Repository 32bit  Forum
Repository 64bit  Wiki
Thu Feb 13 23:45:53 UTC 2014
n/curl-7.35.0-i486-1.txz: Upgraded.
  This update fixes a flaw where libcurl could, in some circumstances, reuse
  the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
  request.
  For more information, see:
  http://curl.haxx.se/docs/adv_20140129.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
  (* Security fix *)
n/ntp-4.2.6p5-i486-5.txz: Rebuilt.
  All stable versions of NTP remain vulnerable to a remote attack where the
  "ntpdc -c monlist" command can be used to amplify network traffic as part
  of a denial of service attack. By default, Slackware is not vulnerable
  since it includes "noquery" as a default restriction. However, it is
  vulnerable if this restriction is removed. To help mitigate this flaw,
  "disable monitor" has been added to the default ntp.conf (which will disable
  the monlist command even if other queries are allowed), and the default
  restrictions have been extended to IPv6 as well.
  All users of the NTP daemon should make sure that their ntp.conf contains
  "disable monitor" to prevent misuse of the NTP service. The new ntp.conf
  file will be installed as /etc/ntp.conf.new with a package upgrade, but the
  changes will need to be merged into any existing ntp.conf file by the admin.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
  http://www.kb.cert.org/vuls/id/348126
  (* Security fix *)