httpd
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues
Gnutls
New gnutls packages are available for Slackware 14.2 and -current to fix a security issue
Läs mer...httpd:
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.43-i586-1_slack14.2.txz: Upgraded. This release contains security fixes (since 2.4.39) and improvements. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081 (* Security fix *)
+--------------------------+
Gnutls:
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnutls-3.6.13-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. [GNUTLS-SA-2020-03-31, CVSS: high] (* Security fix *)
+--------------------------+
"So I'll admit to vacillating between doing this 5.6 release and doing
another -rc.
This has a bit more changes than I'd like, but they are mostly from
davem's networking fixes pulls, and David feels comfy with them. And I
looked over the diff, and none of it looks scary. It's just slightly
more than I'd have preferred at this stage - not doesn't really seem
worth delaying a release over."
So about half the diff from the final week is network driver fixlets,
and some minor core networking fixes. Another 20% is tooling - mostly
bpf and netfilter selftests (but also some perf work).
The rest is "misc" - mostly random drivers (gpio, rdma, input) and DTS
files. With a smattering of fixes elsewhere (a couple of afs fixes,
some vm fixes, etc).
The shortlog is appended, nothing really looks all that exciting, and
most of the discussions I've seen are already about things for the
next merge window.
Which obviously opens now as of the release, and I'll start doing
pulls tomorrow. I already have a couple of pull requests in pending in
my inbox - thank you.
And while I haven't really seen any real sign of kernel development
being impacted by all the coronavirus activity - I suspect a lot of us
work from home even normally, and my daughter laughed at me and called
me a "social distancing champ" the other day - it may be worth just
mentioning: I think we're all reading the news and slightly
distracted. I'm currently going by the assumption that we'll have a
fairly normal 5.7 release, and there doesn't seem to be any signs
saying otherwise, but hey, people may have better-than-usual reasons
for missing the merge window. Let me know if you know of some
subsystem that ends up being affected.
So we'll play it by ear and see what happens. It's not like the merge
window is more important than your health, or the health of people
around you.
Linus
[slackware-security] Slackware 14.2 kernel (SSA:2020-086-01)
New kernel packages are available for Slackware 14.2 to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.217/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 4.4.209:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965
Fixed in 4.4.210:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066
Fixed in 4.4.211:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108
Fixed in 4.4.212:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14897
Fixed in 4.4.215:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0009
Fixed in 4.4.216:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
Fixed in 4.4.217:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901
(* Security fix *)
+--------------------------+
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering