cucumber-linux-security Mailing List for Cucumber Linux (Page 12)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Z5T1 <z5...@z5...> - 2017-08-31 15:32:04
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Aug 31 10:57:52 EDT 2017 net-general/mariadb upgarded from 10.1.25 to 10.1.26 to fix a few security vulnerabilities (CVE-2017-3653, CVE-2017-3641 and CVE-2017-3636) which could allow for unauthorized update, insert and delete access to some MariaDB server data as well as a server crash. For more information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.25 to 10.1.26 (x86_64 only) +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-general/mariadb-10.1.26-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-general/mariadb-10.1.26-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/net-general/mariadb-lib_i686-10.1.26-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg mariadb-10.1.26-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-28 21:58:51
|
Update Information A security update is available for bash for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Aug 28 17:23:48 EDT 2017 base/bash rebuilt (build 3) to fix CVE-2016-0634, a vulnerability which allowed for arbitrary shell command execution as any user via setting a specially crafted system-wide hostname. Note: this vulnerability is affected by only the hostname set by the hostname command, not the $HOSTNAME variable. Therefore it requires root access to exploit on a default Cucumber Linux installation and most typical systems. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-0634 https://bugzilla.redhat.com/show_bug.cgi?id=1377613 https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bash is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/bash-4.3.30-i686-3.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/bash-4.3.30-x86_64-3.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg bash-4.3.30-i686-3.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-25 23:45:01
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Aug 25 19:10:53 EDT 2017 xapps-general/thunderbird upgraded from 52.2.0 to 52.3.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/xapps-general/thunderbird-52.3.0-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/xapps-general/thunderbird-52.3.0-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg thunderbird-52.3.0-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-18 15:51:28
|
Update Information A security update is available for unrar for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Aug 18 11:17:22 EDT 2017 apps-general/unrar upgraded from 5.5.6 to 5.5.8 to fix CVE-2017-12938, a vulnerability which allowed a specially crafted rar file to bypass directory traversal protection when extracted. Exploitation of this vulnerability could result in overwriting arbitrary files that are writable by the user extracting the rar file. This also patches some out of bounds read and buffer overflow vulnerabilities. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12938 http://seclists.org/oss-sec/2017/q3/290 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unrar is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/apps-general/unrar-5.5.8-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/apps-general/unrar-5.5.8-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg unrar-5.5.8-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-13 21:57:14
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Aug 13 15:58:25 EDT 2017 base/linux upgraded from 4.9.39 to 4.9.43 to fix CVE-2017-10663, a vulnerability with the F2FS (Flash Friendly File System) implementation in the Linux kernel that could result in arbitrary code execution in the kernel space. This vulnerability was exploitable when mounting a maliciously crafted device or disk image. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.42 http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/ https://nvd.nist.gov/vuln/CVE-2017-10663 kernel/linux-source upgraded from 4.9.39 to 4.9.43 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.43-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.43-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # installpkg linux-4.9.43-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-13 14:41:19
|
Update Information A security update is available for git for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Aug 13 10:05:06 EDT 2017 dev-general/git upgraded from 2.10.1 to 2.10.4 to fix CVE-2017-1000117, a vulnerability in which a specially crafted "ssh://..." URL could result in an arbitrary program being executed on the client system. For more information see: https://public-inbox.org/git/xmq...@gi.../T/#u https://kernel.googlesource.com/pub/scm/git/git/+/0bfff8146f8c055fd95af4567286929ba8216fa7/Documentation/RelNotes/2.10.4.txt https://kernel.googlesource.com/pub/scm/git/git/+/5e0649dc65fe33e8cf38823350e9d7951f6a6346/Documentation/RelNotes/2.7.6.txt https://nvd.nist.gov/vuln/CVE-2017-1000117 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure git is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/dev-general/git-2.10.4-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/dev-general/git-2.10.4-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg git-2.10.4-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-11 01:29:08
|
Update Information A security update is available for libsoup for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Aug 10 20:59:25 EDT 2017 lib-general/libsoup upgraded from 2.57.1 to 2.59.90.1 to fix CVE-2017-2885, a remotely exploitable stack based buffer overflow vulnerability (triggerable via a specially crafted HTTP request) that could result in remote code execution. For more information see: https://nvd.nist.gov/vuln/CVE-2017-2885 http://ftp.gnome.org/pub/GNOME/sources/libsoup/2.59/libsoup-2.59.90.1.news https://bugzilla.gnome.org/show_bug.cgi?id=785774 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libsoup is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lib-general/libsoup-2.59.90.1-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lib-general/libsoup-2.59.90.1-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/lib-general/libsoup-lib_i686-2.59.90.1-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg libsoup-2.59.90.1-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-10 16:39:47
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Aug 10 11:48:55 EDT 2017 xapps-general/firefox upgraded from 52.2.0 to 52.3.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/xapps-general/firefox-52.3.0esr-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/xapps-general/firefox-52.3.0esr-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg firefox-52.3.0esr-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-10 12:58:07
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Aug 10 08:18:49 EDT 2017 net-base/curl upgraded from 7.52.1 to 7.55.0 to fix a few buffering related security vulnerabilities, namely a buffer overflow vulnerability (CVE-2017-1000100) and two read from buffer out of bounds vulnerabilities (CVE-2017-1000101 and CVE-2017-1000099) for more information see: https://curl.haxx.se/changes.html#7_55_0 https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/docs/adv_20170809C.html https://nvd.nist.gov/vuln/CVE-2017-1000101 https://nvd.nist.gov/vuln/CVE-2017-1000100 https://nvd.nist.gov/vuln/CVE-2017-1000099 multilib/net-base/curl-lib_i686 upgraded from 7.52.1 to 7.55.0 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-base/curl-7.55.0-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-base/curl-7.55.0-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/net-base/curl-lib_i686-7.55.0-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg curl-7.55.0-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-04 14:19:11
|
Update Information A security update is available for shadow for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Aug 4 09:50:08 EDT 2017 base/shadow rebuilt (build 3) to fix CVE-2017-12424, a buffer overflow vulnera- bility that could result in crashes and other unspecified impacts, possibly including privilege escalation. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure shadow is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/shadow-4.2.1-i686-3.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/shadow-4.2.1-x86_64-3.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg shadow-4.2.1-i686-3.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-26 15:01:15
|
Update Information A security update is available for qpdf for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jul 26 10:29:37 EDT 2017 apps-base/qpdf rebuilt (build 2) to fix a few denial of service vulnerabilities that resulted from an infinite loop and consequential stack consumption. For more information see: https://github.com/qpdf/qpdf/commit/ac3c81a8edcb44e2669485630d6718c96a6ad6e9?diff=unified#diff-ad119d01ec6004b768ca4c575f4a3df1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11624 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11626 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11627 multilib/apps-base/qpdf rebuilt (version 2, x86_64 only). * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure qpdf is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/apps-base/qpdf-6.0.0-i686-2.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/apps-base/qpdf-6.0.0-x86_64-2.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/apps-base/qpdf-lib_i686-6.0.0-lib_i686-2.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg qpdf-6.0.0-i686-2.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-23 15:21:53
|
Update Information A security update is available for tcpdump for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Jul 23 10:51:08 EDT 2017 net-general/tcpdump upgraded from 4.9.0 to 4.9.1 to fix CVE-2017-11108, a local denial of service vulnerability in the spanning tree protocol (STP) implementation in tcpdump. For more information see: http://www.tcpdump.org/tcpdump-changes.txt https://nvd.nist.gov/vuln/detail/CVE-2017-11108 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure tcpdump is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-general/tcpdump-4.9.1-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-general/tcpdump-4.9.1-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg tcpdump-4.9.1-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-22 03:43:33
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Jul 21 15:10:54 EDT 2017 base/linux upgraded from 4.9.35 to 4.9.39 to fix a few security issues: the "stack clash" vulnerability (CVE-2017-1000370 and CVE-2017-1000371) which required additional patching after the first two attempts to fix it and CVE-2016-6213 which allowed an unprivileged local user to perform a denial of service via memory consumption from the mount system calls. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39 https://nvd.nist.gov/vuln/detail/CVE-2016-6213 https://nvd.nist.gov/vuln/detail/CVE-2017-1000370 https://nvd.nist.gov/vuln/detail/CVE-2017-1000371 kernel/linux-source upgraded from 4.9.45 to 4.9.49 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.39-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.39-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.39-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-20 14:19:37
|
Update Information A security update is available for librsvg for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Jul 20 09:48:49 EDT 2017 x-general/librsvg upgraded from 2.40.13 to 2.40.18 to fix CVE-2017-11464, a security vulnerability which resulted from an incorrect protection against division by zero. The full impact of this vulnerability has yet to be analyzed. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-11464 multilib/x-general/librsvg-lib_i686 upgraded from 2.40.13 to 2.40.18 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure librsvg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/x-general/librsvg-2.40.18-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/x-general/librsvg-2.40.18-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/x-general/librsvg-lib_i686-2.40.18-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg librsvg-2.40.18-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-19 14:06:50
|
Update Information A security update is available for expat for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jul 19 09:34:46 EDT 2017 lib-base/expat upgraded from 2.2.0 to 2.2.2 to fix CVE-2017-9233, a security vulnerability which allows a maliciously crafted external XML entity to loop indefinitely, causing a denial of service. For more information see: https://libexpat.github.io/doc/cve-2017-9233/ https://nvd.nist.gov/vuln/detail/CVE-2017-9233 https://github.com/libexpat/libexpat/blob/R_2_2_2/expat/Changes multilib/lib-base/expat-lib_i686 upgraded from 2.2.0 to 2.2.2 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure expat is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lib-base/expat-2.2.2-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lib-base/expat-2.2.2-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/lib-base/expat-lib_i686-2.2.2-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg expat-2.2.2-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-15 21:35:20
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Jul 15 08:47:35 EDT 2017 net-general/mariadb upgraded from 10.1.22 to 10.1.25 to fix several security vulnerabilities. For more information see: https://mariadb.com/kb/en/mariadb/security/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3464 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.22 to 10.1.25 (x86_64 only). +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-general/mariadb-10.1.25-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-general/mariadb-10.1.25-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/net-general/mariadb-lib_i686-10.1.25-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg mariadb-10.1.25-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-13 19:40:52
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Jul 13 15:10:58 EDT 2017 net-general/apache upgraded from 2.4.26 to 2.4.27 to fix a couple of security vulnerabilities which when exploited could result in a denial of service (server crash), leaking of sensitive information and/or erratic behavior. For more information see: https://httpd.apache.org/security/vulnerabilities_24.html https://nvd.nist.gov/vuln/detail/CVE-2017-9788 https://nvd.nist.gov/vuln/detail/CVE-2017-9789 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/net-general/apache-2.4.27-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/net-general/apache-2.4.27-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg apache-2.4.27-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-08 13:39:28
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Sat Jul 8 08:46:48 EDT 2017 lang-general/php upgraded from 5.6.30 to 5.6.31 to fix several security issues. For more information see: https://php.net/ChangeLog-5.php#5.6.31 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/lang-general/php-5.6.31-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/lang-general/php-5.6.31-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg php-5.6.31-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-06 22:20:05
|
Update Information A security update is available for unrar for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Thu Jul 6 17:49:22 EDT 2017 apps-general/unrar upgraded from 5.4.5 to 5.5.6 to fix a security issue which could result in arbitrary code execution. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2012-6706 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unrar is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/apps-general/unrar-5.5.6-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/apps-general/unrar-5.5.6-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg unrar-5.5.6-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-06 22:02:58
|
Update Information A security update is available for xorg-server for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Thu Jul 6 17:26:26 EDT 2017 x-base/xorg-server rebuilt (build 3) to fix some stack overflow related security issues which could, amongst other things, result in an X server crash or arbitrary code execution at the privilege level of the X server by an unprivileged, authenticated user. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-10971 https://nvd.nist.gov/vuln/detail/CVE-2017-10972 https://bugzilla.suse.com/show_bug.cgi?id=1035283 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/x-base/xorg-server-1.18.1-i686-3.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/x-base/xorg-server-1.18.1-x86_64-3.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg xorg-server-1.18.1-i686-3.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-02 17:12:56
|
Update Information A security update is available for libgcrypt for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Sun Jul 2 12:35:21 EDT 2017 lib-base/libgcrypt upgraded from 1.7.3 to 1.7.8 to fix CVE-2017-7526, a side- channel attack on RSA private keys. For more information see: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html https://eprint.iacr.org/2017/627 https://nvd.nist.gov/vuln/detail/CVE-2017-7526 multilib/lib-base/libgrcypt-lib_i686 upgraded from 1.7.3 to 1.7.8 (x86_64 only). * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libgcrypt is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/lib-base/libgcrypt-1.7.8-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/lib-base/libgcrypt-1.7.8-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/multilib/lib-base/libgcrypt-lib_i686-1.7.8-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg libgcrypt-1.7.8-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-02 16:45:30
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Sun Jul 2 09:35:41 EDT 2017 base/linux upgraded from 4.9.34 to 4.9.35 to fix a couple of security vulnerabilities: CVE-2017-7482, a buffer overflow attack and CVE-2017-1000365, a stack overflow attack which, when leveraged properly in setuid binaries could result in arbitrary code execution as root. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35 https://nvd.nist.gov/vuln/detail/CVE-2017-7482 https://nvd.nist.gov/vuln/detail/CVE-2017-1000365 kernel/linux-source upgraded from 4.9.34 to 4.9.35 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/base/linux-4.9.35-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/base/linux-4.9.35-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.35-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-06-27 20:12:31
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Tue Jun 27 15:22:32 EDT 2017 base/linux upgraded from 4.9.30 to 4.9.34 to fix a couple of stack smashing related security vulnerabilities. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt kernel/linux source upgraded from 4.9.30 to 4.9.34 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/base/linux-4.9.34-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/base/linux-4.9.34-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.34-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-06-20 14:01:59
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.0.beta Here are the details from the Cucumber 1.0.beta changelog: +----------------+ Tue Jun 20 09:27:01 EDT 2017 net-general/apache upgraded from 2.4.25 to 2.4.26 to fix a few security vulnerabilities which (amongst other things) allowed for bypassing of the normal authentication requirements when third party modules called ap_get_basic_auth_pw() under certain circumstances (CVE-2017-3167). It also patches some vulnerabilties related to invalid memory access (CVE-2017-3169 and CVE-2017-7679). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-3169 https://nvd.nist.gov/vuln/detail/CVE-2017-7679 https://nvd.nist.gov/vuln/detail/CVE-2017-3167 http://www-us.apache.org/dist//httpd/CHANGES_2.4.26 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.beta i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-i686/net-general/apache-2.4.26-i686-1.txz Cucumber 1.0.beta x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/net-general/apache-2.4.26-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg apache-2.4.26-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-06-17 16:47:11
|
Update Information A security update is available for gnutls for the following versions of Cucumber Linux: * 1.0.beta Here are the details from the Cucumber 1.0.beta changelog: +----------------+ Sat Jun 17 10:48:09 EDT 2017 net-base/gnutls upgraded from 3.5.9 to 3.5.13 to fix a bug in which a null pointer dereference could lead to a crash of a gnutls application. For more details see: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html multilib/net-base/gnutls-lib_i686 upgraded from 3.5.9 to 3.5.13 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gnutls is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.beta i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-i686/net-base/gnutls-3.5.13-i686-1.txz Cucumber 1.0.beta x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/net-base/gnutls-3.5.13-x86_64-1.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/multilib/net-base/gnutls-lib_i686-3.5.13-lib_i686-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg gnutls-3.5.13-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
