User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2020/01/11 13:09] – [2020-01-11] conniechangelog_14.2 [2020/02/21 02:39] – [2020-02-14] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-02-20 ====
 +
 +**proftpd-1.3.6c**:  Upgraded.
 +No CVEs assigned, but this sure looks like a security issue:
 +Use-after-free vulnerability in memory pools during data transfer.
 +(**Security fix**)
 +
 +==== 2020-02-14 ====
 +
 +**libarchive-3.4.2**:  Upgraded.
 +This update includes security fixes in the RAR5 reader.
 +(**Security fix**)
 +
 +==== 2020-01-31 ====
 +
 +**sudo-1.8.31**:  Upgraded.
 +This update fixes a security issue:
 +In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
 +trigger a stack-based buffer overflow in the privileged sudo process.
 +(pwfeedback is a default setting in some Linux distributions; however, it
 +is not the default for upstream or in Slackware, and would exist only if
 +enabled by an administrator.) The attacker needs to deliver a long string
 +to the stdin of getln() in tgetpass.c.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
 +(**Security fix**)
 +
 +**bind-9.11.15**:  Upgraded.
 +This is a bugfix release:
 +With some libmaxminddb versions, named could erroneously match an IP address
 +not belonging to any subnet defined in a given GeoIP2 database to one of the
 +existing entries in that database. [GL #1552]
 +Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
  
 ==== 2020-01-11 ==== ==== 2020-01-11 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie