cucumber-linux-security Mailing List for Cucumber Linux
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2019-05-14 15:32:36
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue May 14 11:11:10 EDT 2019 net-general/mariadb upgraded from 10.1.38 to 10.1.40 to fix two security vulnerabilities: CVE-2019-2614 and CVE-2019-2627, both of which allowed for a high privileged attacker with network access to cause a denial of service via a hang or frequently repeatable crash. For more information see: https://mariadb.com/kb/en/library/mariadb-10139-release-notes/ https://security.cucumberlinux.com/security/details.php?id=699 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 https://security.cucumberlinux.com/security/details.php?id=700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.38 to 10.1.40 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-699 [CVE-2019-2614] (https://security.cucumberlinux.com/security/details.php?id=699) * CLD-700 [CVE-2019-2627] (https://security.cucumberlinux.com/security/details.php?id=700) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-05-09 16:18:46
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 9 11:32:38 EDT 2019 base/linux upgraded from 4.9.170 to 4.9.174. This update fixes CVE-2019-3882 and contains several other bug fixes and security improvements. For more information see: https://security.cucumberlinux.com/security/details.php?id=698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3882 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.174 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.173 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.172 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.171 kernel/linux-source upgraded from 4.9.170 to 4.9.174 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-698 [CVE-2019-3882] (https://security.cucumberlinux.com/security/details.php?id=698) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-05-05 19:00:10
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun May 5 12:45:36 EDT 2019 lang-general/php upgraded from 7.2.17 to 7.2.18. This is an upstream security fix release that also contains several minor bug fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=697 https://www.php.net/ChangeLog-7.php#7.2.18 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-697 (https://security.cucumberlinux.com/security/details.php?id=697) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-29 16:55:43
|
Update Information A security update is available for libpng for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 29 12:23:27 EDT 2019 lib-base/libpng rebuilt (build 2) to fix CVE-2019-7317, a security vulnerability that allowed for a denial of service (application crash) and possibly code execution if the user opened a maliciously crafted PNG image. For more information see: https://security.cucumberlinux.com/security/details.php?id=692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 multilib/libpng-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-692 [CVE-2019-7317] (https://security.cucumberlinux.com/security/details.php?id=692) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libpng is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-27 22:39:37
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Apr 27 18:17:51 EDT 2019 net-extra/bind-server upgraded from 9.11.5 to 9.11.6_P1 to fix two security vulnerabilities: CVE-2018-5743, which allowed for a remote attacker to cause a denial of service (a hang of named, and possibly a complete denial of service to the entire filesystem BIND is located on) due to ineffective limiting of simultaneous TCP client connections; and CVE-2019-6467, which allowed for a remote denial of service (crash of named) due to an assertion failure in query.c. For more information see: https://security.cucumberlinux.com/security/details.php?id=694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 https://kb.isc.org/docs/cve-2018-5743 https://security.cucumberlinux.com/security/details.php?id=696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467 https://kb.isc.org/docs/cve-2019-6467 net-base/bind-client upgraded from 9.11.5 to 9.11.6_P1. Note that the aforementioned vulnerabilities affect only named, so the bind-client package is unaffected by them. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-694 [CVE-2018-5743] (https://security.cucumberlinux.com/security/details.php?id=694) * CLD-696 [CVE-2019-6467] (https://security.cucumberlinux.com/security/details.php?id=696) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-20 20:39:16
|
Update Information A security update is available for openssh for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Apr 20 16:22:58 EDT 2019 net-general/openssh upgraded from 7.8p1 to 8.0p1 to fix CVE-2019-6111, a security vulnerability that allowed for a malicious scp server to overwrite arbitrary files in the client's target directory via a man in the middle attack. For more information see: https://security.cucumberlinux.com/security/details.php?id=687 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 https://www.openssh.com/txt/release-8.0 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-687 [CVE-2019-6111] (https://security.cucumberlinux.com/security/details.php?id=687) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssh is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-09 17:53:31
|
Update Information A security update is available for dovecot for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Apr 9 13:38:55 EDT 2019 net-extra/dovecot upgraded from 2.2.36 to 2.2.36.3 to fix two security vulnerabilities: CVE-2019-3814, which allowed for an attacker to log in as a different user on the system; and CVE-2019-7524, which allowed for local root privilege escalation or arbitrary code execution. For more information see: https://dovecot.org/list/dovecot/2019-February/114575.html https://security.cucumberlinux.com/security/details.php?id=686 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814 https://dovecot.org/list/dovecot-news/2019-March/000403.html https://security.cucumberlinux.com/security/details.php?id=683 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7524 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-686 [CVE-2019-3814] (https://security.cucumberlinux.com/security/details.php?id=686) * CLD-683 [CVE-2019-7524] (https://security.cucumberlinux.com/security/details.php?id=683) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure dovecot is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-09 16:10:05
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Apr 9 11:54:01 EDT 2019 net-base/openssl upgraded from 1.0.2q to 1.0.2r to fix CVE-2019-1559, a security vulnerability that allowed for a padding oracle to be used to decrypt data if an application called SSL_shutdown() twice after an error occurred. For more information see: https://www.openssl.org/news/secadv/20190226.txt https://security.cucumberlinux.com/security/details.php?id=685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 multilib/net-base/openssl-lib_i686 upgraded from 1.0.2q to 1.0.2r (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-685 [CVE-2019-1559] (https://security.cucumberlinux.com/security/details.php?id=685) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-09 01:14:18
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 8 19:11:45 EDT 2019 lang-general/php upgraded from 7.2.16 to 7.2.17. This is an upstream security update that also contains several bug fixes. For more information see: https://www.php.net/ChangeLog-7.php#7.2.17 https://security.cucumberlinux.com/security/details.php?id=684 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-684 (https://security.cucumberlinux.com/security/details.php?id=684) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-08 23:07:40
|
Update Information A security update is available for wget for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 8 18:52:36 EDT 2019 net-base/wget upgraded from 1.19.5 to 1.20.3 to fix CVE-2019-5953, a buffer overflow security vulnerability that could result in a denial of service or arbitrary code execution. For more information see: https://jvn.jp/en/jp/JVN25261088/ https://security.cucumberlinux.com/security/details.php?id=682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-682 [CVE-2019-5953] (https://security.cucumberlinux.com/security/details.php?id=682) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure wget is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-05 17:12:15
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 5 12:32:55 EDT 2019 net-general/mariadb upgraded from 10.1.37 to 10.1.38 to fix two security vulnerabilities (CVE-2019-2529 and CVE-2019-2537) that could be used to cause a remote denial of service via a hang or crash. For more information see: https://mariadb.com/kb/en/library/mariadb-10138-release-notes/ https://security.cucumberlinux.com/security/details.php?id=681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2529 https://security.cucumberlinux.com/security/details.php?id=680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.37 to 10.1.38 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-680 [CVE-2019-2537] (https://security.cucumberlinux.com/security/details.php?id=680) * CLD-681 [CVE-2019-2529] (https://security.cucumberlinux.com/security/details.php?id=681) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-05 17:05:59
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 5 12:32:55 EDT 2019 net-general/mariadb upgraded from 10.1.37 to 10.1.38 to fix two security vulnerabilities (CVE-2019-2529 and CVE-2019-2537) that could be used to cause a remote denial of service via a hang or crash. For more information see: https://mariadb.com/kb/en/library/mariadb-10138-release-notes/ https://security.cucumberlinux.com/security/details.php?id=681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2529 https://security.cucumberlinux.com/security/details.php?id=680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.37 to 10.1.38 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-680 [CVE-2019-2537] (https://security.cucumberlinux.com/security/details.php?id=680) * CLD-681 [CVE-2019-2529] (https://security.cucumberlinux.com/security/details.php?id=681) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-05 15:13:53
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 5 10:54:28 EDT 2019 net-general/apache upgraded from 2.4.38 to 2.4.39. This is an upstream update that contains several bug fixes and fixes 6 security vulnerabilities: CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215 and CVE-2019-0220. For more information see: https://www.apache.org/dist/httpd/CHANGES_2.4.39 https://security.cucumberlinux.com/security/details.php?id=679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220 https://security.cucumberlinux.com/security/details.php?id=678 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215 https://security.cucumberlinux.com/security/details.php?id=677 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217 https://security.cucumberlinux.com/security/details.php?id=675 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211 https://security.cucumberlinux.com/security/details.php?id=674 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196 https://security.cucumberlinux.com/security/details.php?id=673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-673 [CVE-2019-0197] (https://security.cucumberlinux.com/security/details.php?id=673) * CLD-674 [CVE-2019-0196] (https://security.cucumberlinux.com/security/details.php?id=674) * CLD-675 [CVE-2019-0211] (https://security.cucumberlinux.com/security/details.php?id=675) * CLD-677 [CVE-2019-0217] (https://security.cucumberlinux.com/security/details.php?id=677) * CLD-678 [CVE-2019-0215] (https://security.cucumberlinux.com/security/details.php?id=678) * CLD-679 [CVE-2019-0220] (https://security.cucumberlinux.com/security/details.php?id=679) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-04 15:23:13
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Apr 3 14:12:45 EDT 2019 lang-general/php upgraded from 7.2.14 to 7.2.16. This is an upstream security release that also contains several bug fixes. For more information see: https://www.php.net/ChangeLog-7.php#7.2.16 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-672 (https://security.cucumberlinux.com/security/details.php?id=672) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-04 15:18:24
|
. Update Information A security update is available for python2 for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Apr 3 14:00:50 EDT 2019 lang-base/python2 upgraded from 2.7.15 to 2.7.16. This is an upstream bug fix and security fix release. Fixes CVE-2013-1752, CVE-2018-14647 and CVE-2019-5010. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752 https://security.cucumberlinux.com/security/details.php?id=670 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647 https://security.cucumberlinux.com/security/details.php?id=564 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010 https://security.cucumberlinux.com/security/details.php?id=671 multilib/lang-base/python2-lib_i686 upgraded from 2.7.15 to 2.7.16 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-670 [CVE-2013-1752] (https://security.cucumberlinux.com/security/details.php?id=670) * CLD-671 [CVE-2019-5010] (https://security.cucumberlinux.com/security/details.php?id=671) * CLD-564 [CVE-2018-14647] (https://security.cucumberlinux.com/security/details.php?id=564) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-04 15:16:07
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Apr 3 14:03:32 EDT 2019 net-base/curl upgraded from 7.62.0 to 7.64.1. This is an upstream update that fixes three security vulnerabilities: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read For more information see: https://curl.haxx.se/docs/security.html https://security.cucumberlinux.com/security/details.php?id=659 https://security.cucumberlinux.com/security/details.php?id=660 https://security.cucumberlinux.com/security/details.php?id=661 multilib/net-base/curl-lib_i686 upgraded from 7.62.0 to 7.64.1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-659 [CVE-2018-16890] (https://security.cucumberlinux.com/security/details.php?id=659) * CLD-660 [CVE-2019-3822] (https://security.cucumberlinux.com/security/details.php?id=660) * CLD-661 [CVE-2019-3823] (https://security.cucumberlinux.com/security/details.php?id=661) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-03 01:50:08
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Apr 2 12:42:36 EDT 2019 xapps-general/thunderbird upgraded from 60.4.0 to 60.6.1. This is an upstream update that contains several security fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=666 https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/ https://security.cucumberlinux.com/security/details.php?id=667 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://security.cucumberlinux.com/security/details.php?id=668 https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/ https://security.cucumberlinux.com/security/details.php?id=669 https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-666 (https://security.cucumberlinux.com/security/details.php?id=666) * CLD-667 (https://security.cucumberlinux.com/security/details.php?id=667) * CLD-668 (https://security.cucumberlinux.com/security/details.php?id=668) * CLD-669 (https://security.cucumberlinux.com/security/details.php?id=669) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-03 01:49:04
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Apr 2 12:30:11 EDT 2019 xapps-general/firefox upgraded from 60.5.0 to 60.5.1. This is an upstream update that fixed several security vulnerabilities. For more information see: https://security.cucumberlinux.com/security/details.php?id=663 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://security.cucumberlinux.com/security/details.php?id=664 https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ https://security.cucumberlinux.com/security/details.php?id=665 https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-663 (https://security.cucumberlinux.com/security/details.php?id=663) * CLD-664 (https://security.cucumberlinux.com/security/details.php?id=664) * CLD-665 (https://security.cucumberlinux.com/security/details.php?id=665) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-02-19 16:28:39
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Feb 19 11:15:21 EST 2019 xapps-general/firefox upgraded from 60.4.0 to 60.5.0. This is an upstream update that fixes three security vulnerabilities: CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/ https://security.cucumberlinux.com/security/details.php?id=656 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-656 (https://security.cucumberlinux.com/security/details.php?id=656) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-02-02 15:41:32
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Feb 2 10:33:41 EST 2019 lang-general/php upgraded from 7.2.13 to 7.2.14. This is an upstream security release which also contains several bug fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=655 http://php.net/ChangeLog-7.php#7.2.14 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-655 [NULL] (https://security.cucumberlinux.com/security/details.php?id=655) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-01-25 18:36:14
