Slackwarearm-14.2 ChangeLog (2019-02-09)

Sat Feb 09 08:08:08 UTC 2019

  • patches/packages/curl-7.64.0-arm-1_slack14.2.txz
    This release fixes the following security issues:
    NTLM type-2 out-of-bounds buffer read.
    NTLMv2 type-3 header stack buffer overflow.
    SMTP end-of-response out-of-bounds read.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
    (* Security fix *)
  • patches/packages/linux-4.4.173/kernel-headers-4.4.173-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.173/kernel-modules-armv5-4.4.173_armv5-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.173/kernel-modules-armv7-4.4.173_armv7-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.173/kernel-source-4.4.173-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.173/kernel_armv5-4.4.173-arm-1_slack14.2.txz
  • patches/packages/linux-4.4.173/kernel_armv7-4.4.173-arm-1_slack14.2.txz
  • patches/packages/php-5.6.40-arm-1_slack14.2.txz
    Several security bugs have been fixed in this release:
    GD:
    Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads
    to use-after-free).
    Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
    Mbstring:
    Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
    Fixed bug #77371 (heap buffer overflow in mb regex functions -
    compile_string_node).
    Fixed bug #77381 (heap buffer overflow in multibyte match_at).
    Fixed bug #77382 (heap buffer overflow due to incorrect length in
    expand_case_fold_string).
    Fixed bug #77385 (buffer overflow in fetch_token).
    Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
    Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
    Phar:
    Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
    Xmlrpc:
    Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
    Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
    For more information, see:
    https://php.net/ChangeLog-5.php#5.6.40
    (* Security fix *)
  • news/2019/02/09/slackwarearm-14.2-changelog.txt
  • Last modified: 11 months ago
  • by Giuseppe Di Terlizzi