User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
changelog_14.2 [2020/05/18 19:37]
connie [2020-04-21]
changelog_14.2 [2020/05/20 00:31] (current)
connie [2020-05-18]
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-05-19 ====
 +
 +**bind-9.11.19**: ​ Upgraded.
 +This update fixes security issues:
 +A malicious actor who intentionally exploits the lack of effective
 +limitation on the number of fetches performed when processing referrals
 +can, through the use of specially crafted referrals, cause a recursing
 +server to issue a very large number of fetches in an attempt to process
 +the referral. This has at least two potential effects: The performance of
 +the recursing server can potentially be degraded by the additional work
 +required to perform these fetches, and the attacker can exploit this
 +behavior to use the recursing server as a reflector in a reflection attack
 +with a high amplification factor.
 +Replaying a TSIG BADTIME response as a request could trigger an assertion
 +failure.
 +For more information,​ see:
 +  * https://​kb.isc.org/​docs/​cve-2020-8616
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8616
 +  * https://​kb.isc.org/​docs/​cve-2020-8617
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8617
 +(**Security fix**)
 +
 +**libexif-0.6.22**: ​ Upgraded.
 +This update fixes bugs and security issues:
 +  * CVE-2018-20030:​ Fix for recursion DoS
 +  * CVE-2020-13114:​ Time consumption DoS when parsing canon array markers
 +  * CVE-2020-13113:​ Potential use of uninitialized memory
 +  * CVE-2020-13112:​ Various buffer overread fixes due to integer overflows in maker notes
 +  * CVE-2020-0093: ​ read overflow
 +  * CVE-2019-9278: ​ replaced integer overflow checks the compiler could optimize away by safer constructs
 +  * CVE-2020-12767:​ fixed division by zero
 +  * CVE-2016-6328: ​ fixed integer overflow when parsing maker notes
 +  * CVE-2017-7544: ​ fixed buffer overread
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20030
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13114
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13113
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13112
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0093
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-9278
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12767
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-6328
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-7544
 +(**Security fix**)
  
 ==== 2020-05-18 ==== ==== 2020-05-18 ====
changelog_14.2.txt ยท Last modified: 2020/05/20 00:31 by connie