cucumber-linux-security Mailing List for Cucumber Linux (Page 3)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-10-08 17:54:14
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Oct 8 10:16:24 EDT 2018 base/linux upgraded from 4.9.130 to 4.9.131 to fix two security vulnerabilities: CVE-2018-7755, which allowed for an attacker to circumvent kernel security protections such as KASLR; and CVE-2018-10880, which allowed for an attacker to cause a denial of service (system crash) via an out of bounds stack write in the ext4 filesystem code. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131 https://security.cucumberlinux.com/security/details.php?id=572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755 https://security.cucumberlinux.com/security/details.php?id=573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880 kernel/linux-source upgraded from 4.9.130 to 4.9.131 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-572 [CVE-2018-7755] (https://security.cucumberlinux.com/security/details.php?id=572) * CLD-573 [CVE-2018-10880] (https://security.cucumberlinux.com/security/details.php?id=573) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-07 01:00:32
|
Update Information A security update is available for git for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Oct 6 20:48:41 EDT 2018 dev-general/git upgraded from 2.13.7 to 2.14.5 to fix CVE-2018-17456, a security vulnerability that allowed for remote code execution during a recursive clone of a superproject if a .gitmodules file had a URL field beginning with a - character. Unfortunately, there is no fix for Git 2.13, so we have upgraded to the oldest minor version that has a fix available (2.14), as this is the version that has fix available with the least amount of change to Git. For more information see: https://security.cucumberlinux.com/security/details.php?id=571 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-571 [CVE-2018-17456] (https://security.cucumberlinux.com/security/details.php?id=571) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure git is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-06 16:23:10
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Oct 6 12:10:56 EDT 2018 xapps-general/thunderbird upgraded from 60.0 to 60.2.1 to fix several security vulnerabilities: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12385: Crash in TransportSecurityInfo due to cached data CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords For more information see: https://security.cucumberlinux.com/security/details.php?id=570 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-570 (https://security.cucumberlinux.com/security/details.php?id=570) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-03 02:15:42
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Oct 2 22:05:07 EDT 2018 xapps-general/firefox upgraded from 60.2.1 to 60.2.2 to fix two high severity security vulnerabilities: CVE-2018-12386: Type confusion in JavaScript This allows for remote code execution inside a sandboxed content process. CVE-2018-12387: Memory leak in JavaScript JIT compiler This leaks the memory address of the calling function, which can be useful in other attacks. For more information see: https://security.cucumberlinux.com/security/details.php?id=569 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-569 (https://security.cucumberlinux.com/security/details.php?id=569) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-01 21:18:15
|
Synopsis This is the official notice that Cucumber Linux 1.0 has reached its end of full support (as of September 30, 2018) and is now in selective support. In summary this means that the Cucumber Linux Security Team is no longer able to guarantee the security of systems running Cucumber Linux 1.0. During selective support we will continue to publish security patches when possible through November 30, 2018; however, we make no guarantees. After November 30, 2018 we will provide no further security updates for Cucumber Linux 1.0 whatsoever. Complete details about the Cucumber LInux 1.0 Lifecycle can be found on the Cucumber Linux 1.0 Lifecycle page <https://cucumberlinux.com/lifecycle/cucumber_linux_1.0.html>. We strongly recommend that all users of Cucumber Linux 1.0 begin upgrading their systems to Cucumber Linux 1.1. Cucumber Linux 1.1 will be fully supported through the end of 2019 and selectively supported into 2020, as the table below shows: +-------------+-------------------------+-------------------+ | Version | End of Full Support | End of Life | +-------------+-------------------------+-------------------+ | 1.1 | December 31, 2019 | March 31, 2020 | +-------------+-------------------------+-------------------+ | 1.0 | September 30, 2018 | November 30, 2018 | +-------------+-------------------------+-------------------+ Upgrading to Cucumber Linux 1.1 Cucumber Linux 1.1 is a minor release of Cucumber Linux 1.x. Sticking with the Cucumber Linux support policy, the process of upgrading from Cucumber Linux 1.0 to 1.1 is designed to be as unintrusive as possible. It is possible to update a live system and most systems can be updated in less than 20 minutes without any downtime. A full guide for upgrading can be found at https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html. Resources * Cucumber Linux 1.0 Lifecycle: https://cucumberlinux.com/lifecycle/cucumber_linux_1.0.html * The Cucumber Linux Support Policy: https://cucumberlinux.com/support_policy.php * Guide for Upgrading to Cucumber Linux 1.1: https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html * Supported Versions of Cucumber Linux: https://cucumberlinux.com/supported_versions.php |
|
From: Scott C. <sc...@cu...> - 2018-09-29 17:54:11
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Sep 29 11:50:40 EDT 2018 base/linux upgraded from 4.9.128 to 4.9.130 to further mitigate against Spectre v1 (CVE-2017-5753) and fix CVE-2018-14633, a stack based buffer overflow that may have led to a denial of service (kernel panic) or escalation of privileges. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.130 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.129 https://security.cucumberlinux.com/security/details.php?id=201 https://security.cucumberlinux.com/security/details.php?id=567 kernel/linux-source upgraded from 4.9.128 to 4.9.130 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-567 [CVE-2018-14633] (https://security.cucumberlinux.com/security/details.php?id=567) * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-29 00:40:37
|
Update Information A security update is available for xorg-libraries for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Sep 28 20:27:56 EDT 2018 x-base/xorg-libraries rebuilt (build 6) to fix CVE-2015-9262, a security vulnerability that allowed for remote attackers to cause a denial of service or potentially execute arbitrary code via a one byte heap overflow. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9262 https://security.cucumberlinux.com/security/details.php?id=562 multilib/x-base/xorg-libraries-lib_i686 rebuilt (build 6, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-562 [CVE-2015-9262] (https://security.cucumberlinux.com/security/details.php?id=562) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-libraries is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-28 16:27:39
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Sep 28 12:13:48 EDT 2018 net-general/apache upgraded from 2.4.34 to 2.4.35 to fix CVE-2018-11763, a security vulnerability that allowed for a denial of service for HTTP/2 connections by sending continuous settings frames of maximum size. For more information see: https://security.cucumberlinux.com/security/details.php?id=566 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763 https://httpd.apache.org/security/vulnerabilities_24.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-566 [CVE-2018-11763] (https://security.cucumberlinux.com/security/details.php?id=566) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-23 15:19:14
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Sep 23 11:10:32 EDT 2018 xapps-general/firefox upgraded from 60.2.0 to 60.2.1. This update fixes two security vulnerabilities: CVE-2018-12385: Crash in TransportSecurityInfo due to cached data CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords For more information see: https://security.cucumberlinux.com/security/details.php?id=560 https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-560 (https://security.cucumberlinux.com/security/details.php?id=560) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-23 00:52:19
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Sep 22 20:40:48 EDT 2018 net-base/bind-client upgraded from 9.11.4_P1 to 9.11.4_P2. This update allegedly fixed CVE-2018-5740; however, this vulnerability was reportedly fixed in bind 9.11.4_P1. It is not clear exactly when this vulnerability was fixed, and whether or not this release is even a security fix. We have upgraded to be safe. Regardless, it still contains non-security bug fixes. For more information see: https://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.html https://ftp.isc.org/isc/bind9/9.11.4-P1/RELEASE-NOTES-bind-9.11.4-P1.html https://security.cucumberlinux.com/security/details.php?id=514 net-extra/bind-server upgraded from 9.11.4_P1 to 9.11.4_P2 multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.4_P1 to 9.11.4_P2 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-514 [CVE-2018-5740] (https://security.cucumberlinux.com/security/details.php?id=514) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-15 17:49:46
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ at Sep 15 13:26:38 EDT 2018 base/linux upgraded from 4.9.126 to 4.9.127. This update includes further mitigations against the L1TF family of vulnerabilities. This update also fixed two other security vulnerabilities: CVE-2018-6554 which allowed for a userspace application to exhaust memory resources by repeatedly binding a socket and CVE-2018-6555 which caused a use after free in the hashbin list. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.127 https://security.cucumberlinux.com/security/details.php?id=557 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6554 https://security.cucumberlinux.com/security/details.php?id=558 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6555 kernel/linux-source upgraded from 4.9.126 to 4.9.127 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-557 [CVE-2018-6554] (https://security.cucumberlinux.com/security/details.php?id=557) * CLD-558 [CVE-2018-6555] (https://security.cucumberlinux.com/security/details.php?id=558) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-14 20:30:19
|
Update Information
A security update is available for php5 for the following versions of
Cucumber Linux:
* 1.1
Here are the details from the Cucumber 1.1 changelog:
+----------------+
Fri Sep 14 16:18:48 EDT 2018
lang-extra/php5 upgraded from 5.6.37 to 5.6.38. This is a security release.
One security bug (a XSS) has been fixed in this release. For more
information see:
http://www.php.net/ChangeLog-5.php#5.6.38
https://security.cucumberlinux.com/security/details.php?id=556
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-556 (https://security.cucumberlinux.com/security/details.php?id=556)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure php5 is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
https://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-09-14 20:29:06
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Sep 14 16:16:56 EDT 2018 lang-general/php upgraded from 5.6.37 to 5.6.38. This is a security release. One security bug (a XSS) has been fixed in this release. For more information see: http://www.php.net/ChangeLog-5.php#5.6.38 https://security.cucumberlinux.com/security/details.php?id=556 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-556 (https://security.cucumberlinux.com/security/details.php?id=556) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-13 21:20:25
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Sep 13 17:09:36 EDT 2018 lang-general/php upgraded from 7.2.9 to 7.2.10. This is a security release which also contains several minor bug fixes. For more information see: http://www.php.net/ChangeLog-7.php#7.2.10 https://security.cucumberlinux.com/security/details.php?id=555 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-555 (https://security.cucumberlinux.com/security/details.php?id=555) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-06 00:47:17
|
Update Information A security update is available for elfutils for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Sep 5 20:35:40 EDT 2018 dev-general/elfutils rebuilt (build 4) to fix CVE-2018-16402, a security vulnerability that allowed for a remote attacker to cause a denial of service or possibly have other unspecified impacts due to elfutils attempting to decompress twice. For more information see: https://security.cucumberlinux.com/security/details.php?id=539 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402 multilib/dev-general/elfutils-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-539 [CVE-2018-16402] (https://security.cucumberlinux.com/security/details.php?id=539) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure elfutils is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-06 00:06:59
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Sep 5 19:58:08 EDT 2018 net-base/curl upgraded from 7.61.0 to 7.61.1 to fix CVE-2018-14618, a security vulnerability that allowed for a heap based buffer overflow on 32 bit systems when computing NTLM hashes. Note that this vulnerability affected only the i686 version of Cucumber Linux; however, it is still probably a good idea to upgrade on x86_64 as well. For more information see: https://security.cucumberlinux.com/security/details.php?id=546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 https://curl.haxx.se/docs/CVE-2018-14618.html multilib/net-base/curl-lib_i686 upgraded from 7.61.0 to 7.61.1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-546 [CVE-2018-14618] (https://security.cucumberlinux.com/security/details.php?id=546) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-04 19:12:00
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Sep 4 14:57:23 EDT 2018 xapps-general/firefox upgraded from 60.1.0esr to 60.2.0esr. This update likely contains security fixes; however, Mozilla does not like to publicly disclose any details for security updates until the updated version of Firefox has been available for a couple of weeks. This makes it difficult to know for sure what has been fixes, so we have upgraded just to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=541 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-541 (https://security.cucumberlinux.com/security/details.php?id=541) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-01 14:47:57
|
Synopsis This is the second notice that Cucumber Linux 1.0 will reach its end of full support in one month on September 30, 2018. In summary this means that as of October 1, 2018 the Cucumber Linux Security Team will no longer be able to guarantee the security of systems running Cucumber Linux 1.0. After this date, Cucumber Linux 1.0 will enter selective support for two months. During selective support we will continue to publish security patches when possible through November 30, 2018; however, we make no guarantees. After November 30, 2018 we will provide no further security updates for Cucumber Linux 1.0 whatsoever. Complete details about the Cucumber LInux 1.0 Lifecycle can be found on the Cucumber Linux 1.0 Lifecycle page <https://cucumberlinux.com/lifecycle/cucumber_linux_1.0.html>. We strongly recommend that all users of Cucumber Linux 1.0 begin upgrading their systems to Cucumber Linux 1.1. Cucumber Linux 1.1 will be fully supported through the end of 2019 and selectively supported into 2020, as the table below shows: +-------------+-------------------------+-------------------+ | Version | End of Full Support | End of Life | +-------------+-------------------------+-------------------+ | 1.1 | December 31, 2019 | March 31, 2020 | +-------------+-------------------------+-------------------+ | 1.0 | September 30, 2018 | November 30, 2018 | +-------------+-------------------------+-------------------+ Upgrading to Cucumber Linux 1.1 Cucumber Linux 1.1 is a minor release of Cucumber Linux 1.x. Sticking with the Cucumber Linux support policy, the process of upgrading from Cucumber Linux 1.0 to 1.1 is designed to be as unintrusive as possible. It is possible to update a live system and most systems can be updated in less than 20 minutes without any downtime. A full guide for upgrading can be found at https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html. Resources * Cucumber Linux 1.0 Lifecycle: https://cucumberlinux.com/lifecycle/cucumber_linux_1.0.html * The Cucumber Linux Support Policy: https://cucumberlinux.com/support_policy.php * Guide for Upgrading to Cucumber Linux 1.1: https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html * Supported Versions of Cucumber Linux: https://cucumberlinux.com/supported_versions.php |
|
From: Scott C. <sc...@cu...> - 2018-08-31 18:21:46
|
Update Information A security update is available for ghostscript for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 31 13:16:34 EDT 2018 apps-base/ghostscript rebuilt (build 3) to fix several security vulnerabilities: CVE-2018-15908, CVE-2018-15909, CVE-2018-15910 and CVE-2018-15911 . The last three vulnerabilities allowed for a crash of the ghostscript interpreter and potential code execution if an attacker could supply a maliciously crafted postscript file. CVE-2018-15908 allowed for an attacker to bypass write restrictions. For more information see: https://security.cucumberlinux.com/security/details.php?id=534 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15908 https://security.cucumberlinux.com/security/details.php?id=532 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15909 https://security.cucumberlinux.com/security/details.php?id=533 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15910 https://security.cucumberlinux.com/security/details.php?id=535 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15911 multilib/apps-base/ghostscript-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-532 [CVE-2018-15909] (https://security.cucumberlinux.com/security/details.php?id=532) * CLD-533 [CVE-2018-15910] (https://security.cucumberlinux.com/security/details.php?id=533) * CLD-534 [CVE-2018-15908] (https://security.cucumberlinux.com/security/details.php?id=534) * CLD-535 [CVE-2018-15911] (https://security.cucumberlinux.com/security/details.php?id=535) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ghostscript is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-29 19:56:39
|
Update Information A security update is available for elfutils for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Aug 29 13:55:54 EDT 2018 dev-general/elfutils rebuilt (build 2) to fix CVE-2018-16062, a security vulnerability that allowed remote attackers to cause a denial of service via a heap based overread, triggered by a specially crafted file. For more information see: https://security.cucumberlinux.com/security/details.php?id=537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062 multilib/dev-general/elfutils-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-537 [CVE-2018-16062] (https://security.cucumberlinux.com/security/details.php?id=537) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure elfutils is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-25 18:06:33
|
Update Information A security update is available for xorg-libraries for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Aug 25 12:30:15 EDT 2018 x-base/xorg-libraries rebuilt (build 5) to fix two security vulnerabilities: CVE-2018-14598, a buffer overflow vulnerability in libX11 that allowed for an attacker to cause a denial of service (application crash) via a segmentation fault; and CVE-2018-14600, an out of bounds write in libX11 that could result in a denial of service (application crash) or remote code execution. For more information see: http://www.openwall.com/lists/oss-security/2018/08/21/6 https://security.cucumberlinux.com/security/details.php?id=526 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598 https://security.cucumberlinux.com/security/details.php?id=525 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600 multilib/x-base/xorg-libraries-lib_i686 rebuilt (build 5, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-525 [CVE-2018-14600] (https://security.cucumberlinux.com/security/details.php?id=525) * CLD-526 [CVE-2018-14598] (https://security.cucumberlinux.com/security/details.php?id=526) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-libraries is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-24 16:47:28
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 24 11:27:00 EDT 2018 base/linux upgraded from 4.9.123 to 4.9.124 to mitigate a couple of potential spectre v1 exploits. This update also contains various other bug and security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124 https://security.cucumberlinux.com/security/details.php?id=201 kernel/linux-source upgraded from 4.9.123 to 4.9.124 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-24 13:54:09
|
Update Information A security update is available for openssh for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 24 09:35:46 EDT 2018 net-general/openssh upgraded from 7.6p1 to 7.8p1 to fix CVE-2018-15473, a security vulnerability that allowed a brute force enumeration of valid SSH usernames. Note that the upstream developers do not consider this to be a severe issue (see http://www.openwall.com/lists/oss-security/2018/08/24/1). This update also contains other various upstream bug fixes and improvements. For more information see: https://www.openssh.com/txt/release-7.8 https://security.cucumberlinux.com/security/details.php?id=522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473 http://www.openwall.com/lists/oss-security/2018/08/15/5 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-522 [CVE-2018-15473] (https://security.cucumberlinux.com/security/details.php?id=522) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssh is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-17 14:46:04
|
Update Information A security update is available for wpa_supplicant for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 17 10:21:39 EDT 2018 net-base/wpa_supplicant rebuilt (build 5) to fix CVE-2018-14526, a security vulnerability that allowed for an attacker within range of an access point to recover sensitive information, due to a decryption oracle resulting from a failure to verify the integrity of EAPOL-Key message. For more information see: https://security.cucumberlinux.com/security/details.php?id=512 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526 https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-512 [CVE-2018-14526] (https://security.cucumberlinux.com/security/details.php?id=512) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure wpa_supplicant is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-17 14:00:02
|
Update Information A security update is available for shadow for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 17 09:51:59 EDT 2018 base/shadow rebuilt (build 7) to fix CVE-2016-6252, a security vulnerability that allowed for a local escalation of privileges via a specially crafted to newuidmap. For more information see: https://security.cucumberlinux.com/security/details.php?id=484 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252 http://www.openwall.com/lists/oss-security/2016/07/19/6 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-484 [CVE-2016-6252] (https://security.cucumberlinux.com/security/details.php?id=484) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure shadow is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
