cucumber-linux-security Mailing List for Cucumber Linux (Page 10)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security — A moderated, low traffic mailing list for security updates.
You can subscribe to this list here.
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(10) |
Sep
(18) |
Oct
(26) |
Nov
(20) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018 |
Jan
(17) |
Feb
(18) |
Mar
(18) |
Apr
(13) |
May
(19) |
Jun
(17) |
Jul
(17) |
Aug
(13) |
Sep
(13) |
Oct
(11) |
Nov
(10) |
Dec
(10) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
|
Apr
(15) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Z5T1 <z5...@z5...> - 2017-11-12 18:31:45
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Alpha Here are the details from the Cucumber 1.1 Alpha changelog: +----------------+ Sun Nov 12 12:45:51 EST 2017 base/linux upgraded from 4.9.58 to 4.9.61. This fixes CVE-2017-.2193, a vulnerability that could be used to trigger a NULL pointer dereference and a kernel panic. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12193 http://security.cucumberlinux.com/security/details.php?id=122 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 kernel/linux-source upgraded from 4.9.58 to 4.9.61 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-122 [CVE-2017-12193] (http://security.cucumberlinux.com/security/details.php?id=122) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-06 15:20:13
|
Update Information
A security update is available for rsync for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Mon Nov 6 09:47:06 EST 2017
net-general/rsync rebuilt (build 5) to fix CVE-2017-16548, a buffer overread
vulnerability which could result in a remote denial of service or other
unspecified impacts due to a failure of the receive_xattr function in
xattrs.c to check for a null terminator ('\0') character in an xattr
name. For more information see:
https://nvd.nist.gov/vuln/detail/CVE-2017-16548
http://security.cucumberlinux.com/security/details.php?id=126
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-126 [CVE-2017-16548]
(http://security.cucumberlinux.com/security/details.php?id=126)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure rsync is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-11-04 13:50:31
|
Update Information A security update is available for libreoffice for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Nov 4 09:07:39 EDT 2017 xapps-general/libreoffice upgraded from 5.3.0.3 to 5.3.7.2 to fix CVE-2017-14226, a vulnerability in which the libwpd library (as shipped with LibreOffice 5.3.0.3) mishandled iterators, which could result in a heap based buffer overread. It may have led to a remote attack against a LibreOffice application. For more information see: http://security.cucumberlinux.com/security/details.php?id=15 https://nvd.nist.gov/vuln/detail/CVE-2017-14226 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-15 [CVE-2017-14226] (http://security.cucumberlinux.com/security/details.php?id=15) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libreoffice is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-03 15:06:14
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Nov 3 10:31:28 EDT 2017 net-general/mariadb upgraded from 10.1.26 to 10.1.28 to fix CVE-2017-10268 (difficult to exploit) and CVE-2017-10378 (easy to exploit), two vulnerabilities that could result in unauthorized access to critical data or complete access all data accessible by MaraiDB. Note that this has not yet been formally acknowledged by the MaraiDB developers; however, other distributions are all claiming that these vulnerabilities are fixed in MaraiDB 10.1.28. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268 http://security.cucumberlinux.com/security/details.php?id=124 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378 http://security.cucumberlinux.com/security/details.php?id=125 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.26 to 10.1.28 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-124 [CVE-2017-10268] (http://security.cucumberlinux.com/security/details.php?id=124) * CLD-125 [CVE-2017-10378] (http://security.cucumberlinux.com/security/details.php?id=125) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-03 02:21:13
|
Update Information A security update is available for openssl for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.1 Alpha changelog: +----------------+ Thu Nov 2 21:43:24 EDT 2017 net-base/openssl upgraded from 1.0.2k to 1.0.2m to fix CVE-2017-3736 and CVE-2017-3735. For more information see: https://www.openssl.org/news/vulnerabilities.html#y2017 http://security.cucumberlinux.com/security/details.php?id=123 https://nvd.nist.gov/vuln/detail/CVE-2017-3736 http://security.cucumberlinux.com/security/details.php?id=8 https://nvd.nist.gov/vuln/detail/CVE-2017-3735 multilib/net-base/openssl-lib_i686 upgraded from 1.0.2k to 1.0.2m (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-123 [CVE-2017-3736] (http://security.cucumberlinux.com/security/details.php?id=123) * CLD-8 [CVE-2017-3735] (http://security.cucumberlinux.com/security/details.php?id=8) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-02 17:25:57
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Nov 2 12:53:32 EDT 2017 base/linux upgraded from 4.9.59 to 4.9.60 to fix CVE-2017-12193, a vulnerability that could be used to trigger a NULL pointer dereference and a kernel panic. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12193 http://security.cucumberlinux.com/security/details.php?id=122 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-122 [CVE-2017-12193] (http://security.cucumberlinux.com/security/details.php?id=122) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-01 18:09:47
|
Update Information A security update is available for shadow for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 1 12:45:57 EDT 2017 base/shadow rebuilt (build 4) to fix CLD-121, a vulnerability in which the /etc/shadow file was world readable. For more information see: http://security.cucumberlinux.com/security/details.php?id=121 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-121 (http://security.cucumberlinux.com/security/details.php?id=121) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure shadow is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-01 16:18:12
|
Update Information A security update is available for vim for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 1 11:32:53 EDT 2017 base/vim rebuilt (build 5) to fix CVE-2017-1000382, a vulnerability with Vim's swap files which could result in unintended information disclosure, by allowing for arbitrary users to view the contents of files not originally intended to be viewed. This has been successfully used to get (amongst other things) Wordpress database credentials (from wp-config.php). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 http://security.cucumberlinux.com/security/details.php?id=120 http://www.openwall.com/lists/oss-security/2017/10/31/1 IMPORTANT NOTE: THIS VULNERABILITY WAS FIXED BY MAKING A CHANGE TO THE /etc/vimrc FILE. THEREFORE, WHEN UPGRADING YOUR VIM PACKAGES, MAKE SURE TO EITHER INSTALL THE NEW /etc/vimrc FILE OR COPY THE CHANGES FROM /etc/vimrc.new OVER TO /etc/vimrc. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-120 [CVE-2017-1000382] (http://security.cucumberlinux.com/security/details.php?id=120) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update ****IMPORTANT***: This vulnerability was fixed by making a change to the '/etc/vimrc' file. Therefore, when you install the new package, it is important that you either replace your old vimrc file with the new one (by choosing 'REPLACE' on the new file action menu) or copy the changes over from the new vimrc to your existing vimrc.* The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure vim is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-28 15:17:15
|
Update Information A security update is available for php for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Oct 28 10:31:42 EDT 2017 lang-general/php upgraded from 5.6.31 to 5.6.32 to fix CVE-2016-1283, a vulnerability which allowed for a remote attacker to cause a denial of service or possibly have other unspecified impacts via a specially crafted regex passed to PCRE. Note that this vulnerability has long since been fixed in by the upstream PCRE developers and the regular Cucumber PCRE packages are unaffected by this; this was an issue only because PHP was using an old version of PCRE (which was linked statically into the PHP binaries). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-1283 http://security.cucumberlinux.com/security/details.php?id=118 https://bugs.php.net/bug.php?id=75207 http://www.php.net/ChangeLog-5.php#5.6.32 * SECURITY FIX * +----------------+ Note for Cucumber 1.1 Alpha Users For users of Cucumber Linux 1.1 Alpha, there have been two package updates released for this vulnerability: one for the mainstream 'php' package (which is PHP version 7.2) and one for the legacy 'php5' package (which is PHP version 5.6). You should only ever use one of these two packages on any given system as they conflict with each other, so make sure to apply the correct update for the version of PHP you are using. If you use Pickle to apply the update, it will take care of this for you. Here are the full details from the Cucumber 1.1 Alpha changelog: Sat Oct 28 10:35:22 EDT 2017 lang-general/php upgraded from 7.2.0RC4 to 7.2.0RC5 to fix CVE-2016-1283, a vulnerability which allowed for a remote attacker to cause a denial of service or possibly have other unspecified impacts via a specially crafted regex passed to PCRE. Note that this vulnerability has long since been fixed in by the upstream PCRE developers and the regular Cucumber PCRE packages are unaffected by this; this was an issue only because PHP was using an old version of PCRE (which was linked statically into the PHP binaries). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-1283 http://security.cucumberlinux.com/security/details.php?id=118 https://bugs.php.net/bug.php?id=75207 http://www.php.net/ChangeLog-5.php#5.6.32 lang-extra/php5 upgraded from 5.6.31 to 5.6.32 to fix this same vulnerability in the legacy PHP package. * SECURITY FIX * ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-118 [CVE-2016-1283] (http://security.cucumberlinux.com/security/details.php?id=118) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure php or php5 is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-27 15:53:05
|
Update Information A security update is available for ffmpeg for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Oct 27 11:01:02 EDT 2017 lib-base/ffmpeg upgraded from 3.3.4 to 3.3.5 to fix CVE-2017-15186, a vulnerability which allowed for remote attackers to cause a denial of service (i.e. crash) via a specially crafted AVI file. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-15186 http://security.cucumberlinux.com/security/details.php?id=115 https://ffmpeg.org/security.html multilib/lib-base/ffmpeg upgraded from 3.3.4 to 3.3.5 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-115 [CVE-2017-15186] (http://security.cucumberlinux.com/security/details.php?id=115) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure ffmpeg is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-26 17:49:24
|
Update Information A security update is available for wget for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Oct 26 12:44:37 EDT 2017 net-base/wget upgraded from 1.17.1 to 1.19.2 to fix CVE-2017-13089 and CVE-2017-13090, two buffer overflow vulnerabilities which could allow for remote arbitrary code execution if wget connects to a malicious http server. For more information see: http://security.cucumberlinux.com/security/details.php?id=116 https://access.redhat.com/security/cve/CVE-2017-13089 https://nvd.nist.gov/vuln/detail/CVE-2017-13089 http://security.cucumberlinux.com/security/details.php?id=117 https://access.redhat.com/security/cve/CVE-2017-13090 https://nvd.nist.gov/vuln/detail/CVE-2017-13090 https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-116 [CVE-2017-13089] (http://security.cucumberlinux.com/security/details.php?id=116) * CLD-117 [CVE-2017-13090] (http://security.cucumberlinux.com/security/details.php?id=117) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure wget is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-24 14:10:39
|
Update Information A security update is available for apr-util for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 24 09:32:21 EDT 2017 lib-general/apr-util upgraded from 1.5.4 to 1.6.1 to fix CVE-2017-12618, a denial of service vulnerability resulting from the failure of the apr_sdbm*() functions to validate their input. This allowed for a local user with write access to a database to crash a program or process using these functions. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12618 http://security.cucumberlinux.com/security/details.php?id=114 https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E multilib/lib-general/apr-util upgraded from 1.5.4 to 1.6.1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-114 [CVE-2017-12618] (http://security.cucumberlinux.com/security/details.php?id=114) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apr-util is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-24 14:09:09
|
