diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 4f8e28f5b..145abb00c 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,73 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Sat, 17 Dec 2022 02:40:06 GMT</pubDate> - <lastBuildDate>Sat, 17 Dec 2022 03:39:03 GMT</lastBuildDate> + <pubDate>Sat, 17 Dec 2022 21:14:11 GMT</pubDate> + <lastBuildDate>Sat, 17 Dec 2022 22:32:50 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Sat, 17 Dec 2022 21:14:11 GMT</title> + <pubDate>Sat, 17 Dec 2022 21:14:11 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20221217211411</link> + <guid isPermaLink="false">20221217211411</guid> + <description> + <![CDATA[<pre> +a/xz-5.4.0-x86_64-1.txz: Upgraded. +l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded. +l/libmpc-1.3.1-x86_64-1.txz: Upgraded. +n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded. +n/samba-4.17.4-x86_64-1.txz: Upgraded. + This update fixes security issues: + This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of + Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. + A Samba Active Directory DC will issue weak rc4-hmac session keys for + use between modern clients and servers despite all modern Kerberos + implementations supporting the aes256-cts-hmac-sha1-96 cipher. + On Samba Active Directory DCs and members + 'kerberos encryption types = legacy' + would force rc4-hmac as a client even if the server supports + aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. + This is the Samba CVE for the Windows Kerberos Elevation of Privilege + Vulnerability disclosed by Microsoft on Nov 8 2022. + A service account with the special constrained delegation permission + could forge a more powerful ticket than the one it was presented with. + The "RC4" protection of the NetLogon Secure channel uses the same + algorithms as rc4-hmac cryptography in Kerberos, and so must also be + assumed to be weak. + Note that there are several important behavior changes included in this + release, which may cause compatibility problems interacting with system + still expecting the former behavior. + Please read the advisories of CVE-2022-37966, CVE-2022-37967 and + CVE-2022-38023 carefully! + For more information, see: + https://www.samba.org/samba/security/CVE-2022-37966.html + https://www.samba.org/samba/security/CVE-2022-37967.html + https://www.samba.org/samba/security/CVE-2022-38023.html + https://www.cve.org/CVERecord?id=CVE-2022-37966 + https://www.cve.org/CVERecord?id=CVE-2022-37967 + https://www.cve.org/CVERecord?id=CVE-2022-38023 + (* Security fix *) +xfce/exo-4.18.0-x86_64-1.txz: Upgraded. +xfce/garcon-4.18.0-x86_64-1.txz: Upgraded. +xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded. +xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded. +xfce/thunar-4.18.0-x86_64-1.txz: Upgraded. +xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded. +xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded. +xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded. +xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded. +xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded. + </pre>]]> + </description> + </item> + <item> <title>Sat, 17 Dec 2022 02:40:06 GMT</title> <pubDate>Sat, 17 Dec 2022 02:40:06 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20221217024006</link> |