changelog_14.2
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
changelog_14.2 [2023/06/06 14:33] – [2023-05-26] connie | changelog_14.2 [2023/12/23 13:40] (current) – [2023-12-20] connie | ||
---|---|---|---|
Line 2: | Line 2: | ||
Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
+ | |||
+ | |||
+ | ==== 2023-12-23 ==== | ||
+ | |||
+ | **proftpd-1.3.8b**: | ||
+ | This update fixes a security issue: | ||
+ | mod_sftp: implemented mitigations for " | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | |||
+ | ==== 2023-12-20 ==== | ||
+ | |||
+ | **libssh-0.10.6**: | ||
+ | This update fixes security issues: | ||
+ | Command injection using proxycommand. | ||
+ | Potential downgrade attack using strict kex. | ||
+ | Missing checks for return values of MD functions. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **sudo-1.9.15p4**: | ||
+ | This is a bugfix release. | ||
+ | |||
+ | **libxml2-2.11.6**: | ||
+ | We're going to drop back to the 2.11 branch here on the stable releases | ||
+ | since it has all of the relevant security fixes and better compatibility. | ||
+ | |||
+ | **sudo-1.9.15p3**: | ||
+ | This is a bugfix release. | ||
+ | |||
+ | |||
+ | ==== 2023-12-13 ==== | ||
+ | |||
+ | **libxml2-2.12.3**: | ||
+ | This update addresses regressions when building against libxml2 that were | ||
+ | due to header file refactoring. | ||
+ | |||
+ | **libxml2-2.12.2**: | ||
+ | Add --sysconfdir=/ | ||
+ | Thanks to SpiderTux. | ||
+ | Fix the following security issues: | ||
+ | Fix integer overflows with XML_PARSE_HUGE. | ||
+ | Fix dict corruption caused by entity reference cycles. | ||
+ | Hashing of empty dict strings isn't deterministic. | ||
+ | Fix null deref in xmlSchemaFixupComplexType. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **ca-certificates-20231117**: | ||
+ | This update provides the latest CA certificates to check for the | ||
+ | authenticity of SSL connections. | ||
+ | |||
+ | **sudo-1.9.15p1**: | ||
+ | This is a bugfix release: | ||
+ | Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers | ||
+ | from being able to read the ldap.conf file. | ||
+ | |||
+ | ==== 2023-11-08 ==== | ||
+ | |||
+ | **sudo-1.9.15**: | ||
+ | The sudoers plugin has been modified to make it more resilient to ROWHAMMER | ||
+ | attacks on authentication and policy matching. | ||
+ | The sudoers plugin now constructs the user time stamp file path name using | ||
+ | the user-ID instead of the user name. This avoids a potential problem with | ||
+ | user names that contain a path separator ('/' | ||
+ | the path name. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | |||
+ | ==== 2023-10-20 ==== | ||
+ | |||
+ | **httpd-2.4.58**: | ||
+ | This update fixes bugs and security issues: | ||
+ | moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed | ||
+ | right away on RST. | ||
+ | low: mod_macro buffer over-read. | ||
+ | low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2023-10-16 ==== | ||
+ | |||
+ | **curl-8.4.0**: | ||
+ | This update fixes security issues: | ||
+ | Cookie injection with none file. | ||
+ | SOCKS5 heap buffer overflow. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | < | ||
+ | Mon Oct 9 18:10:01 UTC 2023 | ||
+ | #################################################################### | ||
+ | # NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS # | ||
+ | # # | ||
+ | # Effective January 1, 2024, security patches will no longer be # | ||
+ | # provided for the following versions of Slackware (which will all # | ||
+ | # be more than 7 years old at that time): | ||
+ | # | ||
+ | # If you are still running these versions you should consider | ||
+ | # migrating to a newer version (preferably as recent as possible). # | ||
+ | # Alternately, | ||
+ | # security patches. | ||
+ | #################################################################### | ||
+ | </ | ||
+ | |||
+ | ==== 2023-10-04 ==== | ||
+ | |||
+ | **libX11-1.8.7**: | ||
+ | This update fixes security issues: | ||
+ | libX11: out-of-bounds memory access in _XkbReadKeySyms(). | ||
+ | libX11: stack exhaustion from infinite recursion in PutSubImage(). | ||
+ | libX11: integer overflow in XCreateImage() leading to a heap overflow. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **libXpm-3.5.17**: | ||
+ | This update fixes security issues: | ||
+ | libXpm: out of bounds read in XpmCreateXpmImageFromBuffer(). | ||
+ | libXpm: out of bounds read on XPM with corrupted colormap. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **cups-2.1.4**: | ||
+ | This update fixes bugs and a security issue: | ||
+ | Fixed Heap-based buffer overflow when reading Postscript in PPD files. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **netatalk-3.1.17**: | ||
+ | This update fixes bugs and a security issue: | ||
+ | Validate data type in dalloc_value_for_key(). This flaw could allow a | ||
+ | malicious actor to cause Netatalk' | ||
+ | execute arbitrary code. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **curl-8.3.0**: | ||
+ | This update fixes a security issue: | ||
+ | HTTP headers eat all memory. | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **libarchive-3.7.2**: | ||
+ | This update fixes multiple security vulnerabilities in the PAX writer: | ||
+ | Heap overflow in url_encode() in archive_write_set_format_pax.c. | ||
+ | NULL dereference in archive_write_pax_header_xattrs(). | ||
+ | Another NULL dereference in archive_write_pax_header_xattrs(). | ||
+ | NULL dereference in archive_write_pax_header_xattr(). | ||
+ | (**Security fix**) | ||
+ | |||
+ | **netatalk-3.1.16**: | ||
+ | This update fixes bugs and security issues. | ||
+ | Shared library .so-version bump. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **curl-8.2.1**: | ||
+ | This is a bugfix release. | ||
+ | |||
+ | **whois-5.5.18**: | ||
+ | Updated the .ga TLD server. | ||
+ | Added new recovered IPv4 allocations. | ||
+ | Removed the delegation of 43.0.0.0/8 to JPNIC. | ||
+ | Removed 12 new gTLDs which are no longer active. | ||
+ | Improved the man page source, courtesy of Bjarni Ingi Gislason. | ||
+ | Added the .edu.za SLD server. | ||
+ | Updated the .alt.za SLD server. | ||
+ | Added the -ru and -su NIC handles servers. | ||
+ | |||
+ | **ca-certificates-20230721**: | ||
+ | This update provides the latest CA certificates to check for the | ||
+ | authenticity of SSL connections. | ||
+ | |||
+ | **curl-8.2.0**: | ||
+ | This update fixes a security issue: | ||
+ | fopen race condition. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **sudo-1.9.14p2**: | ||
+ | This is a bugfix release. | ||
+ | |||
+ | **sudo-1.9.14p1**: | ||
+ | This is a bugfix release. | ||
+ | |||
+ | **cups-2.1.4**: | ||
+ | Fixed use-after-free when logging warnings in case of failures | ||
+ | in cupsdAcceptClient(). | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2023-06-15 ==== | ||
+ | |||
+ | **libX11-1.8.6**: | ||
+ | This update fixes buffer overflows in InitExt.c that could at least cause | ||
+ | the client to crash due to memory corruption. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **ntp-4.2.8p17**: | ||
+ | This is a bugfix release. | ||
+ | |||
==== 2023-06-06 ==== | ==== 2023-06-06 ==== |
changelog_14.2.1686076426.txt.gz · Last modified: 2023/06/06 14:33 by connie