Slackware64-current ChangeLog

ChangeLog for: 2017-04-21 23:40:12

a/etc-14.2-x86_64-10.txz:  Rebuilt.
  Added user:group for NTP (UID 44/GID 44).
ap/sudo-1.8.19p2-x86_64-1.txz:  Upgraded.
d/git-2.12.2-x86_64-1.txz:  Upgraded.
d/mercurial-4.1.3-x86_64-1.txz:  Upgraded.
l/libgphoto2-2.5.13-x86_64-1.txz:  Upgraded.
n/curl-7.54.0-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Switch off SSL session id when client cert is used.
  For more information, see:
    https://curl.haxx.se/docs/adv_20170419.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468
  (* Security fix *)
n/dhcpcd-6.11.5-x86_64-1.txz:  Upgraded.
  Thanks to Robby Workman.
n/ethtool-4.10-x86_64-1.txz:  Upgraded.
n/getmail-4.54.0-x86_64-1.txz:  Upgraded.
n/ntp-4.2.8p10-x86_64-1.txz:  Upgraded.
  There were some changes made to NTP setup in -current:
  First, NTP drops privileges and runs as ntp:ntp. Be sure to install the
  updated etc package to get the new user and group.
  Some files have been relocated:
  The ntp.keys file has moved from /etc/ntp/ to /etc/.
  The drift and stats files now reside in /var/lib/ntp/.
  The step-tickers file has been removed. It's actually been deprecated for
  a while and nothing has referenced in for quite some time.
  Be sure to move the new rc.ntpd.new into place, and move over or merge
  from the .new config files.
  Thanks to Robby Workman for help with these changes.
  In addition to bug fixes and enhancements, this release fixes security
  issues of medium and low severity:
  Denial of Service via Malformed Config (Medium)
  Authenticated DoS via Malicious Config Option (Medium)
  Potential Overflows in ctl_put() functions (Medium)
  Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
  0rigin DoS (Medium)
  Buffer Overflow in DPTS Clock (Low)
  Improper use of snprintf() in mx4200_send() (Low)
  The following issues do not apply to Linux systems:
  Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
  Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
  Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459
  (* Security fix *)
n/proftpd-1.3.6-x86_64-1.txz:  Upgraded.
  This release fixes a security issue:
  AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
  (* Security fix *)