User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2020/03/04 19:48] – [2020-02-20] conniechangelog_14.2 [2020/03/31 17:58] – [2020-03-27] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-03-31 ====
 +
 +**gnutls-3.6.13**:  Upgraded.
 +This update fixes a security issue:
 +libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
 +since 3.6.3. The DTLS client would not contribute any randomness to the
 +DTLS negotiation, breaking the security guarantees of the DTLS protocol.
 +[GNUTLS-SA-2020-03-31, CVSS: high]
 +(**Security fix**)
 +
 +**httpd-2.4.43**:  Upgraded.
 +This release contains security fixes (since 2.4.39) and improvements.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
 +(**Security fix**)
 +
 +
 +==== 2020-03-27 ====
 +
 +**linux-libre-*-4.4.217**:  Upgraded.
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information, see:
 +
 +Fixed in 4.4.209:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965
 +Fixed in 4.4.210:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19068
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14615
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19056
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066
 +Fixed in 4.4.211:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15217
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21008
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15220
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15221
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108
 +Fixed in 4.4.212:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14896
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14897
 +Fixed in 4.4.215:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9383
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16233
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0009
 +Fixed in 4.4.216:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16234
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
 +Fixed in 4.4.217:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901
 +(**Security fix**)
 +
 +==== 2020-03-23 ====
 +
 +**gd-2.3.0**:  Upgraded.
 +This update fixes bugs and security issues:
 +  * Potential double-free in gdImage*Ptr().
 +  * gdImageColorMatch() out of bounds write on heap.
 +  * Uninitialized read in gdImageCreateFromXbm().
 +  * Double-free in gdImageBmp.
 +  * Potential NULL pointer dereference in gdImageClone().
 +  * Potential infinite loop in gdImageCreateFromGifCtx().
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
 +(**Security fix**)
 +
 +**NetworkManager-1.8.4**:  Rebuilt.
 +Recompiled to get PPP working again with the new pppd. Thanks to longus.
 +
 +**sudo-1.8.31p1**:  Upgraded.
 +This is a bugfix release:
 +Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit,
 +as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE
 +to be set back to RLIM_INFINITY if we set the limit to zero, even for root,
 +which resulted in a warning from sudo.
 +
 +**rp-pppoe-3.13**:  Upgraded.
 +This needed a rebuild for ppp-2.4.8. Thanks to regdub.
  
 ==== 2020-03-04 ==== ==== 2020-03-04 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie