Repository 32bit  Forum
Repository 64bit  Wiki
Fri Apr 21 22:40:12 UTC 2017
patches/packages/mozilla-firefox-45.9.0esr-i486-1_slack14.1.txz: Upgraded.
  This release contains security fixes and improvements.
  Also, switching back to the 45.x ESR branch due to instabilty of the
  52.x ESR branch on Slackware 14.1.
  For more information, see:
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)
patches/packages/ntp-4.2.8p10-i486-1_slack14.1.txz: Upgraded.
  In addition to bug fixes and enhancements, this release fixes security
  issues of medium and low severity:
  Denial of Service via Malformed Config (Medium)
  Authenticated DoS via Malicious Config Option (Medium)
  Potential Overflows in ctl_put() functions (Medium)
  Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
  0rigin DoS (Medium)
  Buffer Overflow in DPTS Clock (Low)
  Improper use of snprintf() in mx4200_send() (Low)
  The following issues do not apply to Linux systems:
  Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
  Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
  Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459
  (* Security fix *)
patches/packages/proftpd-1.3.5e-i486-1_slack14.1.txz: Upgraded.
  This release fixes a security issue:
  AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
  (* Security fix *)