Slackware-14.0 ChangeLog (2017-04-21)
Fri Apr 21 22:40:12 UTC 2017
Packages
Upgraded
- patches/packages/ntp-4.2.8p10-i486-1_slack14.0.txz
In addition to bug fixes and enhancements, this release fixes security
issues of medium and low severity:
Denial of Service via Malformed Config (Medium)
Authenticated DoS via Malicious Config Option (Medium)
Potential Overflows in ctl_put() functions (Medium)
Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
0rigin DoS (Medium)
Buffer Overflow in DPTS Clock (Low)
Improper use of snprintf() in mx4200_send() (Low)
The following issues do not apply to Linux systems:
Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459
(* Security fix *) - patches/packages/proftpd-1.3.5e-i486-1_slack14.0.txz
This release fixes a security issue:
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
(* Security fix *)