Repository 32bit  Forum
Repository 64bit  Wiki
Fri Apr 15 20:37:37 UTC 2016
patches/packages/mozilla-thunderbird-45.0-i486-1_slack14.1.txz: Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
  http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/samba-4.2.11-i486-1_slack14.1.txz: Upgraded.
  This update fixes the security issues known as "badlock" (or "sadlock"),
  which may allow man-in-the-middle or denial-of-service attacks:
  CVE-2015-5370 (Multiple errors in DCE-RPC code)
  CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
  CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
  CVE-2016-2112 (LDAP client and server don't enforce integrity)
  CVE-2016-2113 (Missing TLS certificate validation)
  CVE-2016-2114 ("server signing = mandatory" not enforced)
  CVE-2016-2115 (SMB IPC traffic is not integrity protected)
  CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
  (* Security fix *)