Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2020/04/22 01:16] – [2020-04-17] conniechangelog_14.2 [2020/05/20 00:31] – [2020-05-18] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-05-19 ====
 +
 +**bind-9.11.19**:  Upgraded.
 +This update fixes security issues:
 +A malicious actor who intentionally exploits the lack of effective
 +limitation on the number of fetches performed when processing referrals
 +can, through the use of specially crafted referrals, cause a recursing
 +server to issue a very large number of fetches in an attempt to process
 +the referral. This has at least two potential effects: The performance of
 +the recursing server can potentially be degraded by the additional work
 +required to perform these fetches, and the attacker can exploit this
 +behavior to use the recursing server as a reflector in a reflection attack
 +with a high amplification factor.
 +Replaying a TSIG BADTIME response as a request could trigger an assertion
 +failure.
 +For more information, see:
 +  * https://kb.isc.org/docs/cve-2020-8616
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
 +  * https://kb.isc.org/docs/cve-2020-8617
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617
 +(**Security fix**)
 +
 +**libexif-0.6.22**:  Upgraded.
 +This update fixes bugs and security issues:
 +  * CVE-2018-20030: Fix for recursion DoS
 +  * CVE-2020-13114: Time consumption DoS when parsing canon array markers
 +  * CVE-2020-13113: Potential use of uninitialized memory
 +  * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
 +  * CVE-2020-0093:  read overflow
 +  * CVE-2019-9278:  replaced integer overflow checks the compiler could optimize away by safer constructs
 +  * CVE-2020-12767: fixed division by zero
 +  * CVE-2016-6328:  fixed integer overflow when parsing maker notes
 +  * CVE-2017-7544:  fixed buffer overread
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
 +(**Security fix**)
 +
 +==== 2020-05-18 ====
 +
 +**sane-1.0.30**:  Upgraded.
 +This update fixes several security issues.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2020a**:  Upgraded.
 +This package provides the latest timezone updates.
  
 ==== 2020-04-21 ==== ==== 2020-04-21 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie