changelog_14.2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
| changelog_14.2 [2020/01/11 13:09] – [2020-01-11] connie | changelog_14.2 [2020/03/23 20:50] – [2020-03-04] connie | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
| + | |||
| + | ==== 2020-03-23 ==== | ||
| + | |||
| + | **gd-2.3.0**: | ||
| + | This update fixes bugs and security issues: | ||
| + | * Potential double-free in gdImage*Ptr(). | ||
| + | * gdImageColorMatch() out of bounds write on heap. | ||
| + | * Uninitialized read in gdImageCreateFromXbm(). | ||
| + | * Double-free in gdImageBmp. | ||
| + | * Potential NULL pointer dereference in gdImageClone(). | ||
| + | * Potential infinite loop in gdImageCreateFromGifCtx(). | ||
| + | For more information, | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | (**Security fix**) | ||
| + | |||
| + | **NetworkManager-1.8.4**: | ||
| + | Recompiled to get PPP working again with the new pppd. Thanks to longus. | ||
| + | |||
| + | **sudo-1.8.31p1**: | ||
| + | This is a bugfix release: | ||
| + | Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit, | ||
| + | as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE | ||
| + | to be set back to RLIM_INFINITY if we set the limit to zero, even for root, | ||
| + | which resulted in a warning from sudo. | ||
| + | |||
| + | **rp-pppoe-3.13**: | ||
| + | This needed a rebuild for ppp-2.4.8. Thanks to regdub. | ||
| + | |||
| + | ==== 2020-03-04 ==== | ||
| + | |||
| + | **ppp-2.4.8**: | ||
| + | This update fixes a security issue: | ||
| + | By sending an unsolicited EAP packet to a vulnerable ppp client or server, | ||
| + | an unauthenticated remote attacker could cause memory corruption in the | ||
| + | pppd process, which may allow for arbitrary code execution. | ||
| + | For more information, | ||
| + | * https:// | ||
| + | (**Security fix**) | ||
| + | |||
| + | ==== 2020-02-20 ==== | ||
| + | |||
| + | **proftpd-1.3.6c**: | ||
| + | No CVEs assigned, but this sure looks like a security issue: | ||
| + | Use-after-free vulnerability in memory pools during data transfer. | ||
| + | (**Security fix**) | ||
| + | |||
| + | ==== 2020-02-14 ==== | ||
| + | |||
| + | **libarchive-3.4.2**: | ||
| + | This update includes security fixes in the RAR5 reader. | ||
| + | (**Security fix**) | ||
| + | |||
| + | ==== 2020-01-31 ==== | ||
| + | |||
| + | **sudo-1.8.31**: | ||
| + | This update fixes a security issue: | ||
| + | In Sudo before 1.8.31, if pwfeedback is enabled in / | ||
| + | trigger a stack-based buffer overflow in the privileged sudo process. | ||
| + | (pwfeedback is a default setting in some Linux distributions; | ||
| + | is not the default for upstream or in Slackware, and would exist only if | ||
| + | enabled by an administrator.) The attacker needs to deliver a long string | ||
| + | to the stdin of getln() in tgetpass.c. | ||
| + | For more information, | ||
| + | * https:// | ||
| + | (**Security fix**) | ||
| + | |||
| + | **bind-9.11.15**: | ||
| + | This is a bugfix release: | ||
| + | With some libmaxminddb versions, named could erroneously match an IP address | ||
| + | not belonging to any subnet defined in a given GeoIP2 database to one of the | ||
| + | existing entries in that database. [GL #1552] | ||
| + | Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478] | ||
| ==== 2020-01-11 ==== | ==== 2020-01-11 ==== | ||
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie