[slackware-security] libexif (SSA:2020-140-02)
New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
&
[slackware-security] bind (SSA:2020-140-01)
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libexif-0.6.22-i486-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues: CVE-2018-20030:
Fix for recursion DoS CVE-2020-13114:
Time consumption DoS when parsing canon array markers CVE-2020-13113:
Potential use of uninitialized memory CVE-2020-13112:
Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093:
read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767:
fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544:
fixed buffer overread
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
(* Security fix *)
+--------------------------+
&
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.19-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
A malicious actor who intentionally exploits the lack of effective limitation
on the number of fetches performed when processing referrals can,
through the use of specially crafted referrals, cause a recursing server
to issue a very large number of fetches in an attempt to process the referral.
This has at least two potential effects:
The performance of the recursing server can potentially be degraded
by the additional work required to perform these fetches,
and the attacker can exploit this behavior to use the recursing server as a reflector
in a reflection attack with a high amplification factor.
Replaying a TSIG BADTIME response as a request could trigger an assertion failure.
For more information, see:
https://kb.isc.org/docs/cve-2020-8616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
https://kb.isc.org/docs/cve-2020-8617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617
(* Security fix *)
+--------------------------+
Fri May 15 07:28:15 UTC 2020
Hey folks, just a heads-up that PAM is about to be merged into the main tree.
We can't have it blocking other upgrades any longer. The config files could be
improved (adding support for pam_krb5 and pam_ldap, for example), but they'll
do for now. Have a good weekend, and enjoy these updates! :-)
[slackware-security] mariadb (SSA:2020-133-01) New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
Läs mer...Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-5.5.68-i486-1_slack14.1.txz: Upgraded.
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2812
(* Security fix *)
+--------------------------+
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering