Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/05/18 19:37] – [2020-04-21] connie
+++ changelog_14.2 [2020/06/14 18:58] – [2020-05-19] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2020-06-14 ====
+**linux-libre-*-4.4.227**:  Upgraded.
+These updates fix various bugs and security issues, including a mitigation
+for SRBDS (Special Register Buffer Data Sampling). SRBDS is an MDS-like
+speculative side channel that can leak bits from the random number generator
+(RNG) across cores and threads.
+Be sure to upgrade your initrd after upgrading the kernel packages.
+If you use lilo to boot your machine, be sure lilo.conf points to the correct
+kernel and initrd and run lilo as root to update the bootloader.
+If you use elilo to boot your machine, you should run eliloconfig to copy the
+kernel and initrd to the EFI System Partition.
+For more information, see:
+Fixed in 4.4.218:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11668
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11608
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11609
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10942
+Fixed in 4.4.219:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11494
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11565
+Fixed in 4.4.220:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12826
+Fixed in 4.4.221:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19319
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
+Fixed in 4.4.222:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10751
+Fixed in 4.4.224:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10711
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12769
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10690
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13143
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
+Fixed in 4.4.225:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517
+Fixed in 4.4.226:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732
+Fixed in 4.4.227:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
+(**Security fix**)
+**gnutls-3.6.14**:  Upgraded.
+Fixed insecure session ticket key construction, since 3.6.4. The TLS server
+would not bind the session ticket encryption key with a value supplied by
+the application until the initial key rotation, allowing attacker to bypass
+authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
+[GNUTLS-SA-2020-06-03, CVSS: high]
+(**Security fix**)
+**ca-certificates-20200602**:  Upgraded.
+This update provides the latest CA certificates to check for the
+authenticity of SSL connections.
+**proftpd-1.3.6d**:  Upgraded.
+This is a bugfix release:
+Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
+==== 2020-05-19 ====
+**bind-9.11.19**:  Upgraded.
+This update fixes security issues:
+A malicious actor who intentionally exploits the lack of effective
+limitation on the number of fetches performed when processing referrals
+can, through the use of specially crafted referrals, cause a recursing
+server to issue a very large number of fetches in an attempt to process
+the referral. This has at least two potential effects: The performance of
+the recursing server can potentially be degraded by the additional work
+required to perform these fetches, and the attacker can exploit this
+behavior to use the recursing server as a reflector in a reflection attack
+with a high amplification factor.
+Replaying a TSIG BADTIME response as a request could trigger an assertion
+failure.
+For more information, see:
+  * https://kb.isc.org/docs/cve-2020-8616
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
+  * https://kb.isc.org/docs/cve-2020-8617
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617
+(**Security fix**)
+**libexif-0.6.22**:  Upgraded.
+This update fixes bugs and security issues:
+  * CVE-2018-20030: Fix for recursion DoS
+  * CVE-2020-13114: Time consumption DoS when parsing canon array markers
+  * CVE-2020-13113: Potential use of uninitialized memory
+  * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
+  * CVE-2020-0093:  read overflow
+  * CVE-2019-9278:  replaced integer overflow checks the compiler could optimize away by safer constructs
+  * CVE-2020-12767: fixed division by zero
+  * CVE-2016-6328:  fixed integer overflow when parsing maker notes
+  * CVE-2017-7544:  fixed buffer overread
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
+(**Security fix**)
 ==== 2020-05-18 ====