Repository 32bit  Forum
Repository 64bit  Wiki
Thu Jun 29 20:55:09 UTC 2017
patches/packages/bind-9.9.10_P2-i486-1_slack14.1.txz: Upgraded.
  This update fixes a high severity security issue:
  An error in TSIG handling could permit unauthorized zone transfers
  or zone updates.
  For more information, see:
  https://kb.isc.org/article/AA-01503/0
  https://kb.isc.org/article/AA-01504/0
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143
  (* Security fix *)
patches/packages/httpd-2.4.26-i486-1_slack14.1.txz: Upgraded.
  This update fixes security issues which may lead to an authentication bypass
  or a denial of service:
  important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167
  important: mod_ssl Null Pointer Dereference CVE-2017-3169
  important: mod_http2 Null Pointer Dereference CVE-2017-7659
  important: ap_find_token() Buffer Overread CVE-2017-7668
  important: mod_mime Buffer Overread CVE-2017-7679
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
  (* Security fix *)
patches/packages/linux-3.10.107/*: Upgraded.
  This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys.
  The first issue may allow attackers to execute arbitrary code with elevated
  privileges. Failed attack attempts will likely result in denial-of-service
  conditions. The second issue can be exploited to bypass certain security
  restrictions and perform unauthorized actions.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
  https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
  (* Security fix *)
  In addition, a patch is included and preapplied to guard against other == sk
  in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls.
  Thanks to Ben Stern for the bug report.
patches/packages/mkinitrd-1.4.10-i486-1_slack14.1.txz: Upgraded.
  Added support for -P option and MICROCODE_ARCH in mkinitrd.conf to specify
  a microcode archive to be prepended to the initrd for early CPU microcode
  patching by the kernel. Thanks to SeB.