4353 | |
| Fix for TLS version checking bug CVE-2013-6449 | |
| Fix for DTLS retransmission bug CVE-2013-6450 | |
| For more information, see: | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 | |
| (* Security fix *) | |
| n/php-5.4.24-x86_64-1.txz: Upgraded. | |
| The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before | |
| 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly | |
| parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, | |
| which allows remote attackers to execute arbitrary code or cause a denial | |
| of service (memory corruption) via a crafted certificate that is not | |
| properly handled by the openssl_x509_parse function. | |
| For more information, see: | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 | |
| (* Security fix *) | |
| n/samba-4.1.4-x86_64-1.txz: Upgraded. | |
| This update fixes a heap-based buffer overflow that may allow AD domain | |
| controllers to execute arbitrary code via an invalid fragment length in | |
| a DCE-RPC packet. | |
| For more information, see: | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408 | |
| (* Security fix *) | |
| x/libXfont-1.4.7-x86_64-1.txz: Upgraded. | |
| This update fixes a stack overflow when reading a BDF font file containing | |
| a longer than expected string, which could lead to crashes or privilege | |
| escalation. | |
| For more information, see: | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 | |
| (* Security fix *) | |
| </code> | |
| |
| |
| {{tag>slackware changelog slackware64-current 2014/01}} | {{tag>slackware changelog slackware64-current 2014/01}} |
| |
Giuseppe Di Terlizzi