Thread: [Cucumber-linux-security] linux (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security
|
From: Z5T1 <z5...@z5...> - 2017-06-27 20:12:31
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Tue Jun 27 15:22:32 EDT 2017 base/linux upgraded from 4.9.30 to 4.9.34 to fix a couple of stack smashing related security vulnerabilities. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt kernel/linux source upgraded from 4.9.30 to 4.9.34 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/base/linux-4.9.34-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/base/linux-4.9.34-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.34-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-02 16:45:30
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0.rc Here are the details from the Cucumber 1.0.rc changelog: +----------------+ Sun Jul 2 09:35:41 EDT 2017 base/linux upgraded from 4.9.34 to 4.9.35 to fix a couple of security vulnerabilities: CVE-2017-7482, a buffer overflow attack and CVE-2017-1000365, a stack overflow attack which, when leveraged properly in setuid binaries could result in arbitrary code execution as root. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35 https://nvd.nist.gov/vuln/detail/CVE-2017-7482 https://nvd.nist.gov/vuln/detail/CVE-2017-1000365 kernel/linux-source upgraded from 4.9.34 to 4.9.35 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.rc i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-i686/base/linux-4.9.35-i686-1.txz Cucumber 1.0.rc x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.rc/cucumber-x86_64/base/linux-4.9.35-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.35-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-07-22 03:43:33
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Jul 21 15:10:54 EDT 2017 base/linux upgraded from 4.9.35 to 4.9.39 to fix a few security issues: the "stack clash" vulnerability (CVE-2017-1000370 and CVE-2017-1000371) which required additional patching after the first two attempts to fix it and CVE-2016-6213 which allowed an unprivileged local user to perform a denial of service via memory consumption from the mount system calls. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39 https://nvd.nist.gov/vuln/detail/CVE-2016-6213 https://nvd.nist.gov/vuln/detail/CVE-2017-1000370 https://nvd.nist.gov/vuln/detail/CVE-2017-1000371 kernel/linux-source upgraded from 4.9.45 to 4.9.49 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.39-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.39-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.39-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-13 21:57:14
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Aug 13 15:58:25 EDT 2017 base/linux upgraded from 4.9.39 to 4.9.43 to fix CVE-2017-10663, a vulnerability with the F2FS (Flash Friendly File System) implementation in the Linux kernel that could result in arbitrary code execution in the kernel space. This vulnerability was exploitable when mounting a maliciously crafted device or disk image. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.42 http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/ https://nvd.nist.gov/vuln/CVE-2017-10663 kernel/linux-source upgraded from 4.9.39 to 4.9.43 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.43-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.43-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # installpkg linux-4.9.43-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-07 22:14:26
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 7 17:40:19 EDT 2017 base/linux upgraded from 4.9.43 to 4.9.48 to fix CVE-2017-11600 (CLD-12) and CVE-2017-14140 (CLD-7). CVE-2017-11600 allowed for a local user to cause a kernel panic via the xfrm subsection of the Linux kernel's IPSec implementation, while CVE-2017-14140 allowed a local, unprivileged user to defeat the ASLR of SUID executables. kernel/linux-source upgraded from 4.9.43 to 4.9.48 to reflect the new kernel version. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD Information This update is associated with the following Cucumber Linux Deficiency (CLD) numbers: * CLD-7 (http://security.cucumberlinux.com/security/details.php?id=7) * CLD-12 (http://security.cucumberlinux.com/security/details.php?id=12) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.48-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.48-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg linux-4.9.48-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-14 02:11:19
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 13 21:39:31 EDT 2017 base/linux upgraded from 4.9.48 to 4.9.50 to fix the "Blueborne" vulnerability (CVE-2017-1000251). This vulnerability allowed an attacker physically within bluetooth range of a device to cause a denial of service and possibly execute arbitrary code (note that the code execution vector is mitigated by stack hardening in the Linux kernel). For more information see: http://security.cucumberlinux.com/security/details.php?id=17 https://nvd.nist.gov/vuln/detail/CVE-2017-1000251 https://www.armis.com/blueborne/ https://access.redhat.com/blogs/product-security/posts/blueborne * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-17 [CVE-2017-1000251] (http://security.cucumberlinux.com/security/details.php?id=17) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/linux-4.9.50-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/linux-4.9.50-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # installpkg linux-4.9.50-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-20 17:48:54
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Sep 20 12:41:27 EDT 2017 base/linux upgraded from 4.9.50 to 4.9.51 to fix CVE-2017-14497 and CVE-2017-7558. CVE-2017-14497 possible allowed for a local user to cause a denial of service via the tpacket_rcv function in net/packet/af_packet.c. CVE-2017-7558 was a buffer overflow vulnerability in the sockaddr implementation of the kernel that allowed for up to 100 uninitialized bytes to leak into userspace. For more information see: http://security.cucumberlinux.com/security/details.php?id=25 http://security.cucumberlinux.com/security/details.php?id=40 https://nvd.nist.gov/vuln/detail/CVE-2017-14497 https://nvd.nist.gov/vuln/detail/CVE-2017-7558 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-25 [CVE-2017-14497] (http://security.cucumberlinux.com/security/details.php?id=25) * CLD-40 [CVE-2017-7558] (http://security.cucumberlinux.com/security/details.php?id=40) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-05 14:01:01
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Oct 5 09:26:21 EDT 2017 base/linux upgraded from 4.9.52 to 4.9.53 to fix a few security issues: CVE-2017-12154, CVE-2017-1000252 and CVE-2017-12153. For more information see: http://security.cucumberlinux.com/security/details.php?id=46 https://nvd.nist.gov/vuln/detail/CVE-2017-12154 http://security.cucumberlinux.com/security/details.php?id=49 https://nvd.nist.gov/vuln/detail/CVE-2017-1000252 http://security.cucumberlinux.com/security/details.php?id=42 https://nvd.nist.gov/vuln/detail/CVE-2017-12153 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-42 [CVE-2017-12153] (http://security.cucumberlinux.com/security/details.php?id=42) * CLD-46 [CVE-2017-12154] (http://security.cucumberlinux.com/security/details.php?id=46) * CLD-49 [CVE-2017-1000252] (http://security.cucumberlinux.com/security/details.php?id=49) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-08 19:32:18
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Sun Oct 8 13:05:09 EDT 2017 base/linux upgraded from 4.9.53 to 4.9.54. This most likely contains security fixes, but the kernel developers never really make that clear. We'll upgrade to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=69 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-69 [NULL] (http://security.cucumberlinux.com/security/details.php?id=69) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-14 13:06:27
Attachments:
signature.asc
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.1 Alpha changelog:
+----------------+
Sat Oct 14 08:33:53 EDT 2017
base/linux upgraded from 4.9.54 to 4.9.56 to fix CVE-2017-7518, CVE-2017-0786,
CVE-2017-1000255 and probably some other vulnerabilities
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-44 [CVE-2017-7518]
(http://security.cucumberlinux.com/security/details.php?id=44)
* CLD-76 [CVE-2017-0786]
(http://security.cucumberlinux.com/security/details.php?id=76)
* CLD-77 [CVE-2017-1000255]
(http://security.cucumberlinux.com/security/details.php?id=77)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Z5T1 <z5...@z5...> - 2017-10-19 01:02:39
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Oct 18 19:39:59 EDT 2017 base/linux upgraded from 4.9.56 to 4.9.57 to fix CVE-2017-12188, CVE-2017-15265 and probably some other vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-94 [CVE-2017-12188] (http://security.cucumberlinux.com/security/details.php?id=94) * CLD-95 [CVE-2017-15265] (http://security.cucumberlinux.com/security/details.php?id=95) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-02 17:25:57
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Nov 2 12:53:32 EDT 2017 base/linux upgraded from 4.9.59 to 4.9.60 to fix CVE-2017-12193, a vulnerability that could be used to trigger a NULL pointer dereference and a kernel panic. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12193 http://security.cucumberlinux.com/security/details.php?id=122 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-122 [CVE-2017-12193] (http://security.cucumberlinux.com/security/details.php?id=122) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-12 18:31:45
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.1 Alpha Here are the details from the Cucumber 1.1 Alpha changelog: +----------------+ Sun Nov 12 12:45:51 EST 2017 base/linux upgraded from 4.9.58 to 4.9.61. This fixes CVE-2017-.2193, a vulnerability that could be used to trigger a NULL pointer dereference and a kernel panic. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12193 http://security.cucumberlinux.com/security/details.php?id=122 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 kernel/linux-source upgraded from 4.9.58 to 4.9.61 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-122 [CVE-2017-12193] (http://security.cucumberlinux.com/security/details.php?id=122) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-19 16:41:19
Attachments:
signature.asc
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Alpha
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Nov 18 12:47:51 EST 2017
base/linux upgraded from 4.9.62 to 4.9.63. 4.9.63 allegedly does a better job of
preventing the Krack WPA attacks (as described at
https://www.krackattacks.com/). Specifically, it does a better job of
addressing CVE-2017-13080. For more infromation see:
http://security.cucumberlinux.com/security/details.php?id=81
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
kernel/linux-source upgraded from 4.9.62 to 4.9.63
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-81 [CVE-2017-13077]
(http://security.cucumberlinux.com/security/details.php?id=81)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <z5...@z5...> - 2017-12-14 21:19:52
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 14 15:19:14 EST 2017 base/linux upgraded from 4.9.68 to 4.9.69 to fix two security vulnerabilities: CVE-2017-1000407 and CVE-2017-0861. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000407 http://security.cucumberlinux.com/security/details.php?id=178 https://nvd.nist.gov/vuln/detail/CVE-2017-0861 http://security.cucumberlinux.com/security/details.php?id=179 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69 kernel/linux-source upgraded from 4.9.68 to 4.9.69 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-178 [CVE-2017-1000407] (http://security.cucumberlinux.com/security/details.php?id=178) * CLD-179 [CVE-2017-0861] (http://security.cucumberlinux.com/security/details.php?id=179) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-25 20:10:14
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Dec 25 14:16:11 EST 2017 base/linux upgraded from 4.9.71 to 4.9.72 to fix CVE-2017-16995, a security vulnerability that allows local users to cause a system wide denial of service via memory consumption and possibly has other unspecified impacts. For more information see: http://security.cucumberlinux.com/security/details.php?id=191 https://nvd.nist.gov/vuln/detail/CVE-2017-16995 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72 kernel/linux-source upgraded from 4.9.71 to 4.9.72 Merry Christmas! * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-191 [CVE-2017-16995] (http://security.cucumberlinux.com/security/details.php?id=191) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-01-06 15:50:42
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Jan 5 21:28:05 EST 2018 base/linux upgraded from 4.9.74 to 4.9.75 to fix the Meltdown security vulnerability (CVE-2017-5754), a hardware vulnerability affecting almost all Intel processors made after 1995 that allows for any process to access the memory of any other process or the kernel. For more information see: http://security.cucumberlinux.com/security/details.php?id=200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://meltdownattack.com/ https://www.youtube.com/watch?v=I5mRwzVvFGE * SECURITY FIX * +----------------+ WARNING: THIS UPDATE IS KNOWN TO BREAK CERTAIN SYSTEMS Due to the fact this this update makes a larger change to the Linux kernel than most other kernel updates, this update has greater than usual chance of breaking your system. This kernel update is known to cause issues in the following environments: * Running inside an x86_64 KVM virtual machine on a RedHat/Centos 6 hypervisor. If you experience issues with this kernel in a specific setup, reboot and use your fallback kernel to until the issue can be resolved. If you experience an issue with a setup that is not listed above, please send an email to sc...@cu... detailing your setup to we can add it to this list. We apologize for this inconvenience; however, there is little anyone can do about it since this vulnerability is extremely severe and requires a massive change to the kernel to mitigate. This Analysis is Still Ongoing Updates to our analysis can be found at http://security.cucumberlinux.com/security/details.php?id=200. ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-200 [CVE-2017-5754] (http://security.cucumberlinux.com/security/details.php?id=200) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-01-11 02:31:03
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jan 10 17:24:03 EST 2018 base/linux upgraded from 4.9.75 to 4.9.76 to further address the Meltdown vulnerability (CVE-2017-5754) by refining the kaiser implementation. This also includes other various bug and security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76 http://security.cucumberlinux.com/security/details.php?id=200 http://security.cucumberlinux.com/security/details.php?id=222 kernel/linux-source upgraded from 4.9.75 to 4.9.76 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-222 (http://security.cucumberlinux.com/security/details.php?id=222) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-01-18 17:17:44
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Jan 18 11:19:40 EST 2018 base/linux upgraded from 4.9.76 to 4.9.77 to mitigate against the Spectre attacks (CVE-2017-5753 and CVE-2017-5715). Additionally, it contains fixes for two other vulnerabilities: CVE-2017-17741 and CVE-2017-1000410. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77 https://meltdownattack.com/ http://security.cucumberlinux.com/security/details.php?id=201 http://security.cucumberlinux.com/security/details.php?id=202 http://security.cucumberlinux.com/security/details.php?id=233 http://security.cucumberlinux.com/security/details.php?id=234 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (http://security.cucumberlinux.com/security/details.php?id=201) * CLD-202 [CVE-2017-5715] (http://security.cucumberlinux.com/security/details.php?id=202) * CLD-233 [CVE-2017-17741] (http://security.cucumberlinux.com/security/details.php?id=233) * CLD-234 [CVE-2017-1000410] (http://security.cucumberlinux.com/security/details.php?id=234) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-02 00:43:41
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Feb 1 16:33:19 EST 2018 base/linux upgraded from 4.9.78 to 4.9.79 to further address the Spectre 2 attack (CVE-2017-5715). This update enables the new BPF_JIT_ALWAYS_ON feature of the Linux kernel, which removes the kernel's BPF interpreter. This interpreter was used in the Spectre 2 attack that Google published. It should be noted that this change does not completely prevent this attack, it just makes it more difficult to exploit. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79 http://security.cucumberlinux.com/security/details.php?id=202 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-202 [CVE-2017-5715] (http://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2018-02-16 01:44:08
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Feb 13 19:26:23 EST 2018 base/linux upgraded from 4.9.80 to 4.9.81 to further mitigate against both variants of the Spectre vulnerability. For more information see: https://spectreattack.com/ http://security.cucumberlinux.com/security/details.php?id=201 http://security.cucumberlinux.com/security/details.php?id=202 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81 kernel/linux-source upgraded from 4.9.80 to 4.9.81 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-201 [CVE-2017-5753] (http://security.cucumberlinux.com/security/details.php?id=201) * CLD-202 [CVE-2017-5715] (http://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-02-20 01:00:02
Attachments:
signature.asc
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Beta
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Feb 17 16:42:27 EST 2018
base/linux upgraded from 4.9.81 to 4.9.82 to fix CVE-2017-8824, a security
vulnerability that could result in privilege escalation or a denial of
service. For more information see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
http://security.cucumberlinux.com/security/details.php?id=300
kernel/linux-source upgraded from 4.9.81 to 4.9.82
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-300 [CVE-2017-8824]
(http://security.cucumberlinux.com/security/details.php?id=300)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-02-18 00:41:21
Attachments:
signature.asc
|
Update Information
A security update is available for linux for the following versions of
Cucumber Linux:
* 1.0
* 1.1 Beta
Here are the details from the Cucumber 1.0 changelog:
+----------------+
Sat Feb 17 16:42:27 EST 2018
base/linux upgraded from 4.9.81 to 4.9.82 to fix CVE-2017-8824, a security
vulnerability that could result in privilege escalation or a denial of
service. For more information see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
http://security.cucumberlinux.com/security/details.php?id=300
kernel/linux-source upgraded from 4.9.81 to 4.9.82
* SECURITY FIX *
+----------------+
------------------------------------------------------------------------
CLD and CVE Information
This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:
* CLD-300 [CVE-2017-8824]
(http://security.cucumberlinux.com/security/details.php?id=300)
More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).
------------------------------------------------------------------------
Installing the Update
The updated package can be installed via Pickle by running the following
commands (as root):
# pickle --update
# pickle
Make sure linux is selected on the update list, and then select Ok.
Pickle will then install the updated package.
If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.
------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php
|
|
From: Scott C. <sc...@cu...> - 2018-03-19 19:31:31
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Mon Mar 19 14:50:51 EDT 2018 base/linux upgraded from 4.9.87 to 4.9.88. This update incorporates a couple of upstream security improvements: it improves the fix for CVE-2018-1000004 and further mitigate against the Spectre family of vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88 http://security.cucumberlinux.com/security/details.php?id=331 kernel/linux-source upgraded from 4.9.87 to 4.9.88 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-331 [NULL] (http://security.cucumberlinux.com/security/details.php?id=331) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-04-20 22:18:37
Attachments:
signature.asc
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Apr 20 16:23:09 EDT 2018 base/linux upgraded from 4.9.94 to 4.9.95 to further mitigate against variant 2 of the Spectre vulnerability (CVE-2017-5715). For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95 kernel/linux-source upgraded from 4.9.94 to 4.9.95 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-202 [CVE-2017-5715] (https://security.cucumberlinux.com/security/details.php?id=202) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X