cucumber-linux-security Mailing List for Cucumber Linux (Page 2)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-12-29 16:24:09
|
Update Information A security update is available for sqlite for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Dec 29 11:14:55 EST 2018 apps-general/sqlite rebuilt (build 3) to fix the Magellan vulnerability (CVE-2018-20346), which allowed for remote code execution. For more information see: https://security.cucumberlinux.com/security/details.php?id=642 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346 multilib/apps-general/sqlite-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-642 [CVE-2018-20346] (https://security.cucumberlinux.com/security/details.php?id=642) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure sqlite is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-26 21:26:26
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Dec 26 15:52:08 EST 2018 base/linux upgraded from 4.9.146 to 4.9.147 to fix a Spectre v1 (CVE-2017-5753) vulnerability in lookup_ioctx. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 https://security.cucumberlinux.com/security/details.php?id=201 kernel/linux-source upgraded from 4.9.146 to 4.9.147 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-20 17:19:22
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Dec 18 14:12:16 EST 2018 base/linux upgraded from 4.9.144 to 4.9.146 to fix CVE-2018-14625, a security vulnerability which may have allowed for an attacker inside of a guest virtual machine to have uncontrolled read access to kernel memory. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 https://security.cucumberlinux.com/security/details.php?id=637 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625 kernel/linux-source upgraded from 4.9.144 to 4.9.146 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-637 [CVE-2018-14625] (https://security.cucumberlinux.com/security/details.php?id=637) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-15 18:02:08
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Dec 15 12:53:26 EST 2018 xapps-general/firefox upgraded from 60.3.0esr to 60.4.0esr to fix several security vulnerabilities: CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Integer overflow when calculating buffer sizes for images CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 For more information see: https://security.cucumberlinux.com/security/details.php?id=636 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-636 (https://security.cucumberlinux.com/security/details.php?id=636) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-10 23:17:53
|
Update Information A security update is available for polkit for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Dec 10 17:54:59 EST 2018 lib-base/polkit rebuilt (build 6) to fix CVE-2018-19788, a security vulnerability that allowed for an unprivileged user with a user id greater than INT_MAX (2147483647) to authenticate as root and run with root like privileges within polkit due to insufficient uid range checking. For more information see: https://thehackernews.com/2018/12/linux-user-privilege-policykit.html https://security.cucumberlinux.com/security/details.php?id=629 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788 multilib/lib-base/polkit-lib_i686 rebuilt (build 6, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-629 [CVE-2018-19788] (https://security.cucumberlinux.com/security/details.php?id=629) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure polkit is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-09 03:54:37
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Dec 8 13:54:17 EST 2018 base/linux upgraded from 4.9.142 to 4.9.144. This update fixes two security vulnerabilities in the Linux kernel's CEPHX_V2 implementation and contains many other bug fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143 https://security.cucumberlinux.com/security/details.php?id=634 https://security.cucumberlinux.com/security/details.php?id=635 kernel/linux-source upgraded from 4.9.142 to 4.9.144 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-634 [CVE-2018-1129] (https://security.cucumberlinux.com/security/details.php?id=634) * CLD-635 [CVE-2018-1128] (https://security.cucumberlinux.com/security/details.php?id=635) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-08 03:48:48
|
Update Information A security update is available for php5 for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Dec 7 22:10:19 EST 2018 lang-extra/php5 upgraded from 5.6.38 to 5.6.39. This is a security release that fixes several security vulnerabilities. For more information see: https://security.cucumberlinux.com/security/details.php?id=633 http://www.php.net/ChangeLog-5.php#5.6.39 This is also anticipated to be the final release of PHP 5.6. For this reason we strongly any and all remaining PHP 5.6 users upgrade to PHP 7.2 as soon as possible. For more information about and instructions for upgrading your PHP installation to PHP 7.2 see the "Note about PHP" at https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-633 (https://security.cucumberlinux.com/security/details.php?id=633) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-08 03:13:49
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Dec 7 21:59:07 EST 2018 lang-general/php upgraded from 7.2.12 to 7.2.13. This is a security fix that fixes several vulnerabilities and bugs. For more information see: https://security.cucumberlinux.com/security/details.php?id=632 http://www.php.net/ChangeLog-7.php#7.2.13 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-632 (https://security.cucumberlinux.com/security/details.php?id=632) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-03 17:25:34
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ lang-base/perl upgraded from 5.26.2 to 5.26.3 to fix a few security vulnerabilities: CVE-2018-18311: Integer overflow leading to buffer overflow and segmentation fault CVE-2018-18312: Heap-buffer-overflow write in S_regatom (regcomp.c) CVE-2018-18313: Heap-buffer-overflow read in S_grok_bslash_N (regcomp.c) CVE-2018-18314: Heap-buffer-overflow write in S_regatom (regcomp.c) For more information see: https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://security.cucumberlinux.com/security/details.php?id=625 https://security.cucumberlinux.com/security/details.php?id=626 https://security.cucumberlinux.com/security/details.php?id=627 https://security.cucumberlinux.com/security/details.php?id=628 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-625 [CVE-2018-18311] (https://security.cucumberlinux.com/security/details.php?id=625) * CLD-626 [CVE-2018-18312] (https://security.cucumberlinux.com/security/details.php?id=626) * CLD-627 [CVE-2018-18313] (https://security.cucumberlinux.com/security/details.php?id=627) * CLD-628 [CVE-2018-18314] (https://security.cucumberlinux.com/security/details.php?id=628) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-30 16:25:17
|
Synopsis This is the official notice that Cucumber Linux 1.0 has reached its end of life (as of November 30, 2018). In summary this means that the Cucumber Linux Security Team will no longer provide any security or bug fixes for Cucumber Linux 1.0. We strongly recommend that any and all remaining users of Cucumber Linux 1.0 upgrade their systems to Cucumber Linux 1.1 as soon as possible. Cucumber Linux 1.1 will be fully supported through the end of 2019 and selectively supported into 2020. Upgrading to Cucumber Linux 1.1 Cucumber Linux 1.1 is a minor release of Cucumber Linux 1.x. Sticking with the Cucumber Linux support policy, the process of upgrading from Cucumber Linux 1.0 to 1.1 is designed to be as unintrusive as possible. It is possible to update a live system and most systems can be updated in less than 20 minutes without any downtime. A full guide for upgrading can be found at https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html. Resources * Cucumber Linux 1.0 Lifecycle: https://cucumberlinux.com/lifecycle/cucumber_linux_1.0.html * The Cucumber Linux Support Policy: https://cucumberlinux.com/support_policy.php * Guide for Upgrading to Cucumber Linux 1.1: https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html * Supported Versions of Cucumber Linux: https://cucumberlinux.com/supported_versions.php |
|
From: Scott C. <sc...@cu...> - 2018-11-30 15:24:08
|
Update Information
A security update is available for git for the following versions of
Cucumber Linux:
* 1.0
* 1.1
Here are the details from the Cucumber 1.1 changelog:
+----------------+
Fri Nov 30 10:07:32 EST 2018
dev-general/git rebuilt (build 2) to fix CVE-2018-19486, a security
vulnerability that allowed for Git to execute any commands in the
current working directory due to an unsafe usage of execv. For more
information see:
https://security.cucumberlinux.com/security/details.php?id=616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19486
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-616 [CVE-2018-19486]
(https://security.cucumberlinux.com/security/details.php?id=616)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure git is selected on the update list, and then select Ok. Pickle
will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
https://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-11-28 21:01:29
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Nov 28 14:08:49 EST 2018 base/linux upgraded from 4.9.137 to 4.9.141. This update incorporates several upstream bug fixes and further addresses both the Spectre v1 (CVE-2017-5753) vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.139 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.140 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.141 https://security.cucumberlinux.com/security/details.php?id=201 kernel/linux-source upgraded from 4.9.137 to 4.9.141 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-23 17:48:20
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Nov 23 12:37:44 EST 2018 net-base/openssl upgraded from 1.0.2p to 1.0.2q to fix two security vulnerabilities: CVE-2018-0734 and CVE-2018-5407. For more information see: https://www.openssl.org/news/cl102.txt https://security.cucumberlinux.com/security/details.php?id=593 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 https://security.cucumberlinux.com/security/details.php?id=617 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 multilib/net-base/openssl-lib_i686 upgraded from 1.0.2p to 1.0.2q (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-593 [CVE-2018-0734] (https://security.cucumberlinux.com/security/details.php?id=593) * CLD-617 [CVE-2018-5407] (https://security.cucumberlinux.com/security/details.php?id=617) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-18 17:40:51
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Nov 18 12:16:00 EST 2018 xapps-general/thunderbird upgraded from 60.3.0 to 60.3.1. Being that this is an off schedule point release, it very likely contains security fixes. Unfortunately Mozilla hasn't indicated what this release addresses, so we have upgraded to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=612 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-612 (https://security.cucumberlinux.com/security/details.php?id=612) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-14 18:32:59
|
Update Information A security update is available for libtiff for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Nov 14 13:13:31 EST 2018 lib-base/libtiff upgraded from 4.0.9 to 4.0.10 to fix several security vulnerabilities: CVE-2017-11613, CVE-2018-7456, CVE-2018-10963, CVE-2018-8905, CVE-2018-10779, CVE-2017-9935 and CVE-2018-18661. For more information see: http://www.simplesystems.org/libtiff/v4.0.10.html https://security.cucumberlinux.com/security/details.php?id=605 https://security.cucumberlinux.com/security/details.php?id=606 https://security.cucumberlinux.com/security/details.php?id=607 https://security.cucumberlinux.com/security/details.php?id=608 https://security.cucumberlinux.com/security/details.php?id=609 https://security.cucumberlinux.com/security/details.php?id=610 https://security.cucumberlinux.com/security/details.php?id=611 multilib/lib-base/libtiff-lib_i686 upgraded from 4.0.9 to 4.0.10 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-605 [CVE-2017-11613] (https://security.cucumberlinux.com/security/details.php?id=605) * CLD-606 [CVE-2018-7456] (https://security.cucumberlinux.com/security/details.php?id=606) * CLD-607 [CVE-2018-10963] (https://security.cucumberlinux.com/security/details.php?id=607) * CLD-608 [CVE-2018-8905] (https://security.cucumberlinux.com/security/details.php?id=608) * CLD-609 [CVE-2018-10779] (https://security.cucumberlinux.com/security/details.php?id=609) * CLD-610 [CVE-2017-9935] (https://security.cucumberlinux.com/security/details.php?id=610) * CLD-611 [CVE-2018-18661] (https://security.cucumberlinux.com/security/details.php?id=611) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libtiff is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-13 23:57:29
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Nov 13 17:54:55 EST 2018 base/linux upgraded from 4.9.135 to 4.9.137. This update contains additional mitigations for the Spectre v1 vulnerability (CVE-2017-5753) and other security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.136 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.137 https://security.cucumberlinux.com/security/details.php?id=201 kernel/linux-source upgraded from 4.9.135 to 4.9.137 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-07 18:55:20
|
Update Information A security update is available for fuse for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Nov 7 13:42:31 EST 2018 net-general/mariadb upgraded from 10.1.36 to 10.1.37 to fix several security vulnerabilities: CVE-2018-3282, CVE-2016-9843, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156 and CVE-2018-3251. For more information see: https://mariadb.com/kb/en/library/mariadb-10137-release-notes/ https://security.cucumberlinux.com/security/details.php?id=598 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10906 https://security.cucumberlinux.com/security/details.php?id=599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282 https://security.cucumberlinux.com/security/details.php?id=600 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843 https://security.cucumberlinux.com/security/details.php?id=601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174 https://security.cucumberlinux.com/security/details.php?id=602 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143 https://security.cucumberlinux.com/security/details.php?id=603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156 https://security.cucumberlinux.com/security/details.php?id=604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251 multilib/net-general/maraidb-lib_i686 upgraded from 10.1.36 to 10.1.37 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-598 [CVE-2018-10906] (https://security.cucumberlinux.com/security/details.php?id=598) * CLD-599 [CVE-2018-3282] (https://security.cucumberlinux.com/security/details.php?id=599) * CLD-600 [CVE-2016-9843] (https://security.cucumberlinux.com/security/details.php?id=600) * CLD-601 [CVE-2018-3174] (https://security.cucumberlinux.com/security/details.php?id=601) * CLD-602 [CVE-2018-3143] (https://security.cucumberlinux.com/security/details.php?id=602) * CLD-603 [CVE-2018-3156] (https://security.cucumberlinux.com/security/details.php?id=603) * CLD-604 [CVE-2018-3251] (https://security.cucumberlinux.com/security/details.php?id=604) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure fuse is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-04 14:21:24
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Nov 4 09:10:09 EST 2018 xapps-general/thunderbird upgraded from 60.2.1 to 60.3 to fix several security vulnerabilities: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 For more information see: https://security.cucumberlinux.com/security/details.php?id=597 https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-597 (https://security.cucumberlinux.com/security/details.php?id=597) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-11-03 15:49:31
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Nov 3 11:30:19 EDT 2018 net-base/curl upgraded from 7.61.1 to 7.62.0 to fix three security vulnerabilities: CVE-2018-16839 (a buffer overrun resulting in a denial of service), CVE-2018-16840 (a heap based use after free) and CVE-2018-16842 (an out of bounds read that may result in information disclosure). For more information see: https://curl.haxx.se/changes.html#7_62_0 https://security.cucumberlinux.com/security/details.php?id=594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839 https://curl.haxx.se/docs/CVE-2018-16839.html https://security.cucumberlinux.com/security/details.php?id=595 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840 https://curl.haxx.se/docs/CVE-2018-16840.html https://security.cucumberlinux.com/security/details.php?id=596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html multilib/net-base/curl-lib_i686 upgraded from 7.61.1 to 7.62.0 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-594 [CVE-2018-16839] (https://security.cucumberlinux.com/security/details.php?id=594) * CLD-595 [CVE-2018-16840] (https://security.cucumberlinux.com/security/details.php?id=595) * CLD-596 [CVE-2018-16842] (https://security.cucumberlinux.com/security/details.php?id=596) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-29 13:21:50
|
Update Information A security update is available for python3 for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Oct 29 09:11:20 EDT 2018 lang-base/python3 upgraded from 3.6.6 to 3.6.7. This update fixes CVE-2018-14647 and contains several other security fixes and improvements. For more information see: https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-7-final https://security.cucumberlinux.com/security/details.php?id=563 multilib/lang-base/python3-lib_i686 upgraded from 3.6.6 to 3.6.7 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-563 [CVE-2018-14647] (https://security.cucumberlinux.com/security/details.php?id=563) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python3 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-23 18:46:12
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Oct 23 12:42:40 EDT 2018 xapps-general/firefox upgraded from 60.2.2 to 60.3.0 to fix several security vulnerabilities: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts CVE-2018-12397: CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-585 (https://security.cucumberlinux.com/security/details.php?id=585) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-18 23:58:59
|
Update Information A security update is available for ghostscript for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Oct 18 17:35:49 EDT 2018 apps-base/ghostscript upgraded from 9.22 to 9.25 to fix several security vulnerabilities that allowed for bypassing of sandbox controls: CVE-2018-17183, CVE-2018-16802, CVE-2018-16585, CVE-2018-16543, CVE-2018-16542, CVE-2018-16541, CVE-2018-16540, CVE-2018-16539, CVE-2018-16513, CVE-2018-16511, CVE-2018-16510 and CVE-2018-16509. For more information see: https://security.cucumberlinux.com/security/details.php?id=559 https://security.cucumberlinux.com/security/details.php?id=553 https://security.cucumberlinux.com/security/details.php?id=552 https://security.cucumberlinux.com/security/details.php?id=551 https://security.cucumberlinux.com/security/details.php?id=550 https://security.cucumberlinux.com/security/details.php?id=549 https://security.cucumberlinux.com/security/details.php?id=548 https://security.cucumberlinux.com/security/details.php?id=547 https://security.cucumberlinux.com/security/details.php?id=545 https://security.cucumberlinux.com/security/details.php?id=544 https://security.cucumberlinux.com/security/details.php?id=543 https://security.cucumberlinux.com/security/details.php?id=542 multilib/apps-base/ghostscript-lib_i686 upgraded from 9.22 to 9.25 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-542 [CVE-2018-16509] (https://security.cucumberlinux.com/security/details.php?id=542) * CLD-543 [CVE-2018-16510] (https://security.cucumberlinux.com/security/details.php?id=543) * CLD-544 [CVE-2018-16511] (https://security.cucumberlinux.com/security/details.php?id=544) * CLD-545 [CVE-2018-16513] (https://security.cucumberlinux.com/security/details.php?id=545) * CLD-547 [CVE-2018-16539] (https://security.cucumberlinux.com/security/details.php?id=547) * CLD-548 [CVE-2018-16540] (https://security.cucumberlinux.com/security/details.php?id=548) * CLD-549 [CVE-2018-16541] (https://security.cucumberlinux.com/security/details.php?id=549) * CLD-550 [CVE-2018-16542] (https://security.cucumberlinux.com/security/details.php?id=550) * CLD-551 [CVE-2018-16543] (https://security.cucumberlinux.com/security/details.php?id=551) * CLD-552 [CVE-2018-16585] (https://security.cucumberlinux.com/security/details.php?id=552) * CLD-553 [CVE-2018-16802] (https://security.cucumberlinux.com/security/details.php?id=553) * CLD-559 [CVE-2018-17183] (https://security.cucumberlinux.com/security/details.php?id=559) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ghostscript is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-18 18:47:10
|
Update Information A security update is available for unzip for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Oct 18 14:35:21 EDT 2018 apps-base/unzip rebuilt (build 5) to fix CVE-2018-18384, a buffer overflow security vulnerability that resulted in a denial of service. For more information see: https://security.cucumberlinux.com/security/details.php?id=584 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18384 https://bugzilla.suse.com/show_bug.cgi?id=1110194 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-584 [CVE-2018-18384] (https://security.cucumberlinux.com/security/details.php?id=584) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unzip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-18 01:14:34
|
Update Information A security update is available for libxml2 for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Oct 17 21:04:47 EDT 2018 lib-general/libxml2 rebuilt (build 3) to fix CVE-2018-14404, a security vulnerability which allowed for a denial of service (application crash) when parsing an invalid XPath expression. For more information see: https://security.cucumberlinux.com/security/details.php?id=578 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404 multilib/lib-general/libxml2-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-578 [CVE-2018-14404] (https://security.cucumberlinux.com/security/details.php?id=578) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libxml2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-08 18:26:12
|
Update Information A security update is available for libxml2 for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Oct 8 14:13:31 EDT 2018 lib-general/libxml2 rebuilt (build 2) to fix two security vulnerabilities, CVE-2018-9251 and CVE-2018-14567, which allowed for remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR. For more information see: https://security.cucumberlinux.com/security/details.php?id=568 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9251 https://security.cucumberlinux.com/security/details.php?id=574 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567 multilib/lib-general/libxml2-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-568 [CVE-2018-9251] (https://security.cucumberlinux.com/security/details.php?id=568) * CLD-574 [CVE-2018-14567] (https://security.cucumberlinux.com/security/details.php?id=574) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libxml2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
