diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-01-23 04:39:04 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-01-23 17:59:47 +0100 |
commit | f4a16dfaa3822cd84790612cfb5f6794e7397ea1 (patch) | |
tree | 61a5be5a608a9549f8e0e4f7ae99c0d98ed1bed3 /CHANGES_AND_HINTS.TXT | |
parent | 238f2af030367ddd0d0a014e19be72c45483e153 (diff) | |
download | current-f4a16dfaa3822cd84790612cfb5f6794e7397ea1.tar.gz |
Wed Jan 23 04:39:04 UTC 201920190123043904
a/kernel-generic-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.17-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.17-x86-1.txz: Upgraded.
d/scons-3.0.4-x86_64-1.txz: Upgraded.
d/vala-0.42.5-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.17-noarch-1.txz: Upgraded.
n/httpd-2.4.38-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
(* Security fix *)
x/libdrm-2.4.97-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'CHANGES_AND_HINTS.TXT')
0 files changed, 0 insertions, 0 deletions