changelog_14.2
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
changelog_14.2 [2021/10/06 00:13] – [2021=10-05] connie | changelog_14.2 [2021/12/03 17:13] – [2021-10-28] connie | ||
---|---|---|---|
Line 3: | Line 3: | ||
Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
- | ==== 2021=10-05 ==== | + | ==== 2021-12-03 |
+ | |||
+ | **mozilla-nss-3.40.1**: | ||
+ | This update fixes a critical security issue: | ||
+ | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are | ||
+ | vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS | ||
+ | signatures. Applications using NSS for handling signatures encoded within | ||
+ | CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications | ||
+ | using NSS for certificate validation or other TLS, X.509, OCSP or CRL | ||
+ | functionality may be impacted, depending on how they configure NSS. | ||
+ | Note: This vulnerability does NOT impact Mozilla Firefox. However, email | ||
+ | clients and PDF viewers that use NSS for signature verification, | ||
+ | Thunderbird, | ||
+ | Thanks to Tavis Ormandy of Google Project Zero. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **mailx-12.5**: | ||
+ | Patched a bug where Heirloom mailx produces a " | ||
+ | incorrect when the system is in the Europe/ | ||
+ | to have been sent 2 hours earlier). | ||
+ | Thanks to Andrea Biardi. | ||
+ | |||
+ | ==== 2021-10-28 ==== | ||
+ | |||
+ | **bind-9.11.36**: | ||
+ | This update fixes bugs and the following security issue: | ||
+ | The " | ||
+ | the lame server cache, as it could previously be abused by an attacker to | ||
+ | significantly degrade resolver performance. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **glibc-zoneinfo-2021e**: | ||
+ | This package provides the latest timezone updates. | ||
+ | |||
+ | ==== 2021-10-10 ==== | ||
+ | |||
+ | **httpd-2.4.51**: | ||
+ | SECURITY: CVE-2021-42013: | ||
+ | Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete | ||
+ | fix of CVE-2021-41773) (cve.mitre.org) | ||
+ | It was found that the fix for CVE-2021-41773 in Apache HTTP | ||
+ | Server 2.4.50 was insufficient. | ||
+ | traversal attack to map URLs to files outside the directories | ||
+ | configured by Alias-like directives. | ||
+ | If files outside of these directories are not protected by the | ||
+ | usual default configuration " | ||
+ | can succeed. If CGI scripts are also enabled for these aliased | ||
+ | pathes, this could allow for remote code execution. | ||
+ | This issue only affects Apache 2.4.49 and Apache 2.4.50 and not | ||
+ | earlier versions. | ||
+ | Credits: Reported by Juan Escobar from Dreamlab Technologies, | ||
+ | Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2021-10-05 ==== | ||
**httpd-2.4.50**: | **httpd-2.4.50**: |
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie