cucumber-linux-security Mailing List for Cucumber Linux (Page 4)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-08-17 13:38:25
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Aug 17 09:21:57 EDT 2018 xapps-general/thunderbird upgraded from 52.9.1 to 60.0 to fix several security vulnerabilities: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12371: Integer overflow in Skia library during edge builder allocation CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60 For more information see: https://security.cucumberlinux.com/security/details.php?id=521 https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-521 (https://security.cucumberlinux.com/security/details.php?id=521) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-16 18:35:05
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Aug 16 13:52:49 EDT 2018 base/linux upgraded from 4.9.119 to 4.9.120 to fix CVE-2018-3620, a security vulnerability in the Spectre family. This vulnerability allowed for information disclosure via a cache side channel attack. This vulnerability has been mitigated by conditionally flushing the cache during VM context changes. For more information see: https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://security.cucumberlinux.com/security/details.php?id=520 kernel/linux-source upgraded from 4.9.119 to 4.9.120 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-520 [CVE-2018-3620] (https://security.cucumberlinux.com/security/details.php?id=520) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-16 15:05:53
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Aug 16 10:52:08 EDT 2018 net-base/openssl upgraded from 1.0.2o to 1.0.2p to fix two security vulnerabilities: CVE-2018-0732, which allowed for a malicious server to cause a denial of service (application hang) during the key agreement of a TLS handshake using a DH(E) ciphersuite; and CVE-2018-0737, a cache timing side channel attack that allowed an attacker with "sufficient access" to recover an RSA private key during the key generation process. For more information see: https://www.openssl.org/news/vulnerabilities-1.0.2.html https://security.cucumberlinux.com/security/details.php?id=451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732 https://security.cucumberlinux.com/security/details.php?id=363 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737 multilib/net-base/openssl-lib_i686 upgraded from 1.0.2o to 1.0.2p (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-363 [CVE-2018-0737] (https://security.cucumberlinux.com/security/details.php?id=363) * CLD-451 [CVE-2018-0732] (https://security.cucumberlinux.com/security/details.php?id=451) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-13 00:45:30
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Aug 12 20:36:04 EDT 2018 net-general/mariadb upgraded from 10.1.34 to 10.1.35 to fix several security vulnerabilities (CVE-2018-3064, CVE-2018-3063, CVE-2018-3058 and CVE-2018-3063). These vulnerabilities allowed for attackers with network access to perform unauthorized updates, inserts, deletes and reads. It additionally allowed for an attacker to cause a reliable denial of service (crash of mysqld). For more information see: https://mariadb.com/kb/en/library/mariadb-10135-release-notes/ https://security.cucumberlinux.com/security/details.php?id=516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 https://security.cucumberlinux.com/security/details.php?id=517 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 https://security.cucumberlinux.com/security/details.php?id=518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 https://security.cucumberlinux.com/security/details.php?id=519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.34 to 10.1.35 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-516 [CVE-2018-3064] (https://security.cucumberlinux.com/security/details.php?id=516) * CLD-517 [CVE-2018-3063] (https://security.cucumberlinux.com/security/details.php?id=517) * CLD-518 [CVE-2018-3058] (https://security.cucumberlinux.com/security/details.php?id=518) * CLD-519 [CVE-2018-3066] (https://security.cucumberlinux.com/security/details.php?id=519) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-09 19:46:47
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Aug 9 15:26:33 EDT 2018 net-extra/bind-server upgraded from 9.11.4 to 9.11.4_P1 to fix CVE-2018-5740, a security vulnerability which allowed for a remote denial of service attack (a crash of named) via an assert failure on servers which have explicitly enabled the "deny-answer-aliases" feature. This feature is disabled by default. For more information see: https://security.cucumberlinux.com/security/details.php?id=514 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740 https://kb.isc.org/article/AA-01639 https://kb.isc.org/article/AA-01644/81/BIND-9.11.4-P1 multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.4 to 9.11.4_P1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-514 [CVE-2018-5740] (https://security.cucumberlinux.com/security/details.php?id=514) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-09 18:57:23
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Aug 9 10:02:41 EDT 2018 base/linux upgraded from 4.9.117 to 4.9.119. This update fixes a potential Spectre v1 (CVE-2017-5753) weakness in socketcall. It also contains various other bug fixes, some of which may be security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119 https://security.cucumberlinux.com/security/details.php?id=201 kernel/linux-source upgraded from 4,9.117 to 4.9.119 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-27 18:09:02
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 27 10:23:41 EDT 2018 base/linux upgraded from 4.9.114 to 4.9.115 to remove a Spectre v1 (CVE-2017-5753) exploitation channel. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115 kernel/linux-source upgraded from 4.9.114 to 4.9.115 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-24 17:03:52
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jul 24 12:49:45 EDT 2018 lib-base/ffmpeg upgraded from 3.3.7 to 3.3.8 to fix the following security vulnerabilities: CVE-2018-13300, CVE-2018-13302, CVE-2018-14394 and CVE-2018-14395. These vulnerabilities allowed for a denial of service (application crash) and potential arbitrary code execution if a user opened a malicious stream/file. Also removed patch #00060 (CVE-2018-12458) as it has been applied upstream in 3.3.8 and is no longer necessary. For more information see: https://security.cucumberlinux.com/security/details.php?id=452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13300 https://security.cucumberlinux.com/security/details.php?id=457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13302 https://security.cucumberlinux.com/security/details.php?id=482 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14394 https://security.cucumberlinux.com/security/details.php?id=483 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14395 multilib/lib-base/ffmpeg-lib_i686 upgraded from 3.3.7 to 3.3.8 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-452 [CVE-2018-13300] (https://security.cucumberlinux.com/security/details.php?id=452) * CLD-457 [CVE-2018-13302] (https://security.cucumberlinux.com/security/details.php?id=457) * CLD-482 [CVE-2018-14394] (https://security.cucumberlinux.com/security/details.php?id=482) * CLD-483 [CVE-2018-14395] (https://security.cucumberlinux.com/security/details.php?id=483) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-23 17:20:53
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Jul 23 12:58:16 EDT 2018 base/linux upgraded from 4.9.113 to 4.9.114 to further mitigate against Spectre variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715 respecitvely). For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114 kernel/linux-source upgraded from 4.9.113 to 4.9.114 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) * CLD-202 [CVE-2017-5715] (https://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-21 15:58:46
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Jul 21 11:47:36 EDT 2018 xapps-extra/palemoon upgraded from 27.9.3 to 27.9.4 to fix several security vulnerabilities: Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364). Fixed an issue with invalid qcms transforms (CVE-2018-12366). Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359). Fixed a use-after-free when using focus() (CVE-2018-12360). For more information see: http://www.palemoon.org/releasenotes.shtml * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-489 (https://security.cucumberlinux.com/security/details.php?id=489) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-20 15:33:24
|
Update Information A security update is available for php5 for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 20 11:26:57 EDT 2018 lang-extra/php5 upgraded from 5.6.36 to 5.6.37. This is a security update which also contains several minor bug fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=488 http://www.php.net/ChangeLog-5.php#5.6.37 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-488 (https://security.cucumberlinux.com/security/details.php?id=488) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-20 15:32:29
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Jul 20 11:03:18 EDT 2018 lang-general/php upgraded from 5.6.36 to 5.6.37. This is a security update which also contains several minor bug fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=488 http://www.php.net/ChangeLog-5.php#5.6.37 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-488 (https://security.cucumberlinux.com/security/details.php?id=488) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-20 14:54:26
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 20 10:45:24 EDT 2018 lang-general/php upgraded from 7.2.7 to 7.2.8. This is a security update which also contains several minor bug fixes. For more information see: https://security.cucumberlinux.com/security/details.php?id=487 http://www.php.net/ChangeLog-7.php#7.2.8 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-487 [NULL] (https://security.cucumberlinux.com/security/details.php?id=487) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-12 17:20:46
|
Update Information A security update is available for cups for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Jul 12 13:12:09 EDT 2018 apps-base/cups rebuilt (build 11) to fix several security vulnerabilities: CVE-2018-4180, CVE-2018-4181, CVE-2018-4182 and CVE-2018-4183. The worst of these (CVE-2018-4180) allows for a local privilege escalation to root. CVE-2018-4181 allows for limited local file reads as root. The remaining two allow for sandbox bypassing. For more information see: https://security.cucumberlinux.com/security/details.php?id=471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4180 https://security.cucumberlinux.com/security/details.php?id=472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4181 https://security.cucumberlinux.com/security/details.php?id=473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4182 https://security.cucumberlinux.com/security/details.php?id=474 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4183 multilib/apps-base/cups-lib_i686 rebuilt (build 12, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-471 [CVE-2018-4180] (https://security.cucumberlinux.com/security/details.php?id=471) * CLD-472 [CVE-2018-4181] (https://security.cucumberlinux.com/security/details.php?id=472) * CLD-473 [CVE-2018-4182] (https://security.cucumberlinux.com/security/details.php?id=473) * CLD-474 [CVE-2018-4183] (https://security.cucumberlinux.com/security/details.php?id=474) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cups is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-12 16:05:33
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Jul 12 11:10:59 EDT 2018 base/linux upgraded from 4.9.111 to 4.9.112 to fix several security vulnerabilities related to handling ext4 filesystems: CVE-2018-10882, CVE-2018-10881, CVE-2018-10877, CVE-2018-10876 and CVE-2018-10883. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.112 https://security.cucumberlinux.com/security/details.php?id=476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10882 https://security.cucumberlinux.com/security/details.php?id=477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881 https://security.cucumberlinux.com/security/details.php?id=478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10877 https://security.cucumberlinux.com/security/details.php?id=479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10876 https://security.cucumberlinux.com/security/details.php?id=480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883 kernel/linux-source upgraded from 4.9.111 to 4.9.112 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-476 [CVE-2018-10882] (https://security.cucumberlinux.com/security/details.php?id=476) * CLD-477 [CVE-2018-10881] (https://security.cucumberlinux.com/security/details.php?id=477) * CLD-478 [CVE-2018-10877] (https://security.cucumberlinux.com/security/details.php?id=478) * CLD-479 [CVE-2018-10876] (https://security.cucumberlinux.com/security/details.php?id=479) * CLD-480 [CVE-2018-10883] (https://security.cucumberlinux.com/security/details.php?id=480) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-11 21:28:06
|
Update Information A security update is available for bind-client for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jul 11 17:10:33 EDT 2018 net-base/bind-client upgraded from 9.11.3 to 9.11.4 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. This vulnerability likely affects only the bind-server package; however, this has not been confirmed to be the case, so we have upgraded the client package as well just to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.11.4-Release-Notes.html * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jul 11 17:11:39 EDT 2018 net-base/bind-client upgraded from 9.10.7 to 9.10.8 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. This vulnerability likely affects only the bind-server package; however, this has not been confirmed to be the case, so we have upgraded the client package as well just to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.10.8-Release-Notes.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-468 [CVE-2018-5738] (https://security.cucumberlinux.com/security/details.php?id=468) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-client is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-11 21:25:56
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jul 11 17:07:25 EDT 2018 net-extra/bind-server upgraded from 9.11.3 to 9.11.4 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.11.4-Release-Notes.html multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.3 to 9.11.4 (x86_64 only) * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jul 11 17:10:14 EDT 2018 testing/net-testing/bind-server upgraded from 9.11.3 to 9.11.4 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.11.4-Release-Notes.html testing/multilib/net-testing/bind-server-lib_i686 upgraded from 9.11.3 to 9.11.4 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-467 [CVE-2018-5738] (https://security.cucumberlinux.com/security/details.php?id=467) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-11 14:25:19
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jul 11 10:18:40 EDT 2018 net-base/curl upgraded from 7.60.0 to 7.61.0 to fix CVE-2018-0500, a security vulnerability that had the potential to result in an information disclosure or denial of service (application crash) if curl was used with a nondefault --limit-rate argument. For more information see: https://security.cucumberlinux.com/security/details.php?id=466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500 https://curl.haxx.se/docs/adv_2018-70a2.html multilib/net-base/curl-lib_i686 upgraded from 7.60.0 to 7.61.0 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-466 [CVE-2018-0500] (https://security.cucumberlinux.com/security/details.php?id=466) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-10 21:30:49
|
Update Information A security update is available for polkit for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jul 10 17:22:08 EDT 2018 lib-base/polkit rebuilt (build 5) to fix CVE-2018-1116, a security vulnerability that allowed for a process to trigger the authentication of unrelated processes owned by other users. Given the nature of the vulnerability, it has the potential to result in a denial of service (application crash), information disclosure or privilege escalation. For more information see: https://security.cucumberlinux.com/security/details.php?id=465 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1116 multilib/lib-base/polkit-lib_i686 rebuilt (build 5, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-465 [CVE-2018-1116] (https://security.cucumberlinux.com/security/details.php?id=465) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure polkit is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-10 20:22:36
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jul 10 15:40:01 EDT 2018 xapps-general/thunderbird upgraded from 52.9.0 to 52.9.1. Being that this is an off schedule point release, it likely contains security fixes; however, unfortunately Mozilla doesn't like to disclose the contents of security fixes until a couple of days to a couple of weeks after they are released. We have upgraded to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=464 That page will be updated as more information becomes available. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-464 (https://security.cucumberlinux.com/security/details.php?id=464) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-06 13:45:55
|
Update Information A security update is available for unzip for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 6 09:36:24 EDT 2018 apps-base/unzip rebuilt (build 4) to fix several security vulnerabilities that could cause a denial of service when extracting a maliciously crafted zip archive: CVE-2014-9636, CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. For more information see: https://security.cucumberlinux.com/security/details.php?id=450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636 https://security.cucumberlinux.com/security/details.php?id=460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139 https://security.cucumberlinux.com/security/details.php?id=459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140 https://security.cucumberlinux.com/security/details.php?id=461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-450 [CVE-2014-9636] (https://security.cucumberlinux.com/security/details.php?id=450) * CLD-459 [CVE-2014-8140] (https://security.cucumberlinux.com/security/details.php?id=459) * CLD-460 [CVE-2014-8139] (https://security.cucumberlinux.com/security/details.php?id=460) * CLD-461 [CVE-2014-8141] (https://security.cucumberlinux.com/security/details.php?id=461) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unzip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-06 12:44:57
|
Update Information A security update is available for libsoup for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 6 08:38:08 EDT 2018 lib-general/libsoup rebuilt (build 2) to fix CVE-2018-12910, a security vulnerability that allowed for attackers to have an unspecified impact via an empty hostname. For more information see: https://security.cucumberlinux.com/security/details.php?id=458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910 multilib/lib-general/libsoup-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-458 [CVE-2018-12910] (https://security.cucumberlinux.com/security/details.php?id=458) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libsoup is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-04 18:07:18
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jul 4 13:48:21 EDT 2018 xapps-general/thunderbird upgraded from 52.8.0 to 52.9.0 to fix several security vulnerabilities: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9 For more information see: https://security.cucumberlinux.com/security/details.php?id=449 https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-449 (https://security.cucumberlinux.com/security/details.php?id=449) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-29 17:00:57
|
Synopsis This is a notice that Cucumber Linux 1.0 will reach its end of full support in three months on September 30, 2018. In summary this means that as of October 1, 2018 the Cucumber Linux Security Team will no longer be able to guarantee the security of systems running Cucumber Linux 1.0. After this date, Cucumber Linux 1.0 will enter selective support for two months. During selective support we will continue to publish security patches when possible through November 30, 2018; however, we make no guarantees. After November 30, 2018 we will provide no further security updates for Cucumber Linux 1.0 whatsoever. More details can be found in the Cucumber Linux Support Policy <https://cucumberlinux.com/support_policy.php>. We strongly recommend that all users of Cucumber Linux 1.0 begin upgrading their systems to Cucumber Linux 1.1. Cucumber Linux 1.1 will be fully supported through the end of 2019 and selectively supported into 2020, as the table below shows: +-------------+-------------------------+-------------------+ | Version | End of Full Support | End of Life | +-------------+-------------------------+-------------------+ | 1.1 | December 31, 2019 | March 31, 2020 | +-------------+-------------------------+-------------------+ | 1.0 | September 30, 2018 | November 30, 2018 | +-------------+-------------------------+-------------------+ Upgrading to Cucumber Linux 1.1 Cucumber Linux 1.1 is a minor release of Cucumber Linux 1.x. Sticking with the Cucumber Linux support policy, the process of upgrading from Cucumber Linux 1.0 to 1.1 is designed to be as unintrusive as possible. It is possible to update a live system and most systems can be updated in less than 20 minutes without any downtime. A full guide for upgrading can be found at https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html. Resources * The Cucumber Linux Support Policy: https://cucumberlinux.com/support_policy.php * Guide for Upgrading to Cucumber Linux 1.1: https://cucumberlinux.com/upgrade_guide/cucumber_linux_1.1.html * Supported Versions of Cucumber Linux: https://cucumberlinux.com/supported_versions.php |
|
From: Scott C. <sc...@cu...> - 2018-06-27 21:28:19
|
Update Information A security update is available for libjpeg-turbo for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jun 27 17:21:16 EDT 2018 lib-base/libjpeg-turbo rebuilt (build 5) to fix CVE-2018-1000156, a security vulnerability that resulted in a large loop due to a mishandled EOF. For more information see: https://security.cucumberlinux.com/security/details.php?id=446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813 https://bugzilla.suse.com/show_bug.cgi?id=1096209 multilib/lib-base/libjpeg-turbo rebuilt (build 5, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-446 [CVE-2018-11813] (https://security.cucumberlinux.com/security/details.php?id=446) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libjpeg-turbo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
