Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/05/20 00:31] – [2020-05-18] connie
+++ changelog_14.2 [2020/06/14 21:53] – [2020-06-14] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2020-06-14 ====
+**R-4.0.1**: upgraded (FXP).
+**pcre2-10.35**: added (FXP) as a new requirement for R.
+**fuse-exfat-1.3.0**: added (FXP).
+**linux-libre-*-4.4.227**:  Upgraded.
+These updates fix various bugs and security issues, including a mitigation
+for SRBDS (Special Register Buffer Data Sampling). SRBDS is an MDS-like
+speculative side channel that can leak bits from the random number generator
+(RNG) across cores and threads.
+Be sure to upgrade your initrd after upgrading the kernel packages.
+If you use lilo to boot your machine, be sure lilo.conf points to the correct
+kernel and initrd and run lilo as root to update the bootloader.
+If you use elilo to boot your machine, you should run eliloconfig to copy the
+kernel and initrd to the EFI System Partition.
+For more information, see:
+Fixed in 4.4.218:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11668
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11608
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11609
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10942
+Fixed in 4.4.219:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11494
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11565
+Fixed in 4.4.220:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12826
+Fixed in 4.4.221:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19319
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
+Fixed in 4.4.222:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10751
+Fixed in 4.4.224:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10711
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12769
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10690
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13143
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770
+Fixed in 4.4.225:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517
+Fixed in 4.4.226:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732
+Fixed in 4.4.227:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
+(**Security fix**)
+**gnutls-3.6.14**:  Upgraded.
+Fixed insecure session ticket key construction, since 3.6.4. The TLS server
+would not bind the session ticket encryption key with a value supplied by
+the application until the initial key rotation, allowing attacker to bypass
+authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
+[GNUTLS-SA-2020-06-03, CVSS: high]
+(**Security fix**)
+**ca-certificates-20200602**:  Upgraded.
+This update provides the latest CA certificates to check for the
+authenticity of SSL connections.
+**proftpd-1.3.6d**:  Upgraded.
+This is a bugfix release:
+Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
 ==== 2020-05-19 ====