Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.1 ChangeLog (2016-05-02) ====== ====== Mon May 2 02:03:02 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.1>patches/packages/ntp-4.2.8p7-arm-1_slack14.1.txz]] \\ This release patches several low and medium severity security issues: \\ CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering \\ CVE-2016-1549: Sybil vulnerability: ephemeral association attack, \\ AKA: ntp-sybil - MITIGATION ONLY \\ CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion \\ botch \\ CVE-2016-2517: Remote configuration trustedkey/requestkey values are not \\ properly validated \\ CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with \\ MATCH_ASSOC \\ CVE-2016-2519: ctl_getitem() return value not always checked \\ CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos \\ CVE-2016-1548: Interleave-pivot - MITIGATION ONLY \\ CVE-2015-7704: KoD fix: peer associations were broken by the fix for \\ NtpBug2901, AKA: Symmetric active/passive mode is broken \\ CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks \\ CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, \\ authdecrypt-timing, AKA: authdecrypt-timing \\ For more information, see: \\ http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 \\ (* Security fix *) * [[slackwarearm.14.1>patches/packages/php-5.6.21-arm-1_slack14.1.txz]] \\ This release fixes bugs and security issues. \\ For more information, see: \\ http://php.net/ChangeLog-5.php#5.6.21 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074 \\ (* Security fix *) ==== Rebuilt ==== * [[slackwarearm.14.1>patches/packages/subversion-1.7.22-arm-2_slack14.1.txz]] \\ This update patches two security issues: \\ CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. \\ CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn \\ during COPY/MOVE authorization check. \\ For more information, see: \\ http://subversion.apache.org/security/CVE-2016-2167-advisory.txt \\ http://subversion.apache.org/security/CVE-2016-2168-advisory.txt \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168 \\ (* Security fix *) {{tag>slackware changelog slackwarearm-14.1 2016-05}} news/2016/05/02/slackwarearm-14.1-changelog.txt Last modified: 3 years agoby Giuseppe Di Terlizzi Log In