User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2019/03/08 17:22] conniechangelog_14.2 [2019/05/16 12:23] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2019-05-16 ====
 +
 +**rdesktop-1.8.5**:  Upgraded.
 +This update fixes security issues:
 +Add bounds checking to protocol handling in order to fix many
 +security problems when communicating with a malicious server.
 +(**Security fix**)
 +
 +==== 2019-04-26 ====
 +
 +**bind-9.11.6_P1**:  Upgraded.
 +This update fixes a security issue:
 +The TCP client quota set using the tcp-clients option could be exceeded
 +in some cases. This could lead to exhaustion of file descriptors.
 +For more information, see:
 +  * https://kb.isc.org/docs/cve-2018-5743
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743
 +(**Security fix**)
 +
 +**curl-7.64.1**:  Upgraded.
 +This update fixes a regression in curl-7.64.0 which could lead to
 +100% CPU usage. Thanks to arcctgx.
 +
 +
 +==== 2019-04-17 ====
 +
 +**libpng-1.6.37**:  Upgraded.
 +This update fixes security issues:
 +  * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
 +  * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
 +  * Fixed a memory leak in pngtest.c.
 +  * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
 +(**Security fix**)
 +
 +**libssh2-1.8.2**:  Upgraded.
 +This update fixes a misapplied userauth patch that broke 1.8.1.
 +Thanks to Ook.
 +
 +**glibc-zoneinfo-2019a**:  Upgraded.
 +This package provides the latest timezone updates.
 +
 +==== 2019-04-06 ====
 +
 +**httpd-2.4.39**:  Upgraded.
 +This release contains security fixes and improvements.
 +In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker
 +or prefork, code executing in less-privileged child processes or threads
 +(including scripts executed by an in-process scripting interpreter) could
 +execute arbitrary code with the privileges of the parent process by
 +manipulating the scoreboard.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
 +(**Security fix**)
 +
 +==== 2019-04-06 ====
 +
 +**openjpeg-2.3.1**:  Upgraded.
 +Includes many bug fixes (including security fixes).
 +(**Security fix**)
 +
 +**wget-1.20.3**:  Upgraded.
 +Fixed a buffer overflow vulnerability:
 +src/iri.c(do_conversion): Reallocate the output buffer to a larger
 +size if it is already full.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953
 +(**Security fix**)
 +
 +==== 2019-04-02 ====
 +
 +**ghostscript-9.26**:  Upgraded.                                                                                                                                      
 +Fixes security issues:                                                                                                                                                
 +A specially crafted PostScript file could have access to the file system                                                                                              
 +outside of the constrains imposed by -dSAFER.                                                                                                                         
 +Transient procedures can allow access to system operators, leading to                                                                                                 
 +remote code execution.                                                                                                                                                
 +For more information, see:                                                                                                                                            
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835                                                                                                      
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838                                                                                                      
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116                                                                                                      
 +(**Security fix**)                                                                                                                                                    
 +                                                                                                                                                                      
 +**wget-1.20.2**:  Upgraded.                                                                                                                                           
 +Fixed an unspecified buffer overflow vulnerability.                                                                                                                   
 +(**Security fix**)
 +
 +==== 2019-03-27 ====
 +
 +**gnutls-3.6.7**:  Upgraded.
 +Fixes security issues:
 +  * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free().
 +  * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694]
 +  * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
 +  * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690).
 +  * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code.
 +
 +(**Security fix**)
 +
 +==== 2019-03-19 ====
 +
 +**libssh2-1.8.1**:  Upgraded.
 +Fixed several security issues.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863
 +(**Security fix**)
 +
 +**mariadb-10.0.38**:  Rebuilt.
 +Fixed paths in /usr/bin/mysql_install_db.
 +Thanks to Stuart Winter.
  
 ==== 2019-03-08 ==== ==== 2019-03-08 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie