Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
changelog_14.2 [2023/05/26 17:20] – [2023-05-18] conniechangelog_14.2 [2023/12/23 13:40] (current) – [2023-12-20] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +
 +==== 2023-12-23 ====
 +
 +**proftpd-1.3.8b**:  Upgraded.
 +This update fixes a security issue:
 +mod_sftp: implemented mitigations for "Terrapin" SSH attack.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-48795
 +(**Security fix**)
 +
 +
 +==== 2023-12-20 ====
 +
 +**libssh-0.10.6**:  Upgraded.
 +This update fixes security issues:
 +Command injection using proxycommand.
 +Potential downgrade attack using strict kex.
 +Missing checks for return values of MD functions.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-6004
 +  * https://www.cve.org/CVERecord?id=CVE-2023-48795
 +  * https://www.cve.org/CVERecord?id=CVE-2023-6918
 +(**Security fix**)
 +
 +**sudo-1.9.15p4**:  Upgraded.
 +This is a bugfix release.
 +
 +**libxml2-2.11.6**:  Upgraded.
 +We're going to drop back to the 2.11 branch here on the stable releases
 +since it has all of the relevant security fixes and better compatibility.
 +
 +**sudo-1.9.15p3**:  Upgraded.
 +This is a bugfix release.
 +
 +
 +==== 2023-12-13 ====
 +
 +**libxml2-2.12.3**:  Upgraded.
 +This update addresses regressions when building against libxml2 that were
 +due to header file refactoring.
 +
 +**libxml2-2.12.2**:  Upgraded.
 +Add --sysconfdir=/etc option so that this can find the xml catalog.
 +Thanks to SpiderTux.
 +Fix the following security issues:
 +Fix integer overflows with XML_PARSE_HUGE.
 +Fix dict corruption caused by entity reference cycles.
 +Hashing of empty dict strings isn't deterministic.
 +Fix null deref in xmlSchemaFixupComplexType.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2022-40303
 +  * https://www.cve.org/CVERecord?id=CVE-2022-40304
 +  * https://www.cve.org/CVERecord?id=CVE-2023-29469
 +  * https://www.cve.org/CVERecord?id=CVE-2023-28484
 +(**Security fix**)
 +
 +**ca-certificates-20231117**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**sudo-1.9.15p1**:  Upgraded.
 +This is a bugfix release:
 +Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
 +from being able to read the ldap.conf file.
 +
 +==== 2023-11-08 ====
 +
 +**sudo-1.9.15**:  Upgraded.
 +The sudoers plugin has been modified to make it more resilient to ROWHAMMER
 +attacks on authentication and policy matching.
 +The sudoers plugin now constructs the user time stamp file path name using
 +the user-ID instead of the user name. This avoids a potential problem with
 +user names that contain a path separator ('/') being interpreted as part of
 +the path name.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-42465
 +  * https://www.cve.org/CVERecord?id=CVE-2023-42456
 +(**Security fix**)
 +
 +
 +==== 2023-10-20 ====
 +
 +**httpd-2.4.58**:  Upgraded.
 +This update fixes bugs and security issues:
 +moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
 +right away on RST.
 +low: mod_macro buffer over-read.
 +low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
 +For more information, see:
 +  * https://downloads.apache.org/httpd/CHANGES_2.4.58
 +  * https://www.cve.org/CVERecord?id=CVE-2023-45802
 +  * https://www.cve.org/CVERecord?id=CVE-2023-31122
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43622
 +(**Security fix**)
 +
 +==== 2023-10-16 ====
 +
 +**curl-8.4.0**:  Upgraded.
 +This update fixes security issues:
 +Cookie injection with none file.
 +SOCKS5 heap buffer overflow.
 +For more information, see:
 +  * https://curl.se/docs/CVE-2023-38546.html
 +  * https://curl.se/docs/CVE-2023-38545.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-38546
 +  * https://www.cve.org/CVERecord?id=CVE-2023-38545
 +(**Security fix**)
 +
 +<code>
 +Mon Oct  9 18:10:01 UTC 2023
 +####################################################################
 +# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
 +#                                                                  #
 +# Effective January 1, 2024, security patches will no longer be    #
 +# provided for the following versions of Slackware (which will all #
 +# be more than 7 years old at that time):                          #
 +#   Slackware 14.0, Slackware 14.1, Slackware 14.2.                #
 +# If you are still running these versions you should consider      #
 +# migrating to a newer version (preferably as recent as possible). #
 +# Alternately, you may make arrangements to handle your own        #
 +# security patches.                                                #
 +####################################################################
 +</code>
 +
 +==== 2023-10-04 ====
 +
 +**libX11-1.8.7**:  Upgraded.
 +This update fixes security issues:
 +libX11: out-of-bounds memory access in _XkbReadKeySyms().
 +libX11: stack exhaustion from infinite recursion in PutSubImage().
 +libX11: integer overflow in XCreateImage() leading to a heap overflow.
 +For more information, see:
 +  * https://lists.x.org/archives/xorg-announce/2023-October/003424.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43785
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43786
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43787
 +(**Security fix**)
 +
 +**libXpm-3.5.17**:  Upgraded.
 +This update fixes security issues:
 +libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
 +libXpm: out of bounds read on XPM with corrupted colormap.
 +For more information, see:
 +  * https://lists.x.org/archives/xorg-announce/2023-October/003424.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43788
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43789
 +(**Security fix**)
 +
 +**cups-2.1.4**:  Rebuilt.
 +This update fixes bugs and a security issue:
 +Fixed Heap-based buffer overflow when reading Postscript in PPD files.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-4504
 +(**Security fix**)
 +
 +**netatalk-3.1.17**:  Upgraded.
 +This update fixes bugs and a security issue:
 +Validate data type in dalloc_value_for_key(). This flaw could allow a
 +malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
 +execute arbitrary code.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-42464
 +(**Security fix**)
 +
 +**curl-8.3.0**:  Upgraded.
 +This update fixes a security issue:
 +HTTP headers eat all memory.
 +  * https://curl.se/docs/CVE-2023-38039.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-38039
 +(**Security fix**)
 +
 +**libarchive-3.7.2**:  Upgraded.
 +This update fixes multiple security vulnerabilities in the PAX writer:
 +Heap overflow in url_encode() in archive_write_set_format_pax.c.
 +NULL dereference in archive_write_pax_header_xattrs().
 +Another NULL dereference in archive_write_pax_header_xattrs().
 +NULL dereference in archive_write_pax_header_xattr().
 +(**Security fix**)
 +
 +**netatalk-3.1.16**:  Upgraded.
 +This update fixes bugs and security issues.
 +Shared library .so-version bump.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2022-23121
 +  * https://www.cve.org/CVERecord?id=CVE-2022-23123
 +(**Security fix**)
 +
 +**curl-8.2.1**:  Upgraded.
 +This is a bugfix release.
 +
 +**whois-5.5.18**:  Upgraded.
 +Updated the .ga TLD server.
 +Added new recovered IPv4 allocations.
 +Removed the delegation of 43.0.0.0/8 to JPNIC.
 +Removed 12 new gTLDs which are no longer active.
 +Improved the man page source, courtesy of Bjarni Ingi Gislason.
 +Added the .edu.za SLD server.
 +Updated the .alt.za SLD server.
 +Added the -ru and -su NIC handles servers.
 +
 +**ca-certificates-20230721**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**curl-8.2.0**:  Upgraded.
 +This update fixes a security issue:
 +fopen race condition.
 +For more information, see:
 +  * https://curl.se/docs/CVE-2023-32001.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-32001
 +(**Security fix**)
 +
 +**sudo-1.9.14p2**:  Upgraded.
 +This is a bugfix release.
 +
 +**sudo-1.9.14p1**:  Upgraded.
 +This is a bugfix release.
 +
 +**cups-2.1.4**:  Rebuilt.
 +Fixed use-after-free when logging warnings in case of failures
 +in cupsdAcceptClient().
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-34241
 +(**Security fix**)
 +
 +==== 2023-06-15 ====
 +
 +**libX11-1.8.6**:  Upgraded.
 +This update fixes buffer overflows in InitExt.c that could at least cause
 +the client to crash due to memory corruption.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-3138
 +(**Security fix**)
 +
 +**ntp-4.2.8p17**:  Upgraded.
 +This is a bugfix release.
 +
 +
 +==== 2023-06-06 ====
 +
 +**cups-2.1.4**:  Rebuilt.
 +Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
 +cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
 +attacker to launch a denial of service (DoS) attack, or possibly execute
 +arbirary code.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-32324
 +(**Security fix**)
 +
 +**ntp-4.2.8p16**:  Upgraded.
 +This update fixes bugs and security issues.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-26551
 +  * https://www.cve.org/CVERecord?id=CVE-2023-26552
 +  * https://www.cve.org/CVERecord?id=CVE-2023-26553
 +  * https://www.cve.org/CVERecord?id=CVE-2023-26554
 +  * https://www.cve.org/CVERecord?id=CVE-2023-26555
 +(**Security fix**)
 +
 +**curl-8.1.2**:  Upgraded.
 +This is a bugfix release.
  
 ==== 2023-05-26 ==== ==== 2023-05-26 ====
changelog_14.2.1685136023.txt.gz · Last modified: 2023/05/26 17:20 by connie