cucumber-linux-security Mailing List for Cucumber Linux (Page 5)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-06-27 16:07:13
|
Update Information A security update is available for file for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jun 27 11:58:35 EDT 2018 base/file rebuilt (build 2) to fix CVE-2018-10360, a security vulnerability that allowed for a local user to cause a denial of service (application crash) by running file on a specially crafted ELF file. For more information see: https://security.cucumberlinux.com/security/details.php?id=442 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360 multilib/base/file-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-442 [CVE-2018-10360] (https://security.cucumberlinux.com/security/details.php?id=442) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure file is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-27 04:37:04
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 26 20:20:31 EDT 2018 base/linux upgraded from 4.9.109 to 4.9.110 to fix CVE-2018-1118, a security vulnerability that could possibly allow for local, unprivileged users to read some sections of kernel memory. For more information see: https://security.cucumberlinux.com/security/details.php?id=445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1118 kernel/linux-source upgraded from 4.9.109 to 4.9.110 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-445 [CVE-2018-1118] (https://security.cucumberlinux.com/security/details.php?id=445) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-26 22:01:06
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 26 17:57:23 EDT 2018 xapps-general/firefox upgraded from 60.0.2esr to 60.1.0esr to fix several security vulnerabilities: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12361: Integer overflow in SwizzleData - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12371: Integer overflow in Skia library during edge builder allocation - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments - CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 - CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 For more information see: https://security.cucumberlinux.com/security/details.php?id=444 https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-444 [NULL] (https://security.cucumberlinux.com/security/details.php?id=444) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-19 14:53:30
|
Update Information A security update is available for libjpeg-turbo for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 19 10:46:29 EDT 2018 lib-base/libjpeg-turbo rebuilt (build 4) to fix CVE-2018-1152, a security vulnerability that allowed for a denial of service (application crash) when processing a specially crafted BMP file via a division by zero. For more information see: https://security.cucumberlinux.com/security/details.php?id=437 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152 multilib/lib-base/libjpeg-turbo-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-437 [CVE-2018-1152] (https://security.cucumberlinux.com/security/details.php?id=437) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libjpeg-turbo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-18 17:38:47
|
Update Information A security update is available for libgcrypt for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Jun 18 13:28:31 EDT 2018 lib-base/libgcrypt upgraded from 1.7.9 to 1.7.10 to fix CVE-2018-0495, a security vulnerability that allowed for a local attacker to discover an ECDSA key. For more information see: https://security.cucumberlinux.com/security/details.php?id=434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html multilib/lib-base/libgcrypt upgraded from 1.7.9 to 1.7.10 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-434 [CVE-2018-0495] (https://security.cucumberlinux.com/security/details.php?id=434) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libgcrypt is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-16 22:41:52
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Jun 16 10:20:31 EDT 2018 base/linux upgraded from 4.9.108 to 4.9.109 to fix two security vulnerabilities. The first (CVE-2018-3665) is an information disclosure that allows a process to infer data using the Lazy FP restore feature of Intel processors. The second (CVE-2018-10853) was a vulnerability in the KVM virtualization mechanism that allowed the guest userspace to write to the guest kernel, due to missing privilege level checks. For more information see: https://security.cucumberlinux.com/security/details.php?id=432 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html https://security.cucumberlinux.com/security/details.php?id=433 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853 kernel/linux-source upgraded from 4.9.108 to 4.9.109 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-432 [CVE-2018-3665] (https://security.cucumberlinux.com/security/details.php?id=432) * CLD-433 [CVE-2018-10853] (https://security.cucumberlinux.com/security/details.php?id=433) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-16 03:18:24
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jun 15 22:48:58 EDT 2018 lib-base/ffmpeg rebuilt (build 2) to fix CVE-2018-12458, a security vulnerability that may trigger an assertion violation, resulting in a denial of service (application crash). For more information see: https://security.cucumberlinux.com/security/details.php?id=429 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12458 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-429 [CVE-2018-12458] (https://security.cucumberlinux.com/security/details.php?id=429) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-12 20:18:28
|
Update Information A security update is available for poppler for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 12 16:11:23 EDT 2018 lib-base/poppler rebuilt (build 6) to fix CVE-2017-14928, a security vulnerability that allowed for a denial of service via a NULL pointer dereference, triggered by a specially crafted PDF document. For more information see: https://security.cucumberlinux.com/security/details.php?id=428 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928 multilib/lib-base/poppler-lib_i686 rebuilt (build 6, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-428 [CVE-2017-14928] (https://security.cucumberlinux.com/security/details.php?id=428) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure poppler is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-12 19:10:08
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 12 15:02:18 EDT 2018 xapps-extra/palemoon upgraded from 27.9.2 to 27.9.3 to fix CVE-2017-0381 and a couple of other bugs. For more information see: http://www.palemoon.org/releasenotes.shtml https://security.cucumberlinux.com/security/details.php?id=427 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0381 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-427 [CVE-2017-0381] (https://security.cucumberlinux.com/security/details.php?id=427) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-10 15:03:57
|
Update Information A security update is available for p7zip for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Jun 10 10:55:03 EDT 2018 apps-general/p7zip rebuilt (build 4) to fix two security vulnerabilities: CVE-2018-10115 and CVE-2018-5996, both of which allowed for arbitrary code execution when extracting a maliciously crafted RAR archive. For more information see: https://security.cucumberlinux.com/security/details.php?id=271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996 https://security.cucumberlinux.com/security/details.php?id=426 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10115 https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-271 [CVE-2018-5996] (https://security.cucumberlinux.com/security/details.php?id=271) * CLD-426 [CVE-2018-10115] (https://security.cucumberlinux.com/security/details.php?id=426) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure p7zip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-10 15:02:40
|
Update Information A security update is available for p7zip for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Jun 10 10:52:13 EDT 2018 apps-general/p7zip rebuilt (build 4) to fix CVE-2018-10115, a security vulnerability that allowed for arbitrary code execution when extracting a maliciously crafted RAR archive. For more information see: https://security.cucumberlinux.com/security/details.php?id=426 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10115 https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-426 [CVE-2018-10115] (https://security.cucumberlinux.com/security/details.php?id=426) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure p7zip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-09 13:58:23
|
Update Information A security update is available for gnupg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Jun 9 09:41:24 EDT 2018 net-base/gnupg rebuilt (build 4) to fix CVE-2018-12020, a security vulnerability that allowed for injecting terminal control characters and faking successful signature verification when verifying a signature with gpg. For more information see: https://security.cucumberlinux.com/security/details.php?id=425 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-425 [CVE-2018-12020] (https://security.cucumberlinux.com/security/details.php?id=425) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gnupg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-08 20:55:23
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jun 8 16:40:48 EDT 2018 lang-base/perl rebuilt (build 2) to fix CVE-2018-12015, a security vulnerability that allowed for a directory traversal when extracting a maliciously crafted tar archive using the Archive::Tar module. The traversal could be used to overwrite arbitrary files. For more information see: https://security.cucumberlinux.com/security/details.php?id=424 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-424 [CVE-2018-12015] (https://security.cucumberlinux.com/security/details.php?id=424) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-06 22:14:14
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jun 6 17:00:59 EDT 2018 xapps-general/firefox upgraded from 60.0.1esr to 60.0.2esr. Being that this is an off schedule point release, it likely contains security fixes. Unfortunately Mozilla doesn't like to release any information about security fixes or even disclose if a release is a security fix until a week or two after its release, so we have no way of knowing for sure. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=423 That page will be updated as more information becomes available. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-423 [NULL] (https://security.cucumberlinux.com/security/details.php?id=423) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-01 19:59:23
|
Update Information A security update is available for grub for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jun 1 15:29:33 EDT 2018 base/grub rebuilt (build 3) to fix CVE-2015-8370, a security vulnerability that allowed for escalation of privileges, information disclosure and/or a denial of service by a local attacker if Grub was configured to require a username and password (note that it is not configured this way by default). This update also adds a doinst.sh to the package, which will update the Grub modules in /boot/grub when the grub package is installed/updated. The modules will be updated if and only if the version of Grub installed to /boot is the same as the version of Grub installed in Cucumber Linux. For more information see: https://security.cucumberlinux.com/security/details.php?id=421 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370 http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-421 [CVE-2015-8370] (https://security.cucumberlinux.com/security/details.php?id=421) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure grub is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-30 21:51:29
|
Update Information A security update is available for git for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 30 17:30:33 EDT 2018 dev-general/git upgraded from 2.10.5 to 2.13.7 to fix two security vulnerabilities: CVE-2018-11235 and CVE-2018-11233. CVE-2018-11235 allowed for arbitrary code execution by a remote attacker when cloning a malicious git repository. CVE-2018-11233 allowed for an out of bounds read, resulting in an arbitrary memory read, when using git on an NTFS filesystem. We have upgraded only to version 2.13.7 of git because that is the oldest branch that the fixes are available for. Upgrading to a newer branch has the potential to break more stuff, so we will make as small a version jump as possible. For more information see: https://lkml.org/lkml/2018/5/29/889 https://security.cucumberlinux.com/security/details.php?id=418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235 https://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html https://security.cucumberlinux.com/security/details.php?id=417 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-417 [CVE-2018-11233] (https://security.cucumberlinux.com/security/details.php?id=417) * CLD-418 [CVE-2018-11235] (https://security.cucumberlinux.com/security/details.php?id=418) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure git is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-30 21:28:38
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 30 17:03:56 EDT 2018 base/linux upgraded from 4.9.103 to 4.9.104 to fix CVE-2018-6412 and further mitigate against Spectre variant 1 (CVE-2017-5753). For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104 https://security.cucumberlinux.com/security/details.php?id=201 https://security.cucumberlinux.com/security/details.php?id=419 kernel/linux-source upgraded from 4.9.103 to 4.9.104 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-419 [CVE-2018-6412] (https://security.cucumberlinux.com/security/details.php?id=419) * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-29 14:23:42
|
Update Information A security update is available for cairo for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue May 29 10:11:42 EDT 2018 x-base/cairo rebuilt (build 5) to fix CVE-2017-7475, a security vulnerability that allowed for an attacker to cause a denial of service via a null pointer dereference, triggered when rendering a glyph that is not present in a *.ttf font file. For more information see: https://security.cucumberlinux.com/security/details.php?id=415 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475 https://bugs.freedesktop.org/show_bug.cgi?id=100763#c6 multilib/x-base/cairo-lib_i686 rebuilt (build 5, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-415 [CVE-2017-7475] (https://security.cucumberlinux.com/security/details.php?id=415) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cairo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-23 14:24:58
|
Update Information A security update is available for procps-ng for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 23 09:47:31 EDT 2018 base/procps-ng rebuilt (build 3) to fix CVE-2018-1122, a difficult to exploit security vulnerability that could result in a local privilege escalation if an administrator executes top in a directory containing a maliciously crafted .toprc file. For more information see: https://security.cucumberlinux.com/security/details.php?id=403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122 http://www.openwall.com/lists/oss-security/2018/05/17/1 multilib/base/procps-ng-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-403 [CVE-2018-1122] (https://security.cucumberlinux.com/security/details.php?id=403) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure procps-ng is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-23 03:27:20
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue May 22 18:45:35 EDT 2018 base/linux upgraded from 4.9.101 to 4.9.102 to enable the ability mitigate against Spectre Variant 4 (CVE-2018-3639) when Intel releases the microcode update. This update DOES NOT PATCH THE VULNERABILITY; rather, it enables it to be patched with a microcode update. Mitigating against this vulnerability will require using both an updated kernel and updated CPU microcode. This is a hardware vulnerability in Intel's x86 architecture (both the i686 and x86_64 variants) that allows for for an attacker to learn the contents of memory that is not supposed to be accessible to him. Intel has stated that this vulnerability "may allow unauthorized disclosure of information to an attacker with local user access," which means it likely does. For more information see: https://security.cucumberlinux.com/security/details.php?id=411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf kernel/linux-source upgraded from 4.9.101 to 4.9.102 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-411 [CVE-2018-3639] (https://security.cucumberlinux.com/security/details.php?id=411) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-21 21:13:56
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon May 21 16:35:38 EDT 2018 xapps-extra/palemoon upgraded from 27.9.1 to 27.9.2 to fix several security issues: (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. (CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel. (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs. (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes. (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths. (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur. Fixed several stability issues (crashes) and memory safety hazards. For more information see: https://security.cucumberlinux.com/security/details.php?id=410 https://www.palemoon.org/releasenotes.shtml * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-410 [Several CVEs] (https://security.cucumberlinux.com/security/details.php?id=410) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-21 18:10:46
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon May 21 11:22:36 EDT 2018 base/linux upgraded from 4.9.100 to 4.9.101 to fix (among other other things) CVE-2018-1120, a security vulnerability that allowed for an attack to block process inspection by several common tools (such as ps) by blocking read access to /proc/PID/cmdline. For more information see: http://www.openwall.com/lists/oss-security/2018/05/17/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.101 kernel/linux-source upgraded from 4.9.100 to 4.9.101 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-401 [CVE-2018-1120] (https://security.cucumberlinux.com/security/details.php?id=401) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-21 03:25:32
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun May 20 22:48:05 EDT 2018 xapps-general/thunderbird upgraded from 52.7.0 to 52.8.0 to fix several security vulnerabilities, including the Efail vulnerability (which allowed a remote attacker to decrypt encrypted emails using using a user's private key). The following CVEs have been patched: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5161: Hang via malformed headers CVE-2018-5162: Encrypted mail leaks plaintext through src attribute CVE-2018-5170: Filename spoofing for external attachments CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extensionCVE-2018-5185: Leaking plaintext through HTML forms CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8 For more information see: https://security.cucumberlinux.com/security/details.php?id=408 https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ https://efail.de/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-408 [Several CVEs] (https://security.cucumberlinux.com/security/details.php?id=408) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-17 22:15:06
|
Update Information A security update is available for procps-ng for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 17 17:32:43 EDT 2018 base/procps-ng rebuilt (build 2) to fix several security vulnerabilities: CVE-2018-1123, CVE-2018-1124, CVE-2018-1125 and CVE-2018-1126, the worst of which (CVE-2018-1124) allowed for a local privilege escalation. For more information see: http://www.openwall.com/lists/oss-security/2018/05/17/1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123 https://security.cucumberlinux.com/security/details.php?id=404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124 https://security.cucumberlinux.com/security/details.php?id=405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125 https://security.cucumberlinux.com/security/details.php?id=406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126 https://security.cucumberlinux.com/security/details.php?id=407 multilib/base/procps-ng-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-404 [CVE-2018-1123] (https://security.cucumberlinux.com/security/details.php?id=404) * CLD-405 [CVE-2018-1124] (https://security.cucumberlinux.com/security/details.php?id=405) * CLD-406 [CVE-2018-1125] (https://security.cucumberlinux.com/security/details.php?id=406) * CLD-407 [CVE-2018-1126] (https://security.cucumberlinux.com/security/details.php?id=407) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure procps-ng is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-17 16:53:29
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 17 12:07:42 EDT 2018 xapps-general/firefox upgraded from 60.0esr to 60.0.1esr. Being that this is an off schedule point release, this release almost certainly contains security fixes. Unfortunately, Mozilla doesn't like to disclose information about security fixes until a while after the fixes have been released. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=400 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-400 (https://security.cucumberlinux.com/security/details.php?id=400) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
