Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
changelog_14.2 [2020/05/18 19:37] – [2020-04-21] conniechangelog_14.2 [2020/05/20 00:31] – [2020-05-18] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-05-19 ====
 +
 +**bind-9.11.19**:  Upgraded.
 +This update fixes security issues:
 +A malicious actor who intentionally exploits the lack of effective
 +limitation on the number of fetches performed when processing referrals
 +can, through the use of specially crafted referrals, cause a recursing
 +server to issue a very large number of fetches in an attempt to process
 +the referral. This has at least two potential effects: The performance of
 +the recursing server can potentially be degraded by the additional work
 +required to perform these fetches, and the attacker can exploit this
 +behavior to use the recursing server as a reflector in a reflection attack
 +with a high amplification factor.
 +Replaying a TSIG BADTIME response as a request could trigger an assertion
 +failure.
 +For more information, see:
 +  * https://kb.isc.org/docs/cve-2020-8616
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
 +  * https://kb.isc.org/docs/cve-2020-8617
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617
 +(**Security fix**)
 +
 +**libexif-0.6.22**:  Upgraded.
 +This update fixes bugs and security issues:
 +  * CVE-2018-20030: Fix for recursion DoS
 +  * CVE-2020-13114: Time consumption DoS when parsing canon array markers
 +  * CVE-2020-13113: Potential use of uninitialized memory
 +  * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
 +  * CVE-2020-0093:  read overflow
 +  * CVE-2019-9278:  replaced integer overflow checks the compiler could optimize away by safer constructs
 +  * CVE-2020-12767: fixed division by zero
 +  * CVE-2016-6328:  fixed integer overflow when parsing maker notes
 +  * CVE-2017-7544:  fixed buffer overread
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
 +(**Security fix**)
  
 ==== 2020-05-18 ==== ==== 2020-05-18 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie