-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:11.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL SSLv2 ciphersuite downgrade vulnerability
Category: contrib
Module: openssl
Announced: 2016-01-30
Affects: All supported versions of FreeBSD.
Corrected: 2016-01-28 21:42:10 UTC (stable/10, 10.2-STABLE)
2016-01-30 06:12:03 UTC (releng/10.2, 10.2-RELEASE-p12)
2016-01-30 06:12:03 UTC (releng/10.1, 10.1-RELEASE-p29)
2016-01-30 06:09:38 UTC (stable/9, 9.3-STABLE)
2016-01-30 06:12:03 UTC (releng/9.3, 9.3-RELEASE-p36)
CVE Name: CVE-2015-3197
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
III. Impact
An active MITM attacker may be able to force a protocol downgrade to SSLv2,
which is a flawed protocol and intercept the communication between client
and server.
IV. Workaround
No workaround is available, but only applications that do not explicitly
disable SSLv2 are affected.
To determine if a server have SSLv2 enabled, a system administrator can
use the following command:
% openssl s_client -ssl2 -connect <host>:<port> </dev/null 2>&1 | grep DONE
which will print "DONE" if and only if SSLv2 is enabled. Note that this
check will not work for services that uses STARTTLS or DTLS.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Restart all deamons using the library, or reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.2]
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.2.patch
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.2.patch.asc
# gpg --verify openssl-10.2.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.1.patch
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.1.patch.asc
# gpg --verify openssl-10.1.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-9.3.patch
# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r295060
releng/9.3/ r295061
stable/10/ r295016
releng/10.1/ r295061
releng/10.2/ r295061
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.openssl.org/news/secadv/20160128.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWrFhQAAoJEO1n7NZdz2rnzcwQAJJQvYkvHuVHHBHCuV576ceJ
39Ry8ooGsNquyThUndbDYOV+Vhpj62XEnI+PXUgZPKENglnf+rRu0CWfCs1SqFQE
EGOSsiXmBFyvJ8AMoQfiBdCoNRCBafqhY637IG8FU7WSpg8vYJO3bGCLmsgVbeoz
V2kHmUtGUNSgksvOjo2O6ezc6rYc5jPrpB11mUZ8xFoBE9YhLNRpfttCajKAYy+9
t7S3tuGnleWWmnLdFj0jNJXjg38h9gG18L4kr+z/mFFWKYmFNdKuoXlpseMFD7pb
LP7RipHDh0WQqtVOQtyu0x6BuijiuIlByadcHZO1MfDNXnu1UR5OEESs0EYElh8O
6mR/i3MZ1m9DoIoRcR1eCNQN2NiWV4tVCflSTi2pUl3TTCBpYn+THMi17c4IzTNA
kaMR7AUeXgJVAntfmAx4mdqdjTam2EfCNRoMS3WdfVCD8cZQDewxFmEY2FbHUzix
WUBVTUzx2BTUQO7PKJ6UdEiojetJ+OmwlaAb8WfGQTypANKUfMcyXzfmtmM4dgJg
NjNIUxA9T3unmWUg5nh7CACJVWcykyM1ORLqFTrrxAlIz3d1gPI2kqGiMGtEMbzI
A42xSFfHVvUJ6MzXe98Sf6cDWs98qQBTLDxHo5COpq6zV4AFDqlvdyzcJ/SQTAfq
tsPAVgWspt40dxnRQfku
=DN5y
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Saturday, January 30, 2016
Friday, January 29, 2016
Re: LibreSSL 2.3.2, 2.2.6, and 2.1.10 released
On Thu, Jan 28, 2016 at 4:33 PM, Brent Cook <busterb@gmail.com> wrote:
> We have released a number of LibreSSL updates, which will be arriving in
> the LibreSSL directory of your local OpenBSD mirror soon.
>
> LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
> the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
> Thanks to Antonio Sanso for the report.
Some people have noted a lack of a CVE number here.. Antoino Sanso was
a super guy and reported this problem to us directly. At his request,
we delayed release of the fix until OpenSSL released their stuff.
The actual high severity problem in OpenSSL is not present in
LibreSSL, Nor was the CVE in question assigned to LibreSSL. - So no
CVE.
We are very happy to fix problems and make a better Codebase. However
I at least will express my doubts about the benefits of the CVE system
to the community - When the CVE is not assigned to LibreSSL, We
receive no notification of it, while the project it is assigned to
gets advance notification and controls the release timing. As such
without the CVE being
assigned to LibreSSL, and us getting a say in the timing of the
release of the information and when to roll releases, I do
not see a benefit to us or the community of our promoting someone
else's invoice numbers, when we don't get a say in when stuff is
released.
>
> LibreSSL 2.3.2, a snapshot release, contains the latest developments
> from the OpenBSD 5.9 branch. It also contains ABI/API changes, which
> will stabilize once OpenBSD 5.9 is completed. At that time, LibreSSL
> 2.3.x and 2.2.x will become the stable release branches, and we will
> drop support for the 2.1.x branch.
>
> LibreSSL 2.3.2 also has the following notable changes:
>
> * Changed format of LIBRESSL_VERSION_NUMBER to match that of
> OPENSSL_VERSION_NUMBER, see:
> https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
>
> * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
> construction introduced in RFC 7539, which is different than that
> already used in TLS with EVP_aead_chacha20_poly1305()
>
> * Avoid a potential undefined C99+ behavior due to shift overflow in
> AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
>
> * More man pages converted from pod to mdoc format
>
> * Added COMODO RSA Certification Authority and QuoVadis
> root certificates to cert.pem
>
> * Removed Remhve "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
> Certification Authority"
> (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
> root certificate from cert.pem
>
> * Added support for building nc(1) on Solaris
>
> * Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
>
> * Improved console handling with openssl(1) on Windows
>
> * Ensure the network stack is enabled on Windows when running
> tls_init()
>
> * Fixed incorrect TLS certificate loading by nc(1)
>
> * Added support for Solaris 11.3's getentropy(2) system call
>
> * Enabled support for using NetBSD 7.0's arc4random(3) implementation
>
> * Deprecated the SSL_OP_SINGLE_DH_USE flag, thanks to Antonio Sanso.
>
> * Fixes from OpenSSL 1.0.1q (already in earlier LibreSSL stable releases)
> - CVE-2015-3194 - NULL pointer dereference in client side certificate
> validation.
> - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
>
> * The following OpenSSL CVEs did not apply to LibreSSL
> - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
> squaring procedure.
> - CVE-2015-3196 - Double free race condition of the identify hint
> data.
>
> See https://marc.info/?l=openbsd-announce&m=144925068504102
>
> The LibreSSL project continues improvement of the codebase to reflect modern,
> safe programming practices. We welcome feedback and improvements from the
> broader community. Thanks to all of the contributors who helped make this
> release possible.
> We have released a number of LibreSSL updates, which will be arriving in
> the LibreSSL directory of your local OpenBSD mirror soon.
>
> LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
> the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
> Thanks to Antonio Sanso for the report.
Some people have noted a lack of a CVE number here.. Antoino Sanso was
a super guy and reported this problem to us directly. At his request,
we delayed release of the fix until OpenSSL released their stuff.
The actual high severity problem in OpenSSL is not present in
LibreSSL, Nor was the CVE in question assigned to LibreSSL. - So no
CVE.
We are very happy to fix problems and make a better Codebase. However
I at least will express my doubts about the benefits of the CVE system
to the community - When the CVE is not assigned to LibreSSL, We
receive no notification of it, while the project it is assigned to
gets advance notification and controls the release timing. As such
without the CVE being
assigned to LibreSSL, and us getting a say in the timing of the
release of the information and when to roll releases, I do
not see a benefit to us or the community of our promoting someone
else's invoice numbers, when we don't get a say in when stuff is
released.
>
> LibreSSL 2.3.2, a snapshot release, contains the latest developments
> from the OpenBSD 5.9 branch. It also contains ABI/API changes, which
> will stabilize once OpenBSD 5.9 is completed. At that time, LibreSSL
> 2.3.x and 2.2.x will become the stable release branches, and we will
> drop support for the 2.1.x branch.
>
> LibreSSL 2.3.2 also has the following notable changes:
>
> * Changed format of LIBRESSL_VERSION_NUMBER to match that of
> OPENSSL_VERSION_NUMBER, see:
> https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
>
> * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
> construction introduced in RFC 7539, which is different than that
> already used in TLS with EVP_aead_chacha20_poly1305()
>
> * Avoid a potential undefined C99+ behavior due to shift overflow in
> AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
>
> * More man pages converted from pod to mdoc format
>
> * Added COMODO RSA Certification Authority and QuoVadis
> root certificates to cert.pem
>
> * Removed Remhve "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
> Certification Authority"
> (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
> root certificate from cert.pem
>
> * Added support for building nc(1) on Solaris
>
> * Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
>
> * Improved console handling with openssl(1) on Windows
>
> * Ensure the network stack is enabled on Windows when running
> tls_init()
>
> * Fixed incorrect TLS certificate loading by nc(1)
>
> * Added support for Solaris 11.3's getentropy(2) system call
>
> * Enabled support for using NetBSD 7.0's arc4random(3) implementation
>
> * Deprecated the SSL_OP_SINGLE_DH_USE flag, thanks to Antonio Sanso.
