Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <sc...@cu...> - 2018-03-28 01:25:13
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Mar 27 20:50:43 EDT 2018 net-base/openssl upgraded from 1.0.2n to 1.0.2o to fix CVE-2018-0739, a security vulnerability which could result in a denial of service attack. For more information see: https://security.cucumberlinux.com/security/details.php?id=348 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739 https://www.openssl.org/news/vulnerabilities.html multilib/net-base/openssl-lib_i686 upgraded from 1.0.2n to 1.0.2o (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-348 [CVE-2018-0739] (http://security.cucumberlinux.com/security/details.php?id=348) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-26 19:44:02
|
Update Information A security update is available for cups for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Mar 26 15:11:59 EDT 2018 apps-base/cups rebuilt (build 11) to fix CVE-2017-18248, a security vulnerability which allowed for a remote attacker to perform a denial of service (crash a Cups server) by sending a print job with a username that contains invalid UTF-8 Characters. For more information see: https://security.cucumberlinux.com/security/details.php?id=346 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18248 https://github.com/apple/cups/issues/5143 multilib/apps-base/cups-lib_i686 rebuilt (build 11, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-346 [CVE-2017-18248] (http://security.cucumberlinux.com/security/details.php?id=346) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cups is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-26 00:25:29
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Mar 25 19:52:27 EDT 2018 net-general/apache upgraded from 2.4.29 to 2.4.33 to fix several security vulnerabilities: CVE-2017-15710, CVE-2018-1283, CVE-2018-1303, CVE-2018-1301, CVE-2017-15715, CVE-2018-1312 and CVE-2018-1302. For more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.33 https://security.cucumberlinux.com/security/details.php?id=339 https://security.cucumberlinux.com/security/details.php?id=340 https://security.cucumberlinux.com/security/details.php?id=341 https://security.cucumberlinux.com/security/details.php?id=342 https://security.cucumberlinux.com/security/details.php?id=343 https://security.cucumberlinux.com/security/details.php?id=344 https://security.cucumberlinux.com/security/details.php?id=345 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-339 [CVE-2017-15710] (http://security.cucumberlinux.com/security/details.php?id=339) * CLD-340 [CVE-2018-1283] (http://security.cucumberlinux.com/security/details.php?id=340) * CLD-341 [CVE-2018-1303] (http://security.cucumberlinux.com/security/details.php?id=341) * CLD-342 [CVE-2018-1301] (http://security.cucumberlinux.com/security/details.php?id=342) * CLD-343 [CVE-2017-15715] (http://security.cucumberlinux.com/security/details.php?id=343) * CLD-344 [CVE-2018-1312] (http://security.cucumberlinux.com/security/details.php?id=344) * CLD-345 [CVE-2018-1302] (http://security.cucumberlinux.com/security/details.php?id=345) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-25 17:13:39
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.1 RC changelog: +----------------+ Sun Mar 25 11:53:41 EDT 2018 xapps-extra/palemmon upgraded from 27.8.1 to 27.8.2 to apply some upstream security improvements and fix a few security vulnerabilities: an issue with mouseover handling related to (CVE-2018-5103) (CVE-2018-5129) OOB Write (CVE-2018-5137) Path traversal on chrome:// URLs For more information see: https://www.palemoon.org/releasenotes.shtml https://security.cucumberlinux.com/security/details.php?id=336 https://security.cucumberlinux.com/security/details.php?id=337 https://security.cucumberlinux.com/security/details.php?id=338 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-336 [CVE-2018-5103] (http://security.cucumberlinux.com/security/details.php?id=336) * CLD-337 [CVE-2018-5129] (http://security.cucumberlinux.com/security/details.php?id=337) * CLD-338 [CVE-2018-5137] (http://security.cucumberlinux.com/security/details.php?id=338) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-25 15:20:18
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Mar 25 10:48:42 EDT 2018 xapps-general/thunderbird upgraded from 52.6.0 to 52.7.0 to fix several security vulnerabilities: CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5144: Integer overflow during Unicode conversion CVE-2018-5146: Out of bounds memory write in libvorbis CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7 CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7 For more information see: https://security.cucumberlinux.com/security/details.php?id=335 https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-335 [Several CVEs] (http://security.cucumberlinux.com/security/details.php?id=335) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-19 19:31:31
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Mar 19 14:50:51 EDT 2018 base/linux upgraded from 4.9.87 to 4.9.88. This update incorporates a couple of upstream security improvements: it improves the fix for CVE-2018-1000004 and further mitigate against the Spectre family of vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88 http://security.cucumberlinux.com/security/details.php?id=331 kernel/linux-source upgraded from 4.9.87 to 4.9.88 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-331 [NULL] (http://security.cucumberlinux.com/security/details.php?id=331) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-17 20:16:43
|
Update Information A security update is available for sqlite for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Mar 17 15:45:10 EDT 2018 apps-general/sqlite rebuilt (build 2) to fix CVE-2018-8740, a security vulnerability which could allow for a denial of service (application crash) via a specially crafted database file. For more information see: http://security.cucumberlinux.com/security/details.php?id=329 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 multilib/apps-general/sqlite-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-329 [CVE-2018-8740] (http://security.cucumberlinux.com/security/details.php?id=329) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure sqlite is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-17 19:16:38
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Mar 17 14:42:10 EDT 2018 xapps-general/firefox upgraded from 52.7.0 to 52.7.2 to fix CVE-2018-5146, an out of bounds write security vulnerability in libvorbis. For more information see: http://security.cucumberlinux.com/security/details.php?id=328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-328 [CVE-2018-5146] (http://security.cucumberlinux.com/security/details.php?id=328) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-14 15:33:26
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Mar 14 10:58:08 EDT 2018 net-base/curl upgraded from 7.58.0 to 7.59.0 to fix a few security vulnerabilities: CVE-2018-1000120, CVE-2018-1000121 and CVE-2018-1000122. For more information see: http://security.cucumberlinux.com/security/details.php?id=325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html http://security.cucumberlinux.com/security/details.php?id=326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html http://security.cucumberlinux.com/security/details.php?id=327 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html multilib/net-base/curl-lib_i686 upgraded from 7.58.0 to 7.59.0 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-325 [CVE-2018-1000120] (http://security.cucumberlinux.com/security/details.php?id=325) * CLD-326 [CVE-2018-1000121] (http://security.cucumberlinux.com/security/details.php?id=326) * CLD-327 [CVE-2018-1000122] (http://security.cucumberlinux.com/security/details.php?id=327) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-13 21:59:55
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Mar 10 16:08:05 EST 2018 xapps-general/firefox upgraded from 52.6.0esr to 52.7.0esr. This update probably contains several security fixes; however, Mozilla doesn't disclose information about any security fixes until several weeks after they have been release. We have updated to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=320 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-320 (http://security.cucumberlinux.com/security/details.php?id=320) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-07 20:43:09
|
Update Information A security update is available for net-snmp for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Mar 7 14:42:32 EST 2018 net-general/net-snmp rebuilt (build 2) to fix CVE-2018-1000116, a security vulnerability that could allow for arbitrary code execution via heap corruption. For more information see: https://sourceforge.net/p/net-snmp/bugs/2821/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000116 http://security.cucumberlinux.com/security/details.php?id=318 multilib/net-general/net-snmp rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 Beta changelog: +----------------+ Wed Mar 7 14:40:54 EST 2018 net-general/net-snmp rebuilt (build 3) to fix CVE-2018-1000116, a security vulnerability that could allow for arbitrary code execution via heap corruption. For more information see: https://sourceforge.net/p/net-snmp/bugs/2821/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000116 http://security.cucumberlinux.com/security/details.php?id=318 multilib/net-general/net-snmp rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-318 [CVE-2018-1000116] (http://security.cucumberlinux.com/security/details.php?id=318) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure net-snmp is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-04 04:41:53
|
Update Information A security update is available for php and php5 for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Mar 2 14:33:36 EST 2018 lang-general/php upgraded from 5.6.33 to 5.6.34 to fix CVE-2018-7584, a security vulnerability that could result in memory corruption via a stack based buffer under read. For more information see: https://bugs.php.net/bug.php?id=75981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584 http://security.cucumberlinux.com/security/details.php?id=315 * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 Beta changelog: +----------------+ Fri Mar 2 14:30:48 EST 2018 lang-general/php upgraded from 7.2.2 to 7.2.3 to fix CVE-2018-7584, a security vulnerability that could result in memory corruption via a stack based buffer under read. For more information see: https://bugs.php.net/bug.php?id=75981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584 http://security.cucumberlinux.com/security/details.php?id=315 lang-extra/php5 upgraded from 5.6.33 to 5.6.34 to fix CVE-2018-7584 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-315 [CVE-2018-7584] (http://security.cucumberlinux.com/security/details.php?id=315) * CLD-316 [CVE-2018-7584] (http://security.cucumberlinux.com/security/details.php?id=316) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php or php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-04 03:13:15
|
Update Information A security update is available for php and php5 for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Mar 2 14:33:36 EST 2018 lang-general/php upgraded from 5.6.33 to 5.6.34 to fix CVE-2018-7584, a security vulnerability that could result in memory corruption via a stack based buffer under read. For more information see: https://bugs.php.net/bug.php?id=75981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584 http://security.cucumberlinux.com/security/details.php?id=315 * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 Beta changelog: +----------------+ Fri Mar 2 14:30:48 EST 2018 lang-general/php upgraded from 7.2.2 to 7.2.3 to fix CVE-2018-7584, a security vulnerability that could result in memory corruption via a stack based buffer under read. For more information see: https://bugs.php.net/bug.php?id=75981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584 http://security.cucumberlinux.com/security/details.php?id=315 lang-extra/php5 upgraded from 5.6.33 to 5.6.34 to fix CVE-2018-7584 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-315 [CVE-2018-7584] (http://security.cucumberlinux.com/security/details.php?id=315) * CLD-316 [CVE-2018-7584] (http://security.cucumberlinux.com/security/details.php?id=316) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php or php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-01 18:24:14
|
Update Information A security update is available for python3 for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Mar 1 12:41:58 EST 2018 lang-base/python3 rebuilt (build 2) to fix CVE-2017-18207, a security vulnerability that could allow for a denial of service via a specially crafted wave file. For more information see: https://bugs.python.org/issue32056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207 http://security.cucumberlinux.com/security/details.php?id=313 multilib/lang-base/python3-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-313 [CVE-2017-18207] (http://security.cucumberlinux.com/security/details.php?id=313) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python3 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-01 05:39:52
|
Update Information
A security update is available for dovecot for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Beta
Here are the details from the Cucumber 1.1 Beta changelog:
+----------------+
Wed Feb 28 16:57:11 EST 2018
net-extra/dovecot upgraded from 2.2.33.2 to 2.2.34 to fix two security
vulnerabilities: CVE-2017-15130, which could lead to excessive memory
consumption if the Dovecot config has local_name { } or local { } blocks
in it and CVE-2017-14461, which could result in a denial of service
(crash) or information disclosure (leaking memory contents to an
attacker) when parsing an invalid email address. For more information
see:
https://dovecot.org/list/dovecot-news/2018-February/000370.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130
http://security.cucumberlinux.com/security/details.php?id=305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461
http://security.cucumberlinux.com/security/details.php?id=306
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-305 [CVE-2017-15130]
(http://security.cucumberlinux.com/security/details.php?id=305)
* CLD-306 [CVE-2017-14461]
(http://security.cucumberlinux.com/security/details.php?id=306)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure dovecot is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-02-22 17:46:02
|
Update Information A security update is available for libreoffice for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Feb 22 12:06:46 EST 2018 xapps-general/libreoffice rebuilt (build 2) to fix CVE-2018-6871, a security vulnerability which could allow a remote attacker to read the contents of arbitrary files if the user opened a specially crafted Calc spreadsheet. A spreadsheet object could also be embedded into any other LibreOffice format, allowing for exploitation via any LibreOffice format. This vulnerability may also be known as CVE-2018-1055. For more information see: http://security.cucumberlinux.com/security/details.php?id=286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871 https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure/blob/master/README.md * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-286 [CVE-2018-6871] (http://security.cucumberlinux.com/security/details.php?id=286) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libreoffice is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-20 01:00:02
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Beta
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Feb 17 16:42:27 EST 2018
base/linux upgraded from 4.9.81 to 4.9.82 to fix CVE-2017-8824, a security
vulnerability that could result in privilege escalation or a denial of
service. For more information see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
http://security.cucumberlinux.com/security/details.php?id=300
kernel/linux-source upgraded from 4.9.81 to 4.9.82
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-300 [CVE-2017-8824]
(http://security.cucumberlinux.com/security/details.php?id=300)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-02-18 17:40:23
|
Update Information A security update is available for shadow for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Feb 18 11:55:09 EST 2018 base/shadow rebuilt (build 5) to fix CVE-2018-7169, a security vulnerability that could allow for an unprivileged user to drop supplemental groups using the newuidmap and newgidmap commands. This effectively allows for circumventing group blacklisting. For more information see: http://security.cucumberlinux.com/security/details.php?id=298 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.1 Beta changelog: +----------------+ Sun Feb 18 11:51:23 EST 2018 base/shadow rebuilt (build 6) to fix CVE-2018-7169, a security vulnerability that could allow for an unprivileged user to drop supplemental groups using the newuidmap and newgidmap commands. This effectively allows for circumventing group blacklisting. For more information see: http://security.cucumberlinux.com/security/details.php?id=298 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-298 [CVE-2018-7169] (http://security.cucumberlinux.com/security/details.php?id=298) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure shadow is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-18 00:41:21
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Beta
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Feb 17 16:42:27 EST 2018
base/linux upgraded from 4.9.81 to 4.9.82 to fix CVE-2017-8824, a security
vulnerability that could result in privilege escalation or a denial of
service. For more information see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
http://security.cucumberlinux.com/security/details.php?id=300
kernel/linux-source upgraded from 4.9.81 to 4.9.82
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-300 [CVE-2017-8824]
(http://security.cucumberlinux.com/security/details.php?id=300)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-02-17 01:00:51
|
Update Information A security update is available for python2 for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Feb 16 19:24:51 EST 2018 lang-base/python2 rebuilt (build 3) to fix CVE-2018-1000030, a vulnerability that allowed for a crash of the python interpreter by leveraging a race condition. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030 http://security.cucumberlinux.com/security/details.php?id=279 https://bugs.python.org/issue31530 multilib/lang-base/python2-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-279 [CVE-2018-1000030] (http://security.cucumberlinux.com/security/details.php?id=279) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure python2 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-16 22:37:40
|
Update Information A security update is available for patch for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Feb 16 16:56:44 EST 2018 base/patch rebuilt (build 2) to fix a couple of security issues: a out of bounds read having the potential to cause a denial of service (CVE-2016-10713) and a segmentation fault resulting from a NULL pointer dereference (CVE-2018-6951). For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713 http://security.cucumberlinux.com/security/details.php?id=295 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951 http://security.cucumberlinux.com/security/details.php?id=296 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-295 [CVE-2016-10713] (http://security.cucumberlinux.com/security/details.php?id=295) * CLD-296 [CVE-2018-6951] (http://security.cucumberlinux.com/security/details.php?id=296) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure patch is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-16 15:42:23
|
Update Information A security update is available for unzip for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Feb 16 10:11:36 EST 2018 apps-base/unzip rebuilt (build 3) to mitigate against CVE-2018-1000035, a security vulnerability which allowed for an attacker to perform a denial of service and arbitrary code execution via a specially crafted zip file. Unzip has been rebuilt with the -D_FORTIFY_SOURCE=2, which mitigates the impact of the vulnerability to only a denial of service (removing the possibility of arbitrary code execution). For more information see: http://security.cucumberlinux.com/security/details.php?id=284 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035 https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-284 [CVE-2018-1000035] (http://security.cucumberlinux.com/security/details.php?id=284) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unzip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2018-02-16 01:44:08
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Feb 13 19:26:23 EST 2018 base/linux upgraded from 4.9.80 to 4.9.81 to further mitigate against both variants of the Spectre vulnerability. For more information see: https://spectreattack.com/ http://security.cucumberlinux.com/security/details.php?id=201 http://security.cucumberlinux.com/security/details.php?id=202 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81 kernel/linux-source upgraded from 4.9.80 to 4.9.81 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (http://security.cucumberlinux.com/security/details.php?id=201) * CLD-202 [CVE-2017-5715] (http://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-15 22:57:08
|
Update Information A security update is available for freetype for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Feb 15 17:13:53 EST 2018 lib-base/freetype rebuilt (build 4) to fix CVE-2018-6942, a security vulnerability that allowed for a denial of service (i.e. crash) via a specially crafted font file. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 http://security.cucumberlinux.com/security/details.php?id=294 multilib/lib-base/freetype-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-294 [CVE-2018-6942] (http://security.cucumberlinux.com/security/details.php?id=294) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure freetype is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-12 22:04:08
|
Update Information A security update is available for freetype for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Feb 12 16:32:38 EST 2018 lib-base/freetype rebuilt (build 3) to fix CVE-2017-8105, a security vulnerability which used a heap based buffer overflow to cause a denial of service (crash). For more information see: http://security.cucumberlinux.com/security/details.php?id=292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 multilib/lib-base/freetype rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-292 [CVE-2017-8105] (http://security.cucumberlinux.com/security/details.php?id=292) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure freetype is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
