cucumber-linux-security Mailing List for Cucumber Linux (Page 6)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-05-17 01:47:02
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 16 19:08:30 EDT 2018 base/linux upgraded from 4.9.99 to 4.9.100. This release introduces many new mitigations for the Spectre v1 vulnerability (CVE-2017-5753). For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.100 https://security.cucumberlinux.com/security/details.php?id=201 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 kernel/linux-source upgraded from 4.9.99 to 4.9.100 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (https://security.cucumberlinux.com/security/details.php?id=201) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-16 15:30:24
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 16 10:47:05 EDT 2018 net-base/curl upgraded from 7.59.0 to 7.60.0 to fix two security vulnerabilities: CVE-2018-1000301, a buffer overread that could potentially result in information disclosure but would more likely result in a denial of service (application crash). It can be triggered by a malicious remote server. Also fixes CVE-2018-1000300, a buffer overflow vulnerability that allowed for a malicious an FTP server to write arbitrary bytes to memory by overflowing the "closure handle" buffer. Although no exploit is known at this time, it is quite possible that this could result in arbitrary code execution given the nature of the vulnerability. For more information see: https://security.cucumberlinux.com/security/details.php?id=398 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html https://security.cucumberlinux.com/security/details.php?id=399 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300 https://curl.haxx.se/docs/adv_2018-82c2.html multilib/net-base/curl-lib_i686 upgraded from 7.59.0 to 7.60.0 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-398 [CVE-2018-1000301] (https://security.cucumberlinux.com/security/details.php?id=398) * CLD-399 [CVE-2018-1000300] (https://security.cucumberlinux.com/security/details.php?id=399) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-15 01:01:42
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon May 14 18:08:17 EDT 2018 base/linux rebuilt (build 2) to enable the retpoline mitigation against the Spectre v2 security vulnerability (CVE-2017-5715). Starting with this build, the kernel-gcc package is now required to build the linux package. It is necessary to use the newer kernel-gcc (GCC v7.3.0) instead of the standard Cucumber Linux 1.1 gcc (GCC v5.3.0) because this mitigation requires the kernel to be compiled with a retpoline aware compiler, which GCC 5.3.0 is not but GCC 7.3.0 is. For more information see: https://security.cucumberlinux.com/security/details.php?id=202 https://www.mail-archive.com/lfs...@li.../msg04844.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-202 [CVE-2017-5715] (https://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-10 20:10:03
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 10 15:22:51 EDT 2018 net-general/mariadb upgraded from 10.1.32 to 10.1.33 to fix several security vulnerabilities: CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2766 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 and CVE-2018-2813. The worst of these (CVE-2018-2755) was a very difficult to exploit vulnerability that allowed for a complete takeover of a MariaDB server only if an attacker could successfully get someone with legitimate access to the server to perform an action. CVE-2018-2813 allowed for unauthorized read access to a subset of the MariaDB server accessible data. The remaining vulnerabilities all allowed for a denial of service attacks (server crashes). For more information see: https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ https://security.cucumberlinux.com/security/details.php?id=387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782 https://security.cucumberlinux.com/security/details.php?id=388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784 https://security.cucumberlinux.com/security/details.php?id=389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787 https://security.cucumberlinux.com/security/details.php?id=390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766 https://security.cucumberlinux.com/security/details.php?id=391 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755 https://security.cucumberlinux.com/security/details.php?id=392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819 https://security.cucumberlinux.com/security/details.php?id=393 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817 https://security.cucumberlinux.com/security/details.php?id=394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761 https://security.cucumberlinux.com/security/details.php?id=395 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781 https://security.cucumberlinux.com/security/details.php?id=396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771 https://security.cucumberlinux.com/security/details.php?id=397 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.32 to 10.1.33 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-387 [CVE-2018-2782] (https://security.cucumberlinux.com/security/details.php?id=387) * CLD-388 [CVE-2018-2784] (https://security.cucumberlinux.com/security/details.php?id=388) * CLD-389 [CVE-2018-2787] (https://security.cucumberlinux.com/security/details.php?id=389) * CLD-390 [CVE-2018-2766] (https://security.cucumberlinux.com/security/details.php?id=390) * CLD-391 [CVE-2018-2755] (https://security.cucumberlinux.com/security/details.php?id=391) * CLD-392 [CVE-2018-2819] (https://security.cucumberlinux.com/security/details.php?id=392) * CLD-393 [CVE-2018-2817] (https://security.cucumberlinux.com/security/details.php?id=393) * CLD-394 [CVE-2018-2761] (https://security.cucumberlinux.com/security/details.php?id=394) * CLD-395 [CVE-2018-2781] (https://security.cucumberlinux.com/security/details.php?id=395) * CLD-396 [CVE-2018-2771] (https://security.cucumberlinux.com/security/details.php?id=396) * CLD-397 [CVE-2018-2813] (https://security.cucumberlinux.com/security/details.php?id=397) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-10 16:19:56
|
Update Information A security update is available for cairo for the following versions of Cucumber Linux: * 1.0 * 1.1. Here are the details from the Cucumber 1.1. changelog: +----------------+ Thu May 10 11:35:26 EDT 2018 x-base/cairo rebuilt (build 4) to fix CVE-2017-9814, a security vulnerability which could have possibly allowed for a denial of service (application crash). For more information see: https://security.cucumberlinux.com/security/details.php?id=385 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9814 https://bugzilla.suse.com/show_bug.cgi?id=1049092 multilib/x-base/cairo-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-385 [CVE-2017-9814] (https://security.cucumberlinux.com/security/details.php?id=385) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cairo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-10 14:17:21
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 10 09:40:13 EDT 2018 xapps-general/firefox upgraded from 52.7.4 to 52.8.0 to fix several security vulnerabilities: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 For more information see: https://security.cucumberlinux.com/security/details.php?id=386 https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-386 [Several CVEs] (https://security.cucumberlinux.com/security/details.php?id=386) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-06 22:49:26
|
Update Information A security update is available for wget for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun May 6 18:07:17 EDT 2018 net-base/wget upgraded from 1.19.2 to 1.19.5 to fix CVE-2018-0494, a security vulnerability that allowed for a malicious web server to create and/or modify cookies belonging to a different website. For more information see: https://security.cucumberlinux.com/security/details.php?id=383 https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-383 [CVE-2018-0494] (https://security.cucumberlinux.com/security/details.php?id=383) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure wget is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-03 18:46:41
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed May 2 20:20:58 EDT 2018 base/linux upgraded from 4.9.97 to 4.9.98 to fix CVE-2018-1093, a security vulnerability which allowed a privileged attacker to cause a denial of service (crash) by mounting a specially crafted ext4 filesystem. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.98 https://security.cucumberlinux.com/security/details.php?id=381 kernel/linux-source upgraded from 4.9.97 to 4.9.98 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-381 [CVE-2018-1093] (https://security.cucumberlinux.com/security/details.php?id=381) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-01 00:02:41
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 30 17:11:03 EDT 2018 xapps-general/firefox upgraded from 52.7.3esr to 52.7.4esr. Given that this is an off schedule release, thie update almost certainly contains security fixes; however, Mozilla doesn't like to disclose information about any security fixes until a while after the fixes have been released. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=379 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-379 (https://security.cucumberlinux.com/security/details.php?id=379) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-26 23:38:44
|
Update Information A security update is available for php/php5 for the following versions of Cucumber Linux: * 1.0 (php) * 1.1 (php5) Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Apr 26 19:04:48 EDT 2018 lang-general/php upgraded from 5.6.35 to 5.6.36. This update contains security fixes and other various bug fixes. For more information see: http://www.php.net/ChangeLog-5.php#5.6.36 https://security.cucumberlinux.com/security/details.php?id=378 * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Apr 26 19:03:57 EDT 2018 lang-extra/php5 upgraded from 5.6.35 to 5.6.36. This update contains security fixes and other various bug fixes. For more information see: http://www.php.net/ChangeLog-5.php#5.6.36 https://security.cucumberlinux.com/security/details.php?id=378 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-378 (https://security.cucumberlinux.com/security/details.php?id=378) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php/php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-26 21:44:03
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Apr 26 12:02:32 EDT 2018 lang-general/php upgraded from 7.2.4 to 7.2.5. This update contains several security fixes and other various bug fixes. For more information see: http://php.net/ChangeLog-7.php#7.2.5 https://security.cucumberlinux.com/security/details.php?id=377 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-377 (https://security.cucumberlinux.com/security/details.php?id=377) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-26 00:47:24
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Apr 25 16:14:27 EDT 2018 base/linux upgraded from 4.9.95 to 4.9.96 to fix at least two security vulnerabilities: CVE-2018-1108 and CVE-2018-1092. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108 https://security.cucumberlinux.com/security/details.php?id=373 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092 https://security.cucumberlinux.com/security/details.php?id=374 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.96 kernel/linux-source upgraded from 4.9.95 to 4.9.96 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-373 [CVE-2018-1108] (https://security.cucumberlinux.com/security/details.php?id=373) * CLD-374 [CVE-2018-1092] (https://security.cucumberlinux.com/security/details.php?id=374) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-23 18:34:03
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 23 13:04:28 EDT 2018 lib-base/ffmpeg upgraded from 3.3.6 to 3.3.7 to fix CVE-2018-6392 and CVE-2018-7557, two security vulnerabilities. Additionally removed the following patches as they are no longer necessary: 00030_CVE-2018-6621_118e1b0b3370dd1c0da442901b486689efd1654b.patch 00040_CVE-2018-9841_35eeff30caf34df835206f1c12bcf4b7c2bd6758.patch 00050_CVE-2018-10001_47b7c68ae54560e2308bdb6be4fb076c73b93081.patch For more information see: https://security.cucumberlinux.com/security/details.php?id=253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6392 https://security.cucumberlinux.com/security/details.php?id=304 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7557 multilib/lib-base/ffmpg-lib_i686 upgraded from 3.3.6 to 3.3.7 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-253 [CVE-2018-6392] (https://security.cucumberlinux.com/security/details.php?id=253) * CLD-304 [CVE-2018-7557] (https://security.cucumberlinux.com/security/details.php?id=304) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-20 22:18:37
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 20 16:23:09 EDT 2018 base/linux upgraded from 4.9.94 to 4.9.95 to further mitigate against variant 2 of the Spectre vulnerability (CVE-2017-5715). For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95 kernel/linux-source upgraded from 4.9.94 to 4.9.95 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-202 [CVE-2017-5715] (https://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-19 17:22:00
|
Update Information A security update is available for nmap for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Apr 19 12:41:34 EDT 2018 net-general/nmap upgraded from 7.31 to 7.70 to fix CVE-2018-1000161, a security vulnerability which for a malicious web server, when scanned by nmap, to write to a file outside of the intended directory on the scanning machine. For more information see: https://security.cucumberlinux.com/security/details.php?id=366 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000161 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-366 [CVE-2018-1000161] (https://security.cucumberlinux.com/security/details.php?id=366) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure nmap is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-19 16:07:43
|
Update Information A security update is available for ghostscript for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Apr 19 11:22:35 EDT 2018 apps-base/ghostscript rebuilt (build 2) to fix CVE-2018-10194, a security vulnerability which allowed for remote attackers to cause a denial of service (application crash) and possibly allowed for other unspecified impacts. For more information see: https://security.cucumberlinux.com/security/details.php?id=367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10194 multilib/apps-base/ghostscript-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-367 [CVE-2018-10194] (https://security.cucumberlinux.com/security/details.php?id=367) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ghostscript is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-17 15:39:28
|
Update Information A security update is available for libreoffice for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 16 19:16:22 EDT 2018 xapps-general/libreoffice rebuilt (build 3) to fix two denial of service vulnerabilities (CVE-2018-10119 and CVE-2018-10120) which can result in an application crash and potentially other unspecified impacts. For more information see: https://security.cucumberlinux.com/security/details.php?id=364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10119 https://security.cucumberlinux.com/security/details.php?id=365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10120 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-364 [CVE-2018-10119] (https://security.cucumberlinux.com/security/details.php?id=364) * CLD-365 [CVE-2018-10120] (https://security.cucumberlinux.com/security/details.php?id=365) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libreoffice is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-14 20:24:58
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Apr 14 15:43:34 EDT 2018 lang-base/perl rebuilt (build 5) to fix CVE-2018-6913, a security vulnerability which allows for an out of bounds write resulting in a denial of service (Perl crash) and possibly allowing for code execution. For more information see: https://security.cucumberlinux.com/security/details.php?id=362 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-362 [CVE-2018-6913] (https://security.cucumberlinux.com/security/details.php?id=362) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-14 20:19:57
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Apr 14 15:38:57 EDT 2018 lang-base/perl upgraded from 5.26.1 to 5.26.2 to fix a few security vulnerabilities: CVE-2018-6797, which allows for a denial of service via a specially crafted regex; CVE-2018-6798, which allows for memory disclosure via a specially crafted regex; and CVE-2018-6913, which allows for an out of bounds write resulting in a denial of service (Perl crash) and potential code execution. For more information see: https://security.cucumberlinux.com/security/details.php?id=360 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6797 https://security.cucumberlinux.com/security/details.php?id=361 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6798 https://security.cucumberlinux.com/security/details.php?id=362 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-360 [CVE-2018-6797] (https://security.cucumberlinux.com/security/details.php?id=360) * CLD-361 [CVE-2018-6798] (https://security.cucumberlinux.com/security/details.php?id=361) * CLD-362 [CVE-2018-6913] (https://security.cucumberlinux.com/security/details.php?id=362) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-11 19:53:26
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Apr 11 14:29:40 EDT 2018 lib-base/ffmpeg rebuilt (build 4) to fix CVE-2018-10001, a security vulnerability which allows a remote attacker to cause a denial of service via an out of array read, triggerable by a specially crafted AVI file. For more information see: https://security.cucumberlinux.com/security/details.php?id=359 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10001 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-359 [CVE-2018-10001] (https://security.cucumberlinux.com/security/details.php?id=359) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-09 21:16:28
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 9 16:10:08 EDT 2018 lib-base/ffmpeg rebuilt (build 3) to fix CVE-2018-9234, a security vulnerability that allowed for a remote attacker to cause a denial of service (out of array access resulting in an application crash) or possible have other unspecified impacts via a long filename. For more information see: https://security.cucumberlinux.com/security/details.php?id=358 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9841 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 3, x86_64 only) +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-358 [CVE-2018-9841] (https://security.cucumberlinux.com/security/details.php?id=358) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-06 14:58:16
|
Update Information A security update is available for patch for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 6 10:11:18 EDT 2018 base/patch rebuilt (build 3) to fix CVE-2018-1000156, a security vulnerability which allowed for arbitrary code execution if the user applied a malicious patch file. For more information see: https://security.cucumberlinux.com/security/details.php?id=355 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156 http://www.openwall.com/lists/oss-security/2018/04/06/1 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-355 [CVE-2018-1000156] (https://security.cucumberlinux.com/security/details.php?id=355) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure patch is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-30 13:42:47
|
Update Information A security update is available for php/php5 for the following versions of Cucumber Linux: * 1.0 (php) * 1.1 RC (php5) Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Mar 30 08:15:41 EDT 2018 lang-general/php upgraded from 5.6.34 to 5.6.35 to fix PHP bug #75605, a security vulnerability which allowed for a user to gain access to restricted resources that he should not be able to access. For more information see: https://security.cucumberlinux.com/security/details.php?id=352 https://bugs.php.net/bug.php?id=75605 * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 RC changelog: +----------------+ Fri Mar 30 08:01:45 EDT 2018 lang-extra/php5 upgraded from 5.6.34 to 5.6.35 to fix PHP bug #75605, a security vulnerability which allowed for a user to gain access to restricted resources that he should not be able to access. For more information see: https://security.cucumberlinux.com/security/details.php?id=352 https://bugs.php.net/bug.php?id=75605 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-352 [PHP bug #75605] (https://security.cucumberlinux.com/security/details.php?id=352) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php/php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-29 22:02:22
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.1 RC Here are the details from the Cucumber 1.1 RC changelog: +----------------+ Thu Mar 29 17:13:13 EDT 2018 lang-general/php upgraded from 7.2.3 to 7.2.4 to apply various fixes. The upstream developers have indicated that some of these are security fixes. For more information see: http://www.php.net/ChangeLog-7.php#7.2.4 https://security.cucumberlinux.com/security/details.php?id=351 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-351 (http://security.cucumberlinux.com/security/details.php?id=351) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-28 01:27:50
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Mar 27 11:13:03 EDT 2018 xapps-general/firefox upgraded from 52.7.2 to 52.7.3 to fix CVE-2018-5148, a use after free vulnerability in the compositor that resulted in a potentially exploitable crash. For more information see: https://security.cucumberlinux.com/security/details.php?id=347 https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-347 (http://security.cucumberlinux.com/security/details.php?id=347) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
