Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Z5T1 <z5...@z5...> - 2017-10-08 19:32:18
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Oct 8 13:05:09 EDT 2017 base/linux upgraded from 4.9.53 to 4.9.54. This most likely contains security fixes, but the kernel developers never really make that clear. We'll upgrade to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=69 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-69 [NULL] (http://security.cucumberlinux.com/security/details.php?id=69) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-08 19:26:07
|
Update Information A security update is available for sudo for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Oct 8 14:54:57 EDT 2017 apps-base/sudo upgraded from 1.8.20p1 to 1.8.21p2 to fix CVE-2017-1000368, an extension of CVE-2017-1000367 which was created by an incomplete fix for CVE-2017-1000367. For more information see: http://security.cucumberlinux.com/security/details.php?id=67 https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-67 [CVE-2017-1000368] (http://security.cucumberlinux.com/security/details.php?id=67) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure sudo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-06 13:42:53
|
Update Information A security update is available for xorg-server for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Oct 6 09:08:21 EDT 2017 x-base/xorg-server rebuilt (build 4) to fix two vulnerabilities: CVE-2017-13721, which allowed an attacker to crash the X server or overwrite another client's data via a failure to validate shmseg resource ids, and CVE-2017-13723, which fixed a bug where xkb would use a single, static buffer to do all of its formatting, which has the potential to be exploitable in a whole multitude of ways. For more information see: http://security.cucumberlinux.com/security/details.php?id=63 https://nvd.nist.gov/vuln/detail/CVE-2017-13721 https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 http://security.cucumberlinux.com/security/details.php?id=64 https://nvd.nist.gov/vuln/detail/CVE-2017-13723 https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-63 [CVE-2017-13721] (http://security.cucumberlinux.com/security/details.php?id=63) * CLD-64 [CVE-2017-13723] (http://security.cucumberlinux.com/security/details.php?id=64) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-06 13:15:47
|
Update Information
A security update is available for curl for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Fri Oct 6 08:41:43 EDT 2017
net-base/curl upgraded from 7.55.0 to 7.56.0 to fix CVE-2017-1000254, a read out
of bounds vulnerability in the FTP portion of libcurl, which could
result in a crash or an out of bounds read. For more information see:
https://curl.haxx.se/docs/adv_20171004.html
http://security.cucumberlinux.com/security/details.php?id=62
https://nvd.nist.gov/vuln/detail/CVE-2017-1000254
multilib/net-base/curl-lib_i686 upgraded from 7.55.0 to 7.56.0 (x86_64 only)
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-62 [CVE-2017-1000254]
(http://security.cucumberlinux.com/security/details.php?id=62)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure curl is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-10-05 14:01:01
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Oct 5 09:26:21 EDT 2017 base/linux upgraded from 4.9.52 to 4.9.53 to fix a few security issues: CVE-2017-12154, CVE-2017-1000252 and CVE-2017-12153. For more information see: http://security.cucumberlinux.com/security/details.php?id=46 https://nvd.nist.gov/vuln/detail/CVE-2017-12154 http://security.cucumberlinux.com/security/details.php?id=49 https://nvd.nist.gov/vuln/detail/CVE-2017-1000252 http://security.cucumberlinux.com/security/details.php?id=42 https://nvd.nist.gov/vuln/detail/CVE-2017-12153 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-42 [CVE-2017-12153] (http://security.cucumberlinux.com/security/details.php?id=42) * CLD-46 [CVE-2017-12154] (http://security.cucumberlinux.com/security/details.php?id=46) * CLD-49 [CVE-2017-1000252] (http://security.cucumberlinux.com/security/details.php?id=49) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-04 20:40:53
|
Update Information
A security update is available for perl for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Wed Oct 4 15:50:48 EDT 2017
lang-base/perl rebuilt (build 3) to fix CVE-2017-12837. The patch fixing this
was improperly applied in perl-5.22.4-i686-2 and has now been properly
applied.
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-39 [CVE-2017-12837]
(http://security.cucumberlinux.com/security/details.php?id=39)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure perl is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-10-04 14:04:22
|
Update Information A security update is available for python3 for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.1 Alpha changelog: +----------------+ Wed Oct 4 09:27:08 EDT 2017 lang-base/python3 upgraded from 3.6.2 to 3.6.3 to fix some security issues: bpo-31662, bpo-31423, bpo-29781 and bpo-30947. For more information see: http://security.cucumberlinux.com/security/details.php?id=60 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-3-final multilib/lang-base/python3_lib-i686 upgraded from 3.6.2 to 3.6.3 (x86_64 only). * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-60 (http://security.cucumberlinux.com/security/details.php?id=60) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python3 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-29 13:21:57
|
Update Information A security update is available for git for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Sep 29 08:46:51 EDT 2017 dev-general/git upgraded from 2.10.4 to 2.10.5 to fix CVE-2017-14867, a vulnerability which allowed for an attacker to execute arbitrary OS commands via specially placed metacharacters in a module name. This worked by exploiting unsafe perl scripts. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-14867 http://security.cucumberlinux.com/security/details.php?id=58 https://www.debian.org/security/2017/dsa-3984 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-58 [CVE-2017-14867] (http://security.cucumberlinux.com/security/details.php?id=58) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure git is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-29 02:19:38
|
Update Information A security update is available for nss for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 28 21:48:58 EDT 2017 lib-base/nss upgraded from 3.28 to 3.33 to fix CVE-2017-7805, a use after free vulnerability that could allow for a crash or arbitrary code execution. For more information see: http://security.cucumberlinux.com/security/details.php?id=57 https://nvd.nist.gov/vuln/detail/CVE-2017-7805 https://access.redhat.com/security/cve/CVE-2017-7805 multilib/lib-base/nss-lib_i686 upgraded from 3.28 to 3.33 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-57 [CVE-2017-7805] (http://security.cucumberlinux.com/security/details.php?id=57) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure nss is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-28 20:52:24
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 28 12:02:16 EDT 2017 xapps-general/firefox upgraded from 52.3.0 to 52.4.0 for fix several security vulnerabilities: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 For More information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ http://security.cucumberlinux.com/security/details.php?id=56 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-56 [mfsa2017-22] (http://security.cucumberlinux.com/security/details.php?id=56) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-23 13:35:14
|
Update Information A security update is available for python3 for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Sep 23 08:59:12 EDT 2017 lang-base/python3 upgraded from 3.6.0 to 3.6.2 to fix several security vulnerabilities: CVE-2017-9233 CVE-2016-9063 CVE-2016-0718 CVE-2012-0876 CVE-2016-4472 For more information see: http://security.cucumberlinux.com/security/details.php?id=51 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-2 multilib/lang-base/python3 upgraded from 3.6.0 to 3.6.2 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-51 (http://security.cucumberlinux.com/security/details.php?id=51) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python3 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-23 13:34:23
|
Update Information A security update is available for python2 for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Sep 23 08:51:33 EDT 2017 lang-base/python2 upgraded from 2.7.13 to 2.7.14 to fix several security vulnerabilitiies, including: CVE-2017-9233 CVE-2016-9063 CVE-2016-0718 CVE-2012-0876 CVE-2016-5300 CVE-2016-4472 For more information see: http://security.cucumberlinux.com/security/details.php?id=50 https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS multilib/lang-base/python2_i686 upgraded from 2.7.13 to 2.7.14 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-50 (http://security.cucumberlinux.com/security/details.php?id=50) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-20 17:48:54
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 20 12:41:27 EDT 2017 base/linux upgraded from 4.9.50 to 4.9.51 to fix CVE-2017-14497 and CVE-2017-7558. CVE-2017-14497 possible allowed for a local user to cause a denial of service via the tpacket_rcv function in net/packet/af_packet.c. CVE-2017-7558 was a buffer overflow vulnerability in the sockaddr implementation of the kernel that allowed for up to 100 uninitialized bytes to leak into userspace. For more information see: http://security.cucumberlinux.com/security/details.php?id=25 http://security.cucumberlinux.com/security/details.php?id=40 https://nvd.nist.gov/vuln/detail/CVE-2017-14497 https://nvd.nist.gov/vuln/detail/CVE-2017-7558 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-25 [CVE-2017-14497] (http://security.cucumberlinux.com/security/details.php?id=25) * CLD-40 [CVE-2017-7558] (http://security.cucumberlinux.com/security/details.php?id=40) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-20 15:42:21
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 20 11:04:45 EDT 2017 lang-base/perl rebuilt (build 2) to fix CVE-2017-12837 and CVE-2017-12883, two vulnerabilities both relating to specially crafted regular expressions. CVE-2017-12837 allowed a remote attacker to cause a denial of service (crash), while CVE-2017-12883 allowed for this same denial of service, as well as a data leak from memory. For more information see: http://security.cucumberlinux.com/security/details.php?id=38 http://security.cucumberlinux.com/security/details.php?id=39 https://nvd.nist.gov/vuln/detail/CVE-2017-12883 https://nvd.nist.gov/vuln/detail/CVE-2017-12837 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-38 [CVE-2017-12883] (http://security.cucumberlinux.com/security/details.php?id=38) * CLD-39 [CVE-2017-12837] (http://security.cucumberlinux.com/security/details.php?id=39) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-18 22:30:41
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Sep 18 17:58:12 EDT 2017 net-general/apache rebuilt (build 2) to fix CVE-2017-9798, a use after free issue that could result in secret information disclosure. Note that this patch fixes only half of the vulnerability (the .htaccess half). For more information see: http://security.cucumberlinux.com/security/details.php?id=35 https://nvd.nist.gov/vuln/detail/CVE-2017-9798 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-35 [CVE-2017-9798] (http://security.cucumberlinux.com/security/details.php?id=35) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-18 15:19:08
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Sep 18 10:49:49 EDT 2017 lib-base/ffmpeg upgraded from 3.3 to 3.3.4 to fix several security vulnerabilities: CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054) CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055) CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056) CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057) CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058) CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059) CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169) CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170) CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171) CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222) CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223) CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225) For more information see: http://security.cucumberlinux.com/security/details.php?id=34 https://security.archlinux.org/AVG-400 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-34 [CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225] (http://security.cucumberlinux.com/security/details.php?id=34) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-17 19:11:01
|
Update Information A security update is available for gdk-pixbuf for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Sep 17 14:38:44 EDT 2017 x-base/gdk-pixbuf rebuilt (build 2) to fix CVE-2017-6312 (an out of bounds read vulnerability) and CVE-2017-6314 (an infinite loop vulnerability). These vulnerabilities could both be leveraged by an attacker via specially crafted files to perform a denial of service attack. For more information see: http://security.cucumberlinux.com/security/details.php?id=28 http://security.cucumberlinux.com/security/details.php?id=30 https://nvd.nist.gov/vuln/detail/CVE-2017-6312 https://nvd.nist.gov/vuln/detail/CVE-2017-6314 https://bugzilla.gnome.org/show_bug.cgi?id=779012 https://bugzilla.gnome.org/show_bug.cgi?id=779020 multilib/x-base/gdk-pixbuf rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-28 [CVE-2017-6312] (http://security.cucumberlinux.com/security/details.php?id=28) * CLD-30 [CVE-2017-6314] (http://security.cucumberlinux.com/security/details.php?id=30) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gdk-pixbuf is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <3D%22mailto:cuc...@li...%22> |
|
From: Z5T1 <z5...@z5...> - 2017-09-17 15:19:58
|
Update Information A security update is available for libgcrypt for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Sep 17 10:04:28 EDT 2017 lib-base/libgcrypt upgraded from 1.7.8 to 1.7.9 to fix CVE-2017-0379, a side-channel attack that makes it easier for attackers to discover a secret key. For more information see: http://security.cucumberlinux.com/security/details.php?id=26 https://nvd.nist.gov/vuln/detail/CVE-2017-0379 https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html multilib/lib-base/libgcrypt upgraded from 1.7.8 to 1.7.9 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-26 [CVE-2017-0379] (http://security.cucumberlinux.com/security/details.php?id=26) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libgcrypt is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <3D%22mailto:cuc...@li...%22> |
|
From: Z5T1 <z5...@z5...> - 2017-09-15 03:19:33
|
Update Information A security update is available for cairo for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 14 22:47:09 EDT 2017 x-base/cairo rebuilt (build 3) to fix CVE-2016-9082, an integer overflow vulnerability in the write_png function which can be used to cause an invalid pointer dereference and consequentially a crash. Due to the nature of invalid pointer dereferences, arbitray code execution may also be possible. For more information see: http://security.cucumberlinux.com/security/details.php?id=22 https://nvd.nist.gov/vuln/detail/CVE-2016-9082 http://www.securityfocus.com/bid/93931/discuss https://bugs.freedesktop.org/show_bug.cgi?id=98165 multilib/x-base/cairo rebuilt (build 3) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-22 [CVE-2016-9082] (http://security.cucumberlinux.com/security/details.php?id=22) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cairo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/x-base/cairo-1.14.8-i686-3.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/x-base/cairo-1.14.8-x86_64-3.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/x-base/cairo-lib_i686-1.14.8-lib_i686-3.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg cairo-1.14.8-i686-3.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-14 02:11:19
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 13 21:39:31 EDT 2017 base/linux upgraded from 4.9.48 to 4.9.50 to fix the "Blueborne" vulnerability (CVE-2017-1000251). This vulnerability allowed an attacker physically within bluetooth range of a device to cause a denial of service and possibly execute arbitrary code (note that the code execution vector is mitigated by stack hardening in the Linux kernel). For more information see: http://security.cucumberlinux.com/security/details.php?id=17 https://nvd.nist.gov/vuln/detail/CVE-2017-1000251 https://www.armis.com/blueborne/ https://access.redhat.com/blogs/product-security/posts/blueborne * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-17 [CVE-2017-1000251] (http://security.cucumberlinux.com/security/details.php?id=17) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.50-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.50-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # installpkg linux-4.9.50-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-13 15:14:50
|
Update Information A security update is available for libxml2 for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 13 10:40:51 EDT 2017 lib-general/libxml2 upgraded from 2.9.4 to 2.9.5 to fix two security vulnerabilities: CVE-2016-5131 and CVE-2017-5969. For more information see: http://security.cucumberlinux.com/security/details.php?id=18 https://nvd.nist.gov/vuln/detail/CVE-2016-5131 http://security.cucumberlinux.com/security/details.php?id=20 https://nvd.nist.gov/vuln/detail/CVE-2017-5969 multilib/lib-general/libxml2 upgraded from 2.9.4 to 2.9.5 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-18 [CVE-2016-5131] (http://security.cucumberlinux.com/security/details.php?id=18) * CLD-20 [CVE-2017-5969] (http://security.cucumberlinux.com/security/details.php?id=20) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libxml2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lib-general/libxml2-2.9.5-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lib-general/libxml2-2.9.5-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/lib-general/libxml2-lib_i686-2.9.5-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg libxml2-2.9.5-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-11 16:49:31
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Sep 11 12:17:56 EDT 2017 lang-base/perl upgraded from 5.22.1 to 5.22.4 to fix CVE-2016-1238, a vulnerability which could allow for privilege escalation and arbitrary code execution via a malicious Perl module in the current directory and a specially crafted Perl include path. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-1238 http://security.cucumberlinux.com/security/details.php?id=16 https://bugzilla.redhat.com/show_bug.cgi?id=1355695 http://www.securitytracker.com/id/1036440 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD Information This update is associated with the following Cucumber Linux Deficiency (CLD) numbers: * CLD-16 (http://security.cucumberlinux.com/security/details.php?id=16) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lang-base/perl-5.22.4-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lang-base/perl-5.22.4-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg perl-5.22.4-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-08 21:57:04
|
Update Information A security update is available for tcpdump for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog (no, this is not a joke): +----------------+ Fri Sep 8 17:15:41 EDT 2017 net-general/tcpdump upgraded from 4.9.1 to 4.9.2 to fix several security vulnerabilities: Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) For more information see: http://www.tcpdump.org/tcpdump-changes.txt * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD Information This update is associated with the following Cucumber Linux Deficiency (CLD) numbers: * CLD-13 (http://security.cucumberlinux.com/security/details.php?id=13) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure tcpdump is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-general/tcpdump-4.9.2-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-general/tcpdump-4.9.2-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg tcpdump-4.9.2-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-07 22:14:26
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 7 17:40:19 EDT 2017 base/linux upgraded from 4.9.43 to 4.9.48 to fix CVE-2017-11600 (CLD-12) and CVE-2017-14140 (CLD-7). CVE-2017-11600 allowed for a local user to cause a kernel panic via the xfrm subsection of the Linux kernel's IPSec implementation, while CVE-2017-14140 allowed a local, unprivileged user to defeat the ASLR of SUID executables. kernel/linux-source upgraded from 4.9.43 to 4.9.48 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD Information This update is associated with the following Cucumber Linux Deficiency (CLD) numbers: * CLD-7 (http://security.cucumberlinux.com/security/details.php?id=7) * CLD-12 (http://security.cucumberlinux.com/security/details.php?id=12) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.48-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.48-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.48-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-05 22:16:04
|
Update Information A security update is available for gdk-pixbuf for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Sep 5 17:41:38 EDT 2017 x-base/gdk-pixbuf upgraded from 2.36.2 to 2.36.9 to fix CVE-2017-2862 and CVE-2017-2870, two heap overflow vulnerabilities that could allow arbitrary code execution via a specially crafted file or URL. For more information see: http://security.cucumberlinux.com/security/details.php?id=10 http://security.cucumberlinux.com/security/details.php?id=11 https://nvd.nist.gov/vuln/detail/CVE-2017-2862 https://nvd.nist.gov/vuln/detail/CVE-2017-2870 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 multilib/x-base/gdk-pixbuf-lib_i686 upgraded from 2.36.2 to 2.36.9 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD Information This update is associated with the following Cucumber Linux Deficiency (CLD) numbers: * CLD-10 (http://security.cucumberlinux.com/security/details.php?id=10) * CLD-11 (http://security.cucumberlinux.com/security/details.php?id=11) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gdk-pixbuf is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/x-base/gdk-pixbuf-2.36.9-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/x-base/gdk-pixbuf-2.36.9-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/x-base/gdk-pixbuf-lib_i686-2.36.9-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg gdk-pixbuf-2.36.9-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