Update Information A security update is available for apr for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 24 09:28:32 EDT 2017 lib-general/apr upgraded from 1.5.2 to 1.6.3 to fix CVE-2017-12613, a vulnerability which allowed for information disclosure and/or a denial of service via an out of bounds read. This happened as a result of the apr_exp_time*() and apr_os_exp_time*() functions failing to validate input. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12613 http://security.cucumberlinux.com/security/details.php?id=113 https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E multilib/lib-general/apr-lib_i686 upgraded from 1.5.2 to 1.6.3 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-113 [CVE-2017-12613] (http://security.cucumberlinux.com/security/details.php?id=113) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apr is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-23 14:06:57
|
Update Information A security update is available for curl for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Oct 23 09:29:17 EDT 2017 net-base/curl upgraded from 7.56.0 to 7.56.1 to fix CVE-2017-1000257, a buffer overrun vulnerability in the IMAP portion of libcurl (the curl library). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000257 http://security.cucumberlinux.com/security/details.php?id=112 https://curl.haxx.se/docs/adv_20171023.html multilib/net-base/curl-lib_i686 upgraded from 7.56.0 to 7.56.1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-112 [CVE-2017-1000257] (http://security.cucumberlinux.com/security/details.php?id=112) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure curl is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-19 17:03:06
|
Update Information
A security update is available for xorg-server for the following
versions of Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Thu Oct 19 11:46:58 EDT 2017
x-base/xorg-server rebuilt (build 5) to fix several vulnerabilities:
CVE-2017-2624, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178,
CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182,
CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186 and
CVE-2017-12187. For more information see:
http://security.cucumberlinux.com/security/details.php?id=96
http://security.cucumberlinux.com/security/details.php?id=97
http://security.cucumberlinux.com/security/details.php?id=98
http://security.cucumberlinux.com/security/details.php?id=99
http://security.cucumberlinux.com/security/details.php?id=100
http://security.cucumberlinux.com/security/details.php?id=101
http://security.cucumberlinux.com/security/details.php?id=102
http://security.cucumberlinux.com/security/details.php?id=103
http://security.cucumberlinux.com/security/details.php?id=104
http://security.cucumberlinux.com/security/details.php?id=105
http://security.cucumberlinux.com/security/details.php?id=106
http://security.cucumberlinux.com/security/details.php?id=107
http://security.cucumberlinux.com/security/details.php?id=108
http://security.cucumberlinux.com/security/details.php?id=109
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-96 [CVE-2017-2624]
(http://security.cucumberlinux.com/security/details.php?id=96)
* CLD-97 [CVE-2017-12184]
(http://security.cucumberlinux.com/security/details.php?id=97)
* CLD-98 [CVE-2017-12185]
(http://security.cucumberlinux.com/security/details.php?id=98)
* CLD-99 [CVE-2017-12186]
(http://security.cucumberlinux.com/security/details.php?id=99)
* CLD-100 [CVE-2017-12186]
(http://security.cucumberlinux.com/security/details.php?id=100)
* CLD-101 [CVE-2017-12187]
(http://security.cucumberlinux.com/security/details.php?id=101)
* CLD-102 [CVE-2017-12183]
(http://security.cucumberlinux.com/security/details.php?id=102)
* CLD-103 [CVE-2017-12180]
(http://security.cucumberlinux.com/security/details.php?id=103)
* CLD-104 [CVE-2017-12181]
(http://security.cucumberlinux.com/security/details.php?id=104)
* CLD-105 [CVE-2017-12182]
(http://security.cucumberlinux.com/security/details.php?id=105)
* CLD-106 [CVE-2017-12179]
(http://security.cucumberlinux.com/security/details.php?id=106)
* CLD-107 [CVE-2017-12178]
(http://security.cucumberlinux.com/security/details.php?id=107)
* CLD-108 [CVE-2017-12177]
(http://security.cucumberlinux.com/security/details.php?id=108)
* CLD-109 [CVE-2017-12176]
(http://security.cucumberlinux.com/security/details.php?id=109)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure xorg-server is selected on the update list, and then select
Ok. Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-10-19 01:02:39
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Oct 18 19:39:59 EDT 2017 base/linux upgraded from 4.9.56 to 4.9.57 to fix CVE-2017-12188, CVE-2017-15265 and probably some other vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-94 [CVE-2017-12188] (http://security.cucumberlinux.com/security/details.php?id=94) * CLD-95 [CVE-2017-15265] (http://security.cucumberlinux.com/security/details.php?id=95) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-18 20:38:42
|
Update Information A security update is available for libarchive for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Oct 18 15:51:54 EDT 2017 lib-general/libarchive rebuilt (build 2) to fix CVE-2016-10349 and CVE-2016-10350, two vulnerabilities which both allowed for a remote crash via a heap based buffer overflow. For more information see: http://security.cucumberlinux.com/security/details.php?id=92 https://nvd.nist.gov/vuln/detail/CVE-2016-10349 http://security.cucumberlinux.com/security/details.php?id=93 https://nvd.nist.gov/vuln/detail/CVE-2016-10350 multilib/lib-general/libarchive rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-92 [CVE-2016-10349] (http://security.cucumberlinux.com/security/details.php?id=92) * CLD-93 [CVE-2016-10350] (http://security.cucumberlinux.com/security/details.php?id=93) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure libarchive is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-18 14:56:24
|
Update Information A security update is available for wpa_supplicant for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Oct 18 10:26:49 EDT 2017 net-base/wpa_supplicant rebuilt (build 4) to fix several security vulnerabilities collectively known as the Krack Attacks. These vulnerabilities allowed for an attacker within the physical range of a WPA2 secured network to hijack the four way handshake (which occurs when a new client connects to the network) and decrypt the connection, amongst other things. This vulnerability has been assigned the following CVE IDs: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088. For more information see: https://www.krackattacks.com/ https://nvd.nist.gov/vuln/detail/CVE-2017-13077 https://nvd.nist.gov/vuln/detail/CVE-2017-13078 https://nvd.nist.gov/vuln/detail/CVE-2017-13079 https://nvd.nist.gov/vuln/detail/CVE-2017-13080 https://nvd.nist.gov/vuln/detail/CVE-2017-13081 https://nvd.nist.gov/vuln/detail/CVE-2017-13082 https://nvd.nist.gov/vuln/detail/CVE-2017-13084 https://nvd.nist.gov/vuln/detail/CVE-2017-13086 https://nvd.nist.gov/vuln/detail/CVE-2017-13087 https://nvd.nist.gov/vuln/detail/CVE-2017-13088 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-81 [CVE-2017-13077] (http://security.cucumberlinux.com/security/details.php?id=81) * CLD-83 [CVE-2017-13078] (http://security.cucumberlinux.com/security/details.php?id=83) * CLD-84 [CVE-2017-13079] (http://security.cucumberlinux.com/security/details.php?id=84) * CLD-85 [CVE-2017-13080] (http://security.cucumberlinux.com/security/details.php?id=85) * CLD-86 [CVE-2017-13081] (http://security.cucumberlinux.com/security/details.php?id=86) * CLD-87 [CVE-2017-13082] (http://security.cucumberlinux.com/security/details.php?id=87) * CLD-88 [CVE-2017-13084] (http://security.cucumberlinux.com/security/details.php?id=88) * CLD-89 [CVE-2017-13086] (http://security.cucumberlinux.com/security/details.php?id=89) * CLD-90 [CVE-2017-13087] (http://security.cucumberlinux.com/security/details.php?id=90) * CLD-91 [CVE-2017-13088] (http://security.cucumberlinux.com/security/details.php?id=91) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure wpa_supplicant is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-15 15:41:58
|
Update Information A security update is available for thunderbird for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Oct 6 22:11:17 EDT 2017 xapps-general/thunderbird upgraded from 52.3 to 52.4. This most likely fixes some security issues, but Mozilla doesn't like to tell us about these until a couple of weeks after they publish the update (thanks guys). To be safe, we will treat this update as a security update. * SECURITY FIX * Since then, mozilla has made the list of vulnerabilities fixed in this release public. The list can be viewed at: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/ and addresses the following vulnerabilities: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4 +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-80 [NULL] (http://security.cucumberlinux.com/security/details.php?id=80) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure thunderbird is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-14 13:06:27
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.1 Alpha changelog:
+----------------+
Sat Oct 14 08:33:53 EDT 2017
base/linux upgraded from 4.9.54 to 4.9.56 to fix CVE-2017-7518, CVE-2017-0786,
CVE-2017-1000255 and probably some other vulnerabilities
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-44 [CVE-2017-7518]
(http://security.cucumberlinux.com/security/details.php?id=44)
* CLD-76 [CVE-2017-0786]
(http://security.cucumberlinux.com/security/details.php?id=76)
* CLD-77 [CVE-2017-1000255]
(http://security.cucumberlinux.com/security/details.php?id=77)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-10-11 16:15:25
|
Update Information A security update is available for xorg-libraries for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Oct 11 11:43:47 EDT 2017 x-base/xorg-libraries rebuilt (build 3) to fix two vulnerabilities (CVE-2017-13720 and CVE-2017-13722) which could result in a denial of service or memory disclosure. For more information see: http://security.cucumberlinux.com/security/details.php?id=72 https://nvd.nist.gov/vuln/detail/CVE-2017-13720 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608) http://security.cucumberlinux.com/security/details.php?id=73 https://nvd.nist.gov/vuln/detail/CVE-2017-13722 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd https://www.debian.org/security/2017/dsa-3995 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-72 [CVE-2017-13720] (http://security.cucumberlinux.com/security/details.php?id=72) * CLD-73 [CVE-2017-13722] (http://security.cucumberlinux.com/security/details.php?id=73) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure xorg-libraries is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-10 22:38:10
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 As of this time, Cucumber Linux 1.1 Alpha is still vulnerable these vulnerabilities. Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 10 17:56:42 EDT 2017 testing/xapps-testing/palemoon upgraded from 27.5.0 to 27.5.1 to fix CVE-2017-7825, an issue with Mac fonts, upgrades some internal libraries to newer, more secure versions and applies a couple of proactive security fixes. For more information see: http://security.cucumberlinux.com/security/details.php?id=74 https://nvd.nist.gov/vuln/detail/CVE-2017-7825 http://www.palemoon.org/releasenotes.shtml * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-74 [CVE-2017-7825] (http://security.cucumberlinux.com/security/details.php?id=74) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-10 17:12:03
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 10 12:34:03 EDT 2017 xapps-general/firefox upgraded from 52.4.0 to 52.4.1 to fix a couple of potential crash related issues. Note that these issues allegedly affect Mac OS only, however we will upgrade to be safe as Mozilla tends to push out other security updates in these releases that they don't tell us little people about until weeks later. For more information see: http://security.cucumberlinux.com/security/details.php?id=71 https://www.mozilla.org/en-US/firefox/52.4.1/releasenotes/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-71 (http://security.cucumberlinux.com/security/details.php?id=71) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-10 13:59:12
|
Update Information A security update is available for openssh for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 10 09:23:30 EDT 2017 net-general/openssh upgraded from 7.4p1 to 7.6p1 to fix a security vulnerability which allowed for a user to create arbitrary zero length files on a sftp server operating in read only mode. At this time, this vulnerability has not been assigned a CVE id. For more information see: http://security.cucumberlinux.com/security/details.php?id=70 https://www.openssh.com/txt/release-7.6 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-70 (http://security.cucumberlinux.com/security/details.php?id=70) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure openssh is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-08 19:41:12
|
Update Information A security update is available for pcre for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Oct 8 15:11:32 EDT 2017 lib-base/pcre upgraded from 8.39 to 8.41 to fix CVE-2017-7186, a vulnerability which allowed remote attackers to cause a denail of service (crash) by looking up an invalid Unicode property. For more information see: http://security.cucumberlinux.com/security/details.php?id=66 https://nvd.nist.gov/vuln/detail/CVE-2017-7186 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ multilib/lib-base/pcre-lib_i686 upgraded from 8.39 to 8.41 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-66 [CVE-2017-7186] (http://security.cucumberlinux.com/security/details.php?id=66) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure pcre is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
2 messages has been excluded from this view by a project administrator.
