Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2019/08/27 18:55] conniechangelog_14.2 [2020/02/21 02:39] – [2020-02-14] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-02-20 ====
 +
 +**proftpd-1.3.6c**:  Upgraded.
 +No CVEs assigned, but this sure looks like a security issue:
 +Use-after-free vulnerability in memory pools during data transfer.
 +(**Security fix**)
 +
 +==== 2020-02-14 ====
 +
 +**libarchive-3.4.2**:  Upgraded.
 +This update includes security fixes in the RAR5 reader.
 +(**Security fix**)
 +
 +==== 2020-01-31 ====
 +
 +**sudo-1.8.31**:  Upgraded.
 +This update fixes a security issue:
 +In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
 +trigger a stack-based buffer overflow in the privileged sudo process.
 +(pwfeedback is a default setting in some Linux distributions; however, it
 +is not the default for upstream or in Slackware, and would exist only if
 +enabled by an administrator.) The attacker needs to deliver a long string
 +to the stdin of getln() in tgetpass.c.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
 +(**Security fix**)
 +
 +**bind-9.11.15**:  Upgraded.
 +This is a bugfix release:
 +With some libmaxminddb versions, named could erroneously match an IP address
 +not belonging to any subnet defined in a given GeoIP2 database to one of the
 +existing entries in that database. [GL #1552]
 +Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
 +
 +==== 2020-01-11 ====
 +
 +**p7zip-16.02**: Added (FXP)
 +==== 2020-01-09 ====
 +
 +**linux-libre-*-4.4.208**:  Upgraded.
 +   IPV6_MULTIPLE_TABLES n -> y
 +  +IPV6_SUBTREES y
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information, see:
 +
 +Fixed in 4.4.203:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917
 +Fixed in 4.4.204:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683
 +Fixed in 4.4.206:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614
 +Fixed in 4.4.207:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332
 +Fixed in 4.4.208:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063
 +(**Security fix**)
 +
 +**xfce4-weather-plugin-0.8.11**:  Upgraded.
 +Bugfix release to address the upcoming obsolescence of the
 +locationforecastLTS API from met.no. Thanks to Robby Workman.
 +
 +**libwmf-0.2.8.4**:  Rebuilt.
 +This is a bugfix release to correct the path for the GDK_PIXBUF_DIR.
 +Thanks to B. Watson and Robby Workman.
 +
 +==== 2019-12-21 ====
 +
 +**openssl-1.0.2u**:  Upgraded.
 +This update fixes a low severity security issue:
 +Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
 +exponentiation with 512-bit moduli.
 +For more information, see:
 +  * https://www.openssl.org/news/secadv/20191206.txt
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
 +(**Security fix**)
 +
 +**openssl-solibs-1.0.2u**:  Upgraded.
 +
 +**tigervnc-1.10.1**:  Upgraded.
 +From tigervnc.org: "This is a security release to fix a number of issues
 +that were found by Kaspersky Lab. These issues affect both the client and
 +server and could theoretically allow a malicious peer to take control
 +over the software on the other side. No working exploit is known at this
 +time, and the issues require the peer to first be authenticated. We still
 +urge users to upgrade when possible."
 +(**Security fix**)
 +
 +==== 2019-12-19 ====
 +
 +**bind-9.11.14**:  Upgraded.
 +This is a bugfix release:
 +Fixed a bug that caused named to leak memory on reconfiguration when
 +any GeoIP2 database was in use. [GL #1445]
 +Fixed several possible race conditions discovered by Thread Sanitizer.
 +
 +**wavpack-5.2.0**:  Upgraded.
 +Fixed denial-of-service and other potential security issues.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19840
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19841
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767
 +(**Security fix**)
 +
 +**ca-certificates-20191130**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +==== 2019-11-21 ====
 +
 +**bind-9.11.13**:  Upgraded.
 +This update fixes a security issue:
 +Set a limit on the number of concurrently served pipelined TCP queries.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477
 +(**Security fix**)
 +
 +==== 2019-11-17 ====
 +
 +**linux-libre-*-4.4.202**:  Upgraded.
 +  * CRYPTO_CRC32C_INTEL m -> y
 +  * +X86_INTEL_TSX_MODE_AUTO n
 +  * +X86_INTEL_TSX_MODE_OFF y
 +  * +X86_INTEL_TSX_MODE_ON n
 +These updates fix various bugs and security issues, including mitigation for
 +the TSX Asynchronous Abort condition on some CPUs.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information, see:
 +
 +Fixed in 4.4.201:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154
 +Fixed in 4.4.202:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
 +(**Security fix**)
 +
 +==== 2019-11-12 ====
 +
 +**kdelibs-4.14.38**:  Rebuilt.                                                                                                                                                           
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**kdepim-4.14.10**:  Rebuilt.
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**kdepimlibs-4.14.10**:  Rebuilt.
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**linux-libre-*-4.4.199**:  Upgraded.
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information, see:
 +
 +Fixed in 4.4.191:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117
 +Fixed in 4.4.193:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835
 +Fixed in 4.4.194:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821
 +Fixed in 4.4.195:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054
 +Fixed in 4.4.196:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215
 +Fixed in 4.4.197:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976
 +Fixed in 4.4.198:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133
 +Fixed in 4.4.199:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098
 +(**Security fix**)
 +
 +==== 2019-11-04 ====
 +
 +**libtiff-4.1.0**:  Upgraded.
 +libtiff: fix integer overflow in _TIFFCheckMalloc() that could cause a crash.
 +tif_dir: unset transferfunction field if necessary.
 +pal2rgb: failed to free memory on a few errors.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
 +(**Security fix**)
 +
 +==== 2019-10-21 ====
 +
 +**python-2.7.17**:  Upgraded.
 +This update fixes bugs and security issues:
 +Update vendorized expat library version to 2.2.8.
 +Disallow URL paths with embedded whitespace or control characters into the
 +underlying http client request. Such potentially malicious header injection
 +URLs now cause an httplib.InvalidURL exception to be raised.
 +Avoid file reading by disallowing ``local-file://`` and ``local_file://``
 +URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
 +:meth:`urllib.URLopener.retrieve`.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
 +(**Security fix**)
 +
 +**ca-certificates-20191018**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**sudo-1.8.28p1**:  Rebuilt.
 +This is a bugfix release:
 +Ensure that /etc/environment exists to prevent complaints from "sudo -i".
 +
 +==== 2019-10-14 ====
 +
 +**sudo-1.8.28**:  Upgraded.
 +Fixed a bug where an sudo user may be able to run a command as root when
 +the Runas specification explicitly disallows root access as long as the
 +ALL keyword is listed first.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
 +(**Security fix**)
 +
 +==== 2019-10-02 ====
 +
 +**libpcap-1.9.1**:  Upgraded.
 +This update is required for the new version of tcpdump.
 +
 +**tcpdump-4.9.3**:  Upgraded.
 +Fix buffer overflow/overread vulnerabilities and command line
 +argument/local issues.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
 +(**Security fix**)
 +
 +==== 2019-09-16 ====
 +
 +**expat-2.2.8**:  Upgraded.
 +Fix heap overflow triggered by XML_GetCurrentLineNumber (or
 +XML_GetCurrentColumnNumber), and deny internal entities closing the doctype.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
 +(**Security fix**)
 +
 +==== 2019-09-12 ====
 +
 +**curl-7.66.0**:  Upgraded.
 +This update fixes security issues:
 +FTP-KRB double-free
 +TFTP small blocksize heap buffer overflow
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2019c**:  Upgraded.
 +This package provides the latest timezone updates.
 +
 +**openssl-1.0.2t**:  Upgraded.
 +This update fixes low severity security issues:
 +Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
 +Compute ECC cofactors if not provided during EC_GROUP construction
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547
 +(**Security fix**)
 +
 +**openssl-solibs-1.0.2t**:  Upgraded.
 +
 +**emacs-26.3**:  Upgraded.
 +This is a bugfix release.
  
 ==== 2019-08-27 ==== ==== 2019-08-27 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie