User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
changelog_14.2 [2019/07/13 14:25]
connie
changelog_14.2 [2019/10/02 15:47] (current)
connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2019-10-02 ====
 +
 +**libpcap-1.9.1**: ​ Upgraded.
 +This update is required for the new version of tcpdump.
 +
 +**tcpdump-4.9.3**: ​ Upgraded.
 +Fix buffer overflow/​overread vulnerabilities and command line
 +argument/​local issues.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-16808
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14468
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14469
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14470
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14466
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14461
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14462
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14465
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14881
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14464
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14463
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14467
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10103
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10105
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14880
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16451
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14882
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16227
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16229
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16301
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16230
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16452
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16300
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16228
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15166
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15167
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14879
 +(**Security fix**)
 +
 +==== 2019-09-16 ====
 +
 +**expat-2.2.8**: ​ Upgraded.
 +Fix heap overflow triggered by XML_GetCurrentLineNumber (or
 +XML_GetCurrentColumnNumber),​ and deny internal entities closing the doctype.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15903
 +(**Security fix**)
 +
 +==== 2019-09-12 ====
 +
 +**curl-7.66.0**: ​ Upgraded.
 +This update fixes security issues:
 +FTP-KRB double-free
 +TFTP small blocksize heap buffer overflow
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-5481
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-5482
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2019c**: ​ Upgraded.
 +This package provides the latest timezone updates.
 +
 +**openssl-1.0.2t**: ​ Upgraded.
 +This update fixes low severity security issues:
 +Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
 +Compute ECC cofactors if not provided during EC_GROUP construction
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-1563
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-1547
 +(**Security fix**)
 +
 +**openssl-solibs-1.0.2t**: ​ Upgraded.
 +
 +**emacs-26.3**: ​ Upgraded.
 +This is a bugfix release.
 +
 +==== 2019-08-27 ====
 +
 +**linux-libre-*-4.4.190**: ​ Upgraded.
 +These updates fix various bugs and a minor local denial-of-service security
 +issue. They also change this option:
 +  * FANOTIFY_ACCESS_PERMISSIONS n -> y
 +This is needed by on-access virus scanning software.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see: Fixed in 4.4.190:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20961
 +(**Security fix**)
 +
 +**ca-certificates-20190826**: ​ Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**bind-9.11.9**: ​ Upgraded.
 +This update fixes various bugs and also updates the named.root file in
 +the caching-example configuration to the latest version.
 +
 +==== 2019-08-14 ====
 +
 +**linux-libre-*-4.4.189**: ​ Upgraded.
 +These updates fix various bugs and many security issues, and include the
 +Spectre v1 SWAPGS mitigations.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition. For more information,​ see:
 +
 +Fixed in 4.4.187:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-13631
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-18509
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14283
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10207
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14284
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-13648
 +Fixed in 4.4.189:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20856
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-1125
 +(**Security fix**)
 +
 +==== 2019-08-08 ====
 +
 +**kdelibs-4.14.38**: ​ Upgraded.
 +kconfig: malicious .desktop files (and others) would execute code.
 +For more information,​ see:
 +  * https://​mail.kde.org/​pipermail/​kde-announce/​2019-August/​000047.html
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14744
 +(**Security fix**)
 +
 +==== 2019-07-25 ====
 +
 +**R-3.6.1**:​ Upgraded (FXP)
 +
 +==== 2019-07-22 ====
 +
 +**linux-libre-*-4.4.186**: ​ Upgraded.
 +These updates fix various bugs and many minor security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +  * Fixed in 4.4.183:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11599
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-3892
 +  * Fixed in 4.4.185:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-13272
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-16597
 +  * Fixed in 4.4.186:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10126
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-3846
 +(**Security fix**)
 +
 +**curl-7.65.3**: ​ Upgraded.
 +This is a bugfix release:
 +Fix a regression that caused the progress meter not to appear.
 +For more information,​ see:
 +  * https://​curl.haxx.se/​changes.html
 +
 +**emacs-26.2**: ​ Upgraded.
 +This is a bugfix release.
 +Patched package.el to obey buffer-file-coding-system (bug #35739), fixing
 +bad signature from GNU ELPA for archive-contents.
 +Thanks to Stefan Monnier and Eric Lindblad.
 +
 +==== 2019-07-14 ====
 +
 +**bzip2-1.0.8**: ​ Upgraded. ​                                                                                                                                          
 +Fixes security issues: ​                                                                                                                                               ​
 +bzip2recover:​ Fix use after free issue with outFile. ​                                                                                                                 ​
 +Make sure nSelectors is not out of range. ​                                                                                                                            
 +For more information,​ see:                                                                                                                                            ​
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-3189 ​                                                                                                     ​
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-12900 ​                                                                                                    
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2019b**: ​ Upgraded. ​                                                                                                            
 +This package provides the latest timezone updates. ​                                                                                                                   ​
 +                                                                                                                                                                      ​
 +**rust-1.36.0**: ​ Upgraded.
 +Upgraded to the latest Rust compiler for Firefox 68.0.
 +
 +**xscreensaver-5.43**: ​ Upgraded.
 +Here's an upgrade to the latest xscreensaver.
  
 ==== 2019-07-13 ==== ==== 2019-07-13 ====
changelog_14.2.1563042318.txt.gz ยท Last modified: 2019/07/13 14:25 by connie