Repository 32bit  Forum
Repository 64bit  Wiki
Fri Aug 17 16:52:04 UTC 2018
patches/packages/ntp-4.2.8p12-i486-1_slack14.1.txz: Upgraded.
  This release improves on one security fix in ntpd:
  LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
  While fixed in ntp-4.2.8p7 and with significant additional protections for
  this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
  the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
  Edge-case hole reported by Martin Burnicki of Meinberg.
  And fixes another security issue in ntpq and ntpdc:
  LOW: Sec 3505: The openhost() function used during command-line hostname
  processing by ntpq and ntpdc can write beyond its buffer limit, which
  could allow an attacker to achieve code execution or escalate to higher
  privileges via a long string as the argument for an IPv4 or IPv6
  command-line parameter. NOTE: It is unclear whether there are any common
  situations in which ntpq or ntpdc is used with a command line from an
  untrusted source. Reported by Fakhri Zulkifli.
  For more information, see:
  http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
  (* Security fix *)
patches/packages/samba-4.6.16-i486-1_slack14.1.txz: Upgraded.
  This is a security release in order to address the following defects:
  Insufficient input validation on client directory listing in libsmbclient.
  A malicious server could return a directory entry that could corrupt
  libsmbclient memory.
  Confidential attribute disclosure from the AD LDAP server.
  Missing access control checks allow discovery of confidential attribute
  values via authenticated LDAP search expressions.
  For more information, see:
  https://www.samba.org/samba/security/CVE-2018-10858.html
  https://www.samba.org/samba/security/CVE-2018-10919.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
  (* Security fix *)