Repository 32bit  Forum
Repository 64bit  Wiki
Thu Mar 1 23:24:54 UTC 2018
patches/packages/dhcp-4.4.1-i486-1_slack14.1.txz: Upgraded.
  This update fixes two security issues:
  Corrected an issue where large sized 'X/x' format options were causing
  option handling logic to overwrite memory when expanding them to human
  readable form. Reported by Felix Wilhelm, Google Security Team.
  Option reference count was not correctly decremented in error path
  when parsing buffer for options. Reported by Felix Wilhelm, Google
  Security Team.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733
  (* Security fix *)
patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz: Upgraded.
  This release addresses five security issues in ntpd:
  * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:
  ephemeral association attack. While fixed in ntp-4.2.8p7, there are
  significant additional protections for this issue in 4.2.8p11.
  Reported by Matt Van Gundy of Cisco.
  * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer
  read overrun leads to undefined behavior and information leak.
  Reported by Yihan Lian of Qihoo 360.
  * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated
  ephemeral associations. Reported on the questions@ list.
  * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode
  cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat.
  * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet
  can reset authenticated interleaved association.
  Reported by Miroslav Lichvar of Red Hat.
  For more information, see:
  http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185
  (* Security fix *)