Repository 32bit  Forum
Repository 64bit  Wiki
Tue Jan 14 03:54:48 UTC 2014
patches/packages/libXfont-1.4.7-i486-1_slack14.1.txz: Upgraded.
  This update fixes a stack overflow when reading a BDF font file containing
  a longer than expected string, which could lead to crashes or privilege
  escalation.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
  (* Security fix *)
patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded.
  This update fixes the following security issues:
  Fix for TLS record tampering bug CVE-2013-4353
  Fix for TLS version checking bug CVE-2013-6449
  Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded.
patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded.
  This update fixes the following security issues:
  Fix for TLS record tampering bug CVE-2013-4353
  Fix for TLS version checking bug CVE-2013-6449
  Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded.
patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded.
  The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
  5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
  parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
  which allows remote attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via a crafted certificate that is not
  properly handled by the openssl_x509_parse function.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
  (* Security fix *)
patches/packages/samba-4.1.4-i486-1_slack14.1.txz: Upgraded.
  This update fixes a heap-based buffer overflow that may allow AD domain
  controllers to execute arbitrary code via an invalid fragment length in
  a DCE-RPC packet.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
  (* Security fix *)