Repository 32bit  Forum
Repository 64bit  Wiki
Wed Oct 18 18:21:18 UTC 2017
patches/packages/libXres-1.2.0-i486-1_slack14.1.txz: Upgraded.
  Integer overflows may allow X servers to trigger allocation of insufficient
  memory and a buffer overflow via vectors related to the (1)
  XResQueryClients and (2) XResQueryClientResources functions.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
  (* Security fix *)
patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz: Upgraded.
  This update includes patches to mitigate the WPA2 protocol issues known
  as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
  hijack TCP connections, and to forge and inject packets. This is the
  list of vulnerabilities that are addressed here:
  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
  4-way handshake.
  CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
  handshake.
  CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
  handshake.
  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
  key handshake.
  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
  Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
  while processing it.
  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
  PeerKey (TPK) key in the TDLS handshake.
  CVE-2017-13087: reinstallation of the group key (GTK) when processing a
  Wireless Network Management (WNM) Sleep Mode Response frame.
  CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
  processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  For more information, see:
  https://www.krackattacks.com/
  https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
  (* Security fix *)
patches/packages/xorg-server-1.14.3-i486-6_slack14.1.txz: Rebuilt.
  This update fixes integer overflows and other possible security issues.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.14.3-i486-6_slack14.1.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.14.3-i486-6_slack14.1.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.14.3-i486-6_slack14.1.txz: Rebuilt.