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jan 25 13:16:00 EST 2019 net-general/apache upgraded from 2.4.37 to 2.4.38. This update fixes three security vulnerabilities: CVE-2018-17199: a vulnerability in mod_session_cookie that allowed for sessions to be reused. CVE-2018-17189: a vulnerability in mod_http2 that allowed for a denial of service by causing the httpd cleanup code to consume thread resources. CVE-2019-0190: a vulnerability in mod_ssl that allowed for a client to trigger an infinite loop in TLSv1.2 (or earlier) when using OpenSSL 1.1.1 or later. As Cucumber Linux 1.1 uses OpenSSL 1.0.2, it is not clear whether this impacts Cucumber Linux 1.1. This update also includes several non-security upstream bug fixes. For more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.38 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199 https://security.cucumberlinux.com/security/details.php?id=652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189 https://security.cucumberlinux.com/security/details.php?id=653 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190 https://security.cucumberlinux.com/security/details.php?id=654 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-652 [CVE-2018-17199] (https://security.cucumberlinux.com/security/details.php?id=652) * CLD-653 [CVE-2018-17189] (https://security.cucumberlinux.com/security/details.php?id=653) * CLD-654 [CVE-2019-0190] (https://security.cucumberlinux.com/security/details.php?id=654) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-01-04 22:06:05
|
Update Information A security update is available for python3 for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jan 4 16:53:49 EST 2019 lang-base/python3 upgraded from 3.6.7 to 3.6.8. This is an upstream update that contains a couple of security fixes related to running Python in isolation mode (with the -I option): previously when the multiprocessing and distutils modules spawned child processes, the child processes did not have full isolation mode enabled. This update also includes several bug fixes. For more information see: https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-2-final https://security.cucumberlinux.com/security/details.php?id=649 multilib/lang-base/python3-lib_i686 upgraded from 3.6.7 to 3.6.8 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-649 (https://security.cucumberlinux.com/security/details.php?id=649) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python3 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-01-04 20:21:33
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jan 4 14:23:14 EST 2019 base/linux upgraded from 4.9.147 to 4.9.148. This update an upstream update that contains additional mitigations for the Spectre v1 vulnerability (CVE-2017-5753). Also fixes CVE-2018-19985, an out of bounds read security vulnerability in hso_probe. For more information see: https://security.cucumberlinux.com/security/details.php?id=201 https://security.cucumberlinux.com/security/details.php?id=648 kernel/linux-source upgraded from 4.9.147 to 4.9.148 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-648 [CVE-2018-19985] (https://security.cucumberlinux.com/security/details.php?id=648) * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-01-02 16:45:32
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jan 1 16:36:05 EST 2019 xapps-general/thunderbird upgraded from 60.3.3 to 60.4.0. This update contains several bug fixes. It likely also contains security fixes; however, Mozilla does not like to publicly disclose details about security updates (or even indicate that an update is a security update) until a couple of weeks after the update it released, so this cannot be confirmed at this time. We have upgraded to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=647 https://www.thunderbird.net/en-US/thunderbird/60.4.0/releasenotes/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-647 (https://security.cucumberlinux.com/security/details.php?id=647) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-31 16:10:50
|
Update Information A security update is available for ghostscript for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Dec 31 10:33:41 EST 2018 apps-base/ghostscript upgraded from 9.25 to 9.26. This is primarily a security update that contains fixes for several of the latest ghostscript vulnerabilities: CVE-2018-18073, CVE-2018-17961, CVE-2018-18284, CVE-2018-19475, CVE-2018-19476 and CVE-2018-19477 have been fixed. For more information see: https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 https://security.cucumberlinux.com/security/details.php?id=583 https://security.cucumberlinux.com/security/details.php?id=582 https://security.cucumberlinux.com/security/details.php?id=588 https://security.cucumberlinux.com/security/details.php?id=613 https://security.cucumberlinux.com/security/details.php?id=614 https://security.cucumberlinux.com/security/details.php?id=615 multilib/apps-base/ghostscript-lib_i686 upgraded from 9.25 to 9.26 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-583 [CVE-2018-18073] (https://security.cucumberlinux.com/security/details.php?id=583) * CLD-582 [CVE-2018-17961] (https://security.cucumberlinux.com/security/details.php?id=582) * CLD-588 [CVE-2018-18284] (https://security.cucumberlinux.com/security/details.php?id=588) * CLD-613 [CVE-2018-19475] (https://security.cucumberlinux.com/security/details.php?id=613) * CLD-614 [CVE-2018-19476] (https://security.cucumberlinux.com/security/details.php?id=614) * CLD-615 [CVE-2018-19477] (https://security.cucumberlinux.com/security/details.php?id=615) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ghostscript is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
