diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2024-02-28 18:36:48 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2024-02-28 20:34:19 +0100 |
| commit | 72065739ec0c24fdf21bba7d653b1ba05179b8d4 (patch) | |
| tree | bd67bac7792bd1b42554a0b454a48e49f6907a63 /ChangeLog.txt | |
| parent | d3c57a554896ccb272a79fac07e41c89f7d39d0f (diff) | |
| download | current-72065739ec0c24fdf21bba7d653b1ba05179b8d4.tar.gz current-72065739ec0c24fdf21bba7d653b1ba05179b8d4.tar.xz | |
Wed Feb 28 18:36:48 UTC 202420240228183648
d/parallel-20240222-noarch-1.txz: Upgraded.
kde/krita-5.2.2-x86_64-4.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/accountsservice-23.13.9-x86_64-1.txz: Upgraded.
Thanks to reddog83.
l/libass-0.17.1-x86_64-2.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/libunibreak-6.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/orc-0.4.38-x86_64-1.txz: Upgraded.
l/python-requests-2.31.0-x86_64-1.txz: Upgraded.
l/python-urllib3-2.2.1-x86_64-1.txz: Upgraded.
l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz: Added.
n/wpa_supplicant-2.10-x86_64-3.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
xap/gparted-1.6.0-x86_64-1.txz: Upgraded.
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog.txt | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 6ebfc5eea..d1a43af16 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,30 @@ +Wed Feb 28 18:36:48 UTC 2024 +d/parallel-20240222-noarch-1.txz: Upgraded. +kde/krita-5.2.2-x86_64-4.txz: Rebuilt. + Recompiled against libunibreak-6.0. +l/accountsservice-23.13.9-x86_64-1.txz: Upgraded. + Thanks to reddog83. +l/libass-0.17.1-x86_64-2.txz: Rebuilt. + Recompiled against libunibreak-6.0. +l/libunibreak-6.0-x86_64-1.txz: Upgraded. + Shared library .so-version bump. +l/orc-0.4.38-x86_64-1.txz: Upgraded. +l/python-requests-2.31.0-x86_64-1.txz: Upgraded. +l/python-urllib3-2.2.1-x86_64-1.txz: Upgraded. +l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz: Added. +n/wpa_supplicant-2.10-x86_64-3.txz: Rebuilt. + Patched the implementation of PEAP in wpa_supplicant to prevent an + authentication bypass. For a successful attack, wpa_supplicant must be + configured to not verify the network's TLS certificate during Phase 1 + authentication, and an eap_peap_decrypt vulnerability can then be abused + to skip Phase 2 authentication. The attack vector is sending an EAP-TLV + Success packet instead of starting Phase 2. This allows an adversary to + impersonate Enterprise Wi-Fi networks. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-52160 + (* Security fix *) +xap/gparted-1.6.0-x86_64-1.txz: Upgraded. ++--------------------------+ Mon Feb 26 20:09:43 UTC 2024 a/mdadm-4.3-x86_64-1.txz: Upgraded. a/pciutils-3.11.1-x86_64-1.txz: Upgraded. |