changelog_14.2
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
changelog_14.2 [2020/03/04 19:48] – [2020-02-20] connie | changelog_14.2 [2020/04/15 23:49] – [2020-04-14] connie | ||
---|---|---|---|
Line 2: | Line 2: | ||
Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
+ | |||
+ | ==== 2020-04-15 ==== | ||
+ | |||
+ | **bind-9.11.18**: | ||
+ | This update fixes a security issue: | ||
+ | DNS rebinding protection was ineffective when BIND 9 is configured as a | ||
+ | forwarding DNS server. Found and responsibly reported by Tobias Klein. | ||
+ | [GL #1574] | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2020-04-14 ==== | ||
+ | |||
+ | **git-2.17.4**: | ||
+ | This update fixes a security issue: | ||
+ | With a crafted URL that contains a newline in it, the credential helper | ||
+ | machinery can be fooled to give credential information for a wrong host. | ||
+ | The attack has been made impossible by forbidding a newline character in | ||
+ | any value passed via the credential protocol. Credit for finding the | ||
+ | vulnerability goes to Felix Wilhelm of Google Project Zero. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2020-03-31 ==== | ||
+ | |||
+ | **gnutls-3.6.13**: | ||
+ | This update fixes a security issue: | ||
+ | libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), | ||
+ | since 3.6.3. The DTLS client would not contribute any randomness to the | ||
+ | DTLS negotiation, | ||
+ | [GNUTLS-SA-2020-03-31, | ||
+ | (**Security fix**) | ||
+ | |||
+ | **httpd-2.4.43**: | ||
+ | This release contains security fixes (since 2.4.39) and improvements. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | |||
+ | ==== 2020-03-27 ==== | ||
+ | |||
+ | **linux-libre-*-4.4.217**: | ||
+ | These updates fix various bugs and security issues. | ||
+ | Be sure to upgrade your initrd after upgrading the kernel packages. | ||
+ | If you use lilo to boot your machine, be sure lilo.conf points to the correct | ||
+ | kernel and initrd and run lilo as root to update the bootloader. | ||
+ | If you use elilo to boot your machine, you should run eliloconfig to copy the | ||
+ | kernel and initrd to the EFI System Partition. | ||
+ | For more information, | ||
+ | |||
+ | Fixed in 4.4.209: | ||
+ | * https:// | ||
+ | Fixed in 4.4.210: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | Fixed in 4.4.211: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | Fixed in 4.4.212: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | Fixed in 4.4.215: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | Fixed in 4.4.216: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | Fixed in 4.4.217: | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2020-03-23 ==== | ||
+ | |||
+ | **gd-2.3.0**: | ||
+ | This update fixes bugs and security issues: | ||
+ | * Potential double-free in gdImage*Ptr(). | ||
+ | * gdImageColorMatch() out of bounds write on heap. | ||
+ | * Uninitialized read in gdImageCreateFromXbm(). | ||
+ | * Double-free in gdImageBmp. | ||
+ | * Potential NULL pointer dereference in gdImageClone(). | ||
+ | * Potential infinite loop in gdImageCreateFromGifCtx(). | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **NetworkManager-1.8.4**: | ||
+ | Recompiled to get PPP working again with the new pppd. Thanks to longus. | ||
+ | |||
+ | **sudo-1.8.31p1**: | ||
+ | This is a bugfix release: | ||
+ | Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit, | ||
+ | as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE | ||
+ | to be set back to RLIM_INFINITY if we set the limit to zero, even for root, | ||
+ | which resulted in a warning from sudo. | ||
+ | |||
+ | **rp-pppoe-3.13**: | ||
+ | This needed a rebuild for ppp-2.4.8. Thanks to regdub. | ||
==== 2020-03-04 ==== | ==== 2020-03-04 ==== |
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie