Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
changelog_14.2 [2020/05/20 00:31] – [2020-05-18] conniechangelog_14.2 [2020/06/14 18:58] – [2020-05-19] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-06-14 ====
 +
 +**linux-libre-*-4.4.227**:  Upgraded.
 +These updates fix various bugs and security issues, including a mitigation
 +for SRBDS (Special Register Buffer Data Sampling). SRBDS is an MDS-like
 +speculative side channel that can leak bits from the random number generator
 +(RNG) across cores and threads.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information, see:
 +
 +Fixed in 4.4.218:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11668
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11608
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11609
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10942
 +Fixed in 4.4.219:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11494
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11565
 +Fixed in 4.4.220:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12826
 +Fixed in 4.4.221:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19319
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
 +Fixed in 4.4.222:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10751
 +Fixed in 4.4.224:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10711
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12769
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10690
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13143
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
 +Fixed in 4.4.225:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517
 +Fixed in 4.4.226:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732
 +Fixed in 4.4.227:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
 +(**Security fix**)
 +
 +**gnutls-3.6.14**:  Upgraded.
 +Fixed insecure session ticket key construction, since 3.6.4. The TLS server
 +would not bind the session ticket encryption key with a value supplied by
 +the application until the initial key rotation, allowing attacker to bypass
 +authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
 +[GNUTLS-SA-2020-06-03, CVSS: high]
 +(**Security fix**)
 +
 +**ca-certificates-20200602**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**proftpd-1.3.6d**:  Upgraded.
 +This is a bugfix release:
 +Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
  
 ==== 2020-05-19 ==== ==== 2020-05-19 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie