cucumber-linux-security Mailing List for Cucumber Linux (Page 9)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott C. <z5...@z5...> - 2017-12-30 19:16:33
|
Update Information A security update is available for gimp for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Dec 30 13:42:40 EST 2017 xapps-general/gimp rebuilt (build 4) to fix three security vulnerabilities: CVE-2017-17784, CVE-2017-17789 and CVE-2017-17787. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17784 http://security.cucumberlinux.com/security/details.php?id=185 https://nvd.nist.gov/vuln/detail/CVE-2017-17789 http://security.cucumberlinux.com/security/details.php?id=186 https://nvd.nist.gov/vuln/detail/CVE-2017-17787 http://security.cucumberlinux.com/security/details.php?id=187 multilib/xapps-general/gimp-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-185 [CVE-2017-17784] (http://security.cucumberlinux.com/security/details.php?id=185) * CLD-186 [CVE-2017-17789] (http://security.cucumberlinux.com/security/details.php?id=186) * CLD-187 [CVE-2017-17787] (http://security.cucumberlinux.com/security/details.php?id=187) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gimp is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-28 14:09:25
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 28 08:29:41 EST 2017 xapps-general/firefox upgraded from 52.5.2 to 52.5.3. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=193 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-193 [NULL] (http://security.cucumberlinux.com/security/details.php?id=193) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-25 20:10:14
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Dec 25 14:16:11 EST 2017 base/linux upgraded from 4.9.71 to 4.9.72 to fix CVE-2017-16995, a security vulnerability that allows local users to cause a system wide denial of service via memory consumption and possibly has other unspecified impacts. For more information see: http://security.cucumberlinux.com/security/details.php?id=191 https://nvd.nist.gov/vuln/detail/CVE-2017-16995 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72 kernel/linux-source upgraded from 4.9.71 to 4.9.72 Merry Christmas! * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-191 [CVE-2017-16995] (http://security.cucumberlinux.com/security/details.php?id=191) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-23 05:22:31
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Dec 22 23:48:22 EST 2017 net-general/mariadb upgraded from 10.1.29 to 10.1.30 to fix CVE-2017-15365, a vulnerability in which a database user could possibly perform modifications on certain cluster nodes without having privileges to perform such changes. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-15365 http://security.cucumberlinux.com/security/details.php?id=189 https://bugzilla.redhat.com/show_bug.cgi?id=1524234 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.29 to 10.1.30 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-189 [CVE-2017-15365] (http://security.cucumberlinux.com/security/details.php?id=189) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-23 02:55:50
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Dec 22 20:53:10 EST 2017 xapps-general/thunderbird upgraded to fix the "Mailsploit" vulnerability, a security vulnerability which could allow for a remote attacker to arbitrarily spoof the "From" address in an email. These spoofed emails get past most spam filters and show up in Thunderbird as being from any email address of the attacker's choosing (such as po...@wh...). For more information see: http://security.cucumberlinux.com/security/details.php?id=188 https://www.mailsploit.com/index * SECURITY FIX * +----------------+ As a side note, this serves as an excellent example of why we cryptographically sign all of our security related emails. :) ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-188 [Mailsploit] (http://security.cucumberlinux.com/security/details.php?id=188) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-21 17:18:44
|
Update Information A security update is available for gimp for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 21 11:04:01 EST 2017 xapps-general/gimp rebuilt (build 3) to fix two security vulnerabilities: CVE-2017-17786, a head based buffer overread in file-tga.c and CVE-2017-17788, a stack based buffer overread in xcf.c. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17786 http://security.cucumberlinux.com/security/details.php?id=183 https://nvd.nist.gov/vuln/detail/CVE-2017-17788 http://security.cucumberlinux.com/security/details.php?id=184 http://www.openwall.com/lists/oss-security/2017/12/19/5 multilib/xapps-general/gimp-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-183 [CVE-2017-17786] (http://security.cucumberlinux.com/security/details.php?id=183) * CLD-184 [CVE-2017-17788] (http://security.cucumberlinux.com/security/details.php?id=184) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gimp is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-19 19:06:23
|
Update Information A security update is available for gimp for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Dec 19 13:32:27 EST 2017 xapps-general/gimp rebuilt (build 2) to fix Gnome Bug #739133 (CLD-182), a security vulnerability in the fli importer of GIMP that could be used to trigger an out of bounds write, which naturally has the potential to lead to arbitrary code execution. This vulnerability has yet to be assigned a CVE ID. For more information see: http://security.cucumberlinux.com/security/details.php?id=182 https://bugzilla.gnome.org/show_bug.cgi?id=739133 multilib/xapps-general/gimp-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-182 (http://security.cucumberlinux.com/security/details.php?id=182) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gimp is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-14 21:19:52
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 14 15:19:14 EST 2017 base/linux upgraded from 4.9.68 to 4.9.69 to fix two security vulnerabilities: CVE-2017-1000407 and CVE-2017-0861. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000407 http://security.cucumberlinux.com/security/details.php?id=178 https://nvd.nist.gov/vuln/detail/CVE-2017-0861 http://security.cucumberlinux.com/security/details.php?id=179 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69 kernel/linux-source upgraded from 4.9.68 to 4.9.69 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-178 [CVE-2017-1000407] (http://security.cucumberlinux.com/security/details.php?id=178) * CLD-179 [CVE-2017-0861] (http://security.cucumberlinux.com/security/details.php?id=179) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-08 20:24:15
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Dec 8 10:09:47 EST 2017 xapps-general/firefox upgraded from 52.5.1 to 52.5.2 to fix CVE-2017-7843, a security vulnerability that allows a website to write persistent data to your browser's database while in private browsing mode (it is not supposed to be possible for data to persist across multiple private browsing sessions). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-7843 http://security.cucumberlinux.com/security/details.php?id=175 https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-175 [CVE-2017-7843] (http://security.cucumberlinux.com/security/details.php?id=175) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-08 03:07:46
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 7 21:38:02 EST 2017 net-base/openssl upgraded from 1.0.2m to 1.0.2n to fix two security vulnerabilities: CVE-2017-3737 and CVE-2017-3738. For more information see: http://security.cucumberlinux.com/security/details.php?id=172 https://nvd.nist.gov/vuln/detail/CVE-2017-3737 http://security.cucumberlinux.com/security/details.php?id=173 https://nvd.nist.gov/vuln/detail/CVE-2017-3738 https://www.openssl.org/news/secadv/20171207.txt multilib/net-base/openssl-lib_i686 upgraded from 1.0.2m to 1.0.2n (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-172 [CVE-2017-3737] (http://security.cucumberlinux.com/security/details.php?id=172) * CLD-173 [CVE-2017-3738] (http://security.cucumberlinux.com/security/details.php?id=173) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-06 21:57:08
|
Update Information A security update is available for rsync for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Dec 6 16:26:45 EST 2017 net-general/rsync rebuilt (build 6) to fix two security vulnerabilities (CVE-2017-17433 and CVE-2017-17434) that allowed for a remote attacker to bypass intended access restrictions. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17433 http://security.cucumberlinux.com/security/details.php?id=169 https://nvd.nist.gov/vuln/detail/CVE-2017-17434 http://security.cucumberlinux.com/security/details.php?id=170 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-169 [CVE-2017-17433] (http://security.cucumberlinux.com/security/details.php?id=169) * CLD-170 [CVE-2017-17434] (http://security.cucumberlinux.com/security/details.php?id=170) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure rsync is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-06 04:08:41
|
Update Information A security update is available for vlc for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Dec 5 22:15:48 EST 2017 xapps-base/vlc upgraded from 2.2.6 to 2.2.8 to fix two security vulnerabilities: CVE-2017-9300 and CVE-2017-10699, both of which are buffer overflow vulnerabilities which could result in a denial of service. CVE-2017-10699 can also possibly result in arbitrary code execution. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-9300 http://security.cucumberlinux.com/security/details.php?id=140 https://nvd.nist.gov/vuln/detail/CVE-2017-10699 http://security.cucumberlinux.com/security/details.php?id=141 multilib/xapps-base/vlc-lib_i686 upgraded from 2.2.6 to 2.2.8 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-140 [CVE-2017-9300] (http://security.cucumberlinux.com/security/details.php?id=140) * CLD-141 [CVE-2017-10699] (http://security.cucumberlinux.com/security/details.php?id=141) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure vlc is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-01 16:29:12
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Dec 1 10:16:13 EST 2017 lib-base/ffmpeg rebuilt (build 3) to fix CVE-2017-17081, an out of bounds read vulnerability which allowed for a remote attacker to cause a denial of service. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17081 http://security.cucumberlinux.com/security/details.php?id=168 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-168 [CVE-2017-17081] (http://security.cucumberlinux.com/security/details.php?id=168) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-30 01:10:18
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 29 19:33:04 EST 2017 xapps-general/firefox upgraded from 52.5.0 to 52.5.1. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=165 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-165 [NULL] (http://security.cucumberlinux.com/security/details.php?id=165) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-29 20:51:49
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 29 15:19:10 EST 2017 net-base/curl upgraded from 7.56.1 to 7.57.0 to fix three vulnerabilities: CVE-2017-8816 (a buffer overrun vulnerability affecting 32 bit versions of Cucumber Linux), CVE-2017-8817 (a buffer overflow vulnerability that could result in client URL direction) and CVE-2017-8818 (another buffer overrun vulnerability affecting 32 bit versions of Cucumber Linux).For more information see: https://curl.haxx.se/changes.html#7_57_0 https://nvd.nist.gov/vuln/detail/CVE-2017-8816 http://security.cucumberlinux.com/security/details.php?id=161 https://nvd.nist.gov/vuln/detail/CVE-2017-8817 http://security.cucumberlinux.com/security/details.php?id=162 https://nvd.nist.gov/vuln/detail/CVE-2017-8818 http://security.cucumberlinux.com/security/details.php?id=163 multilib/net-base/curl-lib_i686 upgraded from 7.56.1 to 7.57.0 (x86_64 only). * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-161 [CVE-2017-8816] (http://security.cucumberlinux.com/security/details.php?id=161) * CLD-162 [CVE-2017-8817] (http://security.cucumberlinux.com/security/details.php?id=162) * CLD-163 [CVE-2017-8818] (http://security.cucumberlinux.com/security/details.php?id=163) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-28 17:22:25
|
Update Information A security update is available for xorg-libraries for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Nov 28 11:29:22 EST 2017 x-base/xorg-libraries rebuilt (build 4) to fix two vulnerabilities: CVE-2017-16611, which allows for an unprivileged user to open arbitrary files as root and CVE-2017-16612, a buffer overflow vulnerability. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-16611 http://security.cucumberlinux.com/security/details.php?id=155 https://nvd.nist.gov/vuln/detail/CVE-2017-16612 http://security.cucumberlinux.com/security/details.php?id=156 multilib/x-base/xorg-libraries-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-155 [CVE-2017-16611] (http://security.cucumberlinux.com/security/details.php?id=155) * CLD-156 [CVE-2017-16612] (http://security.cucumberlinux.com/security/details.php?id=156) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-libraries is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-25 17:29:28
|
Update Information A security update is available for perl for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Nov 25 11:18:00 EST 2017 lang-base/perl rebuilt (build 4) to fix CVE-2017-6512, a race condition in the File-Path CPAN module that allowed attackers to set the mode (permission bits) on arbitrary files. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-6512 http://security.cucumberlinux.com/security/details.php?id=153 https://rt.cpan.org/Public/Bug/Display.html?id=121951 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-153 [CVE-2017-6512] (http://security.cucumberlinux.com/security/details.php?id=153) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure perl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-24 21:07:47
|
Update Information A security update is available for gimp for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Nov 24 15:08:55 EST 2017 xapps-general/gimp upgraded from 2.8.20 to 2.8.22 to fix CVE-2007-3126, a vulnerability that allowed for a context-dependent attacker to cause a denial of service (application crash) via a specially crafted .ico file. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2007-3126 http://security.cucumberlinux.com/security/details.php?id=149 multilib/xapps-general/gimp-lib_i686 upgraded from 2.8.20 to 2.8.22 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-149 [CVE-2007-3126] (http://security.cucumberlinux.com/security/details.php?id=149) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure gimp is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-24 20:18:43
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Nov 24 12:09:57 EST 2017 xapps-general/thunderbird upgraded from 52.4.0 to 52.5.0 to apply "various security fixes." Unfortunately, Mozilla doesn't usually disclose what vulnerabilities fixed in a given version of Thunderbird until a couple of weeks after it is released, so we are unable to provide any more information about what vulnerabilities are fixed in this release at this time. For more information see: http://security.cucumberlinux.com/security/details.php?id=152 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-152 [NULL] (http://security.cucumberlinux.com/security/details.php?id=152) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-21 14:50:12
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ lib-base/ffmpeg rebuilt (build 2) to fix CVE-2017-16840, a vulnerability in VC-2 compression encoder that could allow for remote attackers to cause a denial of service as the result of an out of bounds read. Due to the nature of this attack, it is also not possible to rule out the possibility of information disclosure. For more information see: http://security.cucumberlinux.com/security/details.php?id=138 https://nvd.nist.gov/vuln/detail/CVE-2017-16840 multilib/lib-base/ffmpeg rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-138 [CVE-2017-16840] (http://security.cucumberlinux.com/security/details.php?id=138) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-21 14:09:11
|
Update Information A security update is available for libtiff for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Nov 21 08:36:04 EST 2017 lib-base/libtiff upgraded from 4.0.8 to 4.0.9 to fix several security vulnerabilities: CVE-2016-10095, CVE-2015-7554, CVE-2016-5318, CVE-2014-8128 and CVE-2017-16232. For more information see: http://www.simplesystems.org/libtiff/v4.0.9.html http://security.cucumberlinux.com/security/details.php?id=133 https://nvd.nist.gov/vuln/detail/CVE-2016-10095 http://security.cucumberlinux.com/security/details.php?id=134 https://nvd.nist.gov/vuln/detail/CVE-2015-7554 http://security.cucumberlinux.com/security/details.php?id=135 https://nvd.nist.gov/vuln/detail/CVE-2016-5318 http://security.cucumberlinux.com/security/details.php?id=136 https://nvd.nist.gov/vuln/detail/CVE-2014-8128 http://security.cucumberlinux.com/security/details.php?id=137 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 multilib/lib-base/libtiff upgraded from 4.0.8 to 4.0.9 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-133 [CVE-2016-10095] (http://security.cucumberlinux.com/security/details.php?id=133) * CLD-134 [CVE-2015-7554] (http://security.cucumberlinux.com/security/details.php?id=134) * CLD-135 [CVE-2016-5318] (http://security.cucumberlinux.com/security/details.php?id=135) * CLD-136 [CVE-2014-8128] (http://security.cucumberlinux.com/security/details.php?id=136) * CLD-137 [CVE-2017-16232] (http://security.cucumberlinux.com/security/details.php?id=137) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libtiff is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-19 16:41:19
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Nov 18 12:47:51 EST 2017
base/linux upgraded from 4.9.62 to 4.9.63. 4.9.63 allegedly does a better job of
preventing the Krack WPA attacks (as described at
https://www.krackattacks.com/). Specifically, it does a better job of
addressing CVE-2017-13080. For more infromation see:
http://security.cucumberlinux.com/security/details.php?id=81
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
kernel/linux-source upgraded from 4.9.62 to 4.9.63
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-81 [CVE-2017-13077]
(http://security.cucumberlinux.com/security/details.php?id=81)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-11-17 15:22:11
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Nov 17 09:24:06 EST 2017 net-general/mariadb upgraded from 10.1.28 to 10.1.29 to fix CVE-2017-10268 (difficult to exploit) and CVE-2017-10378 (easy to exploit), two vulnerabilities that could result in unauthorized access to critical data or complete access all data accessible by MaraiDB. It was originally claimed that these vulnerabilities had been fixed in MariaDB 10.1.28; however, it turns out this was incorrect: they have been fixed in 10.1.29. For more information see: http://security.cucumberlinux.com/security/details.php?id=124 https://nvd.nist.gov/vuln/detail/CVE-2017-10268 http://security.cucumberlinux.com/security/details.php?id=125 https://nvd.nist.gov/vuln/detail/CVE-2017-10378 https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-101/ multilib/net-general/maraidb-lib_i686 upgraded from 10.1.28 to 10.1.29 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-124 [CVE-2017-10268] (http://security.cucumberlinux.com/security/details.php?id=124) * CLD-125 [CVE-2017-10378] (http://security.cucumberlinux.com/security/details.php?id=125) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-17 03:09:17
|
Update Information A security update is available for ghostscript for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Nov 16 11:47:15 EST 2017 apps-base/ghostscript upgraded from 9.21 to 9.22 to "many AddressSanitizer, Valgrind and Coverity [security] issues". For more information see: https://www.ghostscript.com/doc/9.22/News.htm http://security.cucumberlinux.com/security/details.php?id=130 multilib/apps-base/ghostscript-lib_i686 upgraded from 9.21 to 9.22 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-130 [NULL] (http://security.cucumberlinux.com/security/details.php?id=130) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ghostscript is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-14 19:15:18
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Nov 14 10:39:46 EST 2017 xapps-general/firefox upgraded from 52.4.1 to 52.5.0 for "various security fixes." Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. For more information see: https://www.mozilla.org/en-US/firefox/52.5.0/releasenotes/ http://security.cucumberlinux.com/security/details.php?id=128 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-128 (http://security.cucumberlinux.com/security/details.php?id=128) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
