Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
changelog_14.2 [2023/10/04 12:18] – [2023-06-15] conniechangelog_14.2 [2023/12/23 13:40] (current) – [2023-12-20] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +
 +==== 2023-12-23 ====
 +
 +**proftpd-1.3.8b**:  Upgraded.
 +This update fixes a security issue:
 +mod_sftp: implemented mitigations for "Terrapin" SSH attack.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-48795
 +(**Security fix**)
 +
 +
 +==== 2023-12-20 ====
 +
 +**libssh-0.10.6**:  Upgraded.
 +This update fixes security issues:
 +Command injection using proxycommand.
 +Potential downgrade attack using strict kex.
 +Missing checks for return values of MD functions.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-6004
 +  * https://www.cve.org/CVERecord?id=CVE-2023-48795
 +  * https://www.cve.org/CVERecord?id=CVE-2023-6918
 +(**Security fix**)
 +
 +**sudo-1.9.15p4**:  Upgraded.
 +This is a bugfix release.
 +
 +**libxml2-2.11.6**:  Upgraded.
 +We're going to drop back to the 2.11 branch here on the stable releases
 +since it has all of the relevant security fixes and better compatibility.
 +
 +**sudo-1.9.15p3**:  Upgraded.
 +This is a bugfix release.
 +
 +
 +==== 2023-12-13 ====
 +
 +**libxml2-2.12.3**:  Upgraded.
 +This update addresses regressions when building against libxml2 that were
 +due to header file refactoring.
 +
 +**libxml2-2.12.2**:  Upgraded.
 +Add --sysconfdir=/etc option so that this can find the xml catalog.
 +Thanks to SpiderTux.
 +Fix the following security issues:
 +Fix integer overflows with XML_PARSE_HUGE.
 +Fix dict corruption caused by entity reference cycles.
 +Hashing of empty dict strings isn't deterministic.
 +Fix null deref in xmlSchemaFixupComplexType.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2022-40303
 +  * https://www.cve.org/CVERecord?id=CVE-2022-40304
 +  * https://www.cve.org/CVERecord?id=CVE-2023-29469
 +  * https://www.cve.org/CVERecord?id=CVE-2023-28484
 +(**Security fix**)
 +
 +**ca-certificates-20231117**:  Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**sudo-1.9.15p1**:  Upgraded.
 +This is a bugfix release:
 +Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
 +from being able to read the ldap.conf file.
 +
 +==== 2023-11-08 ====
 +
 +**sudo-1.9.15**:  Upgraded.
 +The sudoers plugin has been modified to make it more resilient to ROWHAMMER
 +attacks on authentication and policy matching.
 +The sudoers plugin now constructs the user time stamp file path name using
 +the user-ID instead of the user name. This avoids a potential problem with
 +user names that contain a path separator ('/') being interpreted as part of
 +the path name.
 +For more information, see:
 +  * https://www.cve.org/CVERecord?id=CVE-2023-42465
 +  * https://www.cve.org/CVERecord?id=CVE-2023-42456
 +(**Security fix**)
 +
 +
 +==== 2023-10-20 ====
 +
 +**httpd-2.4.58**:  Upgraded.
 +This update fixes bugs and security issues:
 +moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
 +right away on RST.
 +low: mod_macro buffer over-read.
 +low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
 +For more information, see:
 +  * https://downloads.apache.org/httpd/CHANGES_2.4.58
 +  * https://www.cve.org/CVERecord?id=CVE-2023-45802
 +  * https://www.cve.org/CVERecord?id=CVE-2023-31122
 +  * https://www.cve.org/CVERecord?id=CVE-2023-43622
 +(**Security fix**)
 +
 +==== 2023-10-16 ====
 +
 +**curl-8.4.0**:  Upgraded.
 +This update fixes security issues:
 +Cookie injection with none file.
 +SOCKS5 heap buffer overflow.
 +For more information, see:
 +  * https://curl.se/docs/CVE-2023-38546.html
 +  * https://curl.se/docs/CVE-2023-38545.html
 +  * https://www.cve.org/CVERecord?id=CVE-2023-38546
 +  * https://www.cve.org/CVERecord?id=CVE-2023-38545
 +(**Security fix**)
 +
 +<code>
 +Mon Oct  9 18:10:01 UTC 2023
 +####################################################################
 +# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
 +#                                                                  #
 +# Effective January 1, 2024, security patches will no longer be    #
 +# provided for the following versions of Slackware (which will all #
 +# be more than 7 years old at that time):                          #
 +#   Slackware 14.0, Slackware 14.1, Slackware 14.2.                #
 +# If you are still running these versions you should consider      #
 +# migrating to a newer version (preferably as recent as possible). #
 +# Alternately, you may make arrangements to handle your own        #
 +# security patches.                                                #
 +####################################################################
 +</code>
  
 ==== 2023-10-04 ==== ==== 2023-10-04 ====
changelog_14.2.1696436295.txt.gz · Last modified: 2023/10/04 12:18 by connie