>
> * Fixes from OpenSSL 1.0.1q (already in earlier LibreSSL stable releases)
> - CVE-2015-3194 - NULL pointer dereference in client side certificate
> validation.
> - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
>
> * The following OpenSSL CVEs did not apply to LibreSSL
> - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
> squaring procedure.
> - CVE-2015-3196 - Double free race condition of the identify hint
> data.
>
> See https://marc.info/?l=openbsd-announce&m=144925068504102
>
> The LibreSSL project continues improvement of the codebase to reflect modern,
> safe programming practices. We welcome feedback and improvements from the
> broader community. Thanks to all of the contributors who helped make this
> release possible.
F24 System Wide Change: Mono 4.2
= Proposed System Wide Change: Mono 4.2 =
https://fedoraproject.org/wiki/Changes/Mono4.2
https://fedoraproject.org/wiki/Changes/Mono4.2
Change owner(s):
* Claudio Rodrigo Pereyra Diaz <elsupergomez AT fedoraproject DOT org>
Update the Mono stack in Fedora to 4.2 aca Cyle 6
== Detailed Description ==
Mono 4.2 is the last release of Cycle 6 from Xamarin. See more details
at Mono 4.2.1: http://www.mono-project.com/docs/about-mono/releases/4.2.1/
== Scope ==
Proposal owners:
* Mono 4.2 is in rawhide now. Most of the application must work fine
with this update. See [1]
Other developers:
* Need check proper build on alternative platforms like ppc64 and s390
Release engineering: N/A
List of deliverables: N/A
Policies and guidelines: N/A
Trademark approval: N/A
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Thursday, January 28, 2016
LibreSSL 2.3.2, 2.2.6, and 2.1.10 released
We have released a number of LibreSSL updates, which will be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
Thanks to Antonio Sanso for the report.
LibreSSL 2.3.2, a snapshot release, contains the latest developments
from the OpenBSD 5.9 branch. It also contains ABI/API changes, which
will stabilize once OpenBSD 5.9 is completed. At that time, LibreSSL
2.3.x and 2.2.x will become the stable release branches, and we will
drop support for the 2.1.x branch.
LibreSSL 2.3.2 also has the following notable changes:
* Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER, see:
https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
* Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
* More man pages converted from pod to mdoc format
* Added COMODO RSA Certification Authority and QuoVadis
root certificates to cert.pem
* Removed Remhve "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority"
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
root certificate from cert.pem
* Added support for building nc(1) on Solaris
* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
* Improved console handling with openssl(1) on Windows
* Ensure the network stack is enabled on Windows when running
tls_init()
* Fixed incorrect TLS certificate loading by nc(1)
* Added support for Solaris 11.3's getentropy(2) system call
* Enabled support for using NetBSD 7.0's arc4random(3) implementation
* Deprecated the SSL_OP_SINGLE_DH_USE flag, thanks to Antonio Sanso.
* Fixes from OpenSSL 1.0.1q (already in earlier LibreSSL stable releases)
- CVE-2015-3194 - NULL pointer dereference in client side certificate
validation.
- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* The following OpenSSL CVEs did not apply to LibreSSL
- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
squaring procedure.
- CVE-2015-3196 - Double free race condition of the identify hint
data.
See https://marc.info/?l=openbsd-announce&m=144925068504102
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
the LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
Thanks to Antonio Sanso for the report.
LibreSSL 2.3.2, a snapshot release, contains the latest developments
from the OpenBSD 5.9 branch. It also contains ABI/API changes, which
will stabilize once OpenBSD 5.9 is completed. At that time, LibreSSL
2.3.x and 2.2.x will become the stable release branches, and we will
drop support for the 2.1.x branch.
LibreSSL 2.3.2 also has the following notable changes:
* Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER, see:
https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
* Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
* More man pages converted from pod to mdoc format
* Added COMODO RSA Certification Authority and QuoVadis
root certificates to cert.pem
* Removed Remhve "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority"
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
root certificate from cert.pem
* Added support for building nc(1) on Solaris
* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
* Improved console handling with openssl(1) on Windows
* Ensure the network stack is enabled on Windows when running
tls_init()
* Fixed incorrect TLS certificate loading by nc(1)
* Added support for Solaris 11.3's getentropy(2) system call
* Enabled support for using NetBSD 7.0's arc4random(3) implementation
* Deprecated the SSL_OP_SINGLE_DH_USE flag, thanks to Antonio Sanso.
* Fixes from OpenSSL 1.0.1q (already in earlier LibreSSL stable releases)
- CVE-2015-3194 - NULL pointer dereference in client side certificate
validation.
- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* The following OpenSSL CVEs did not apply to LibreSSL
- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
squaring procedure.
- CVE-2015-3196 - Double free race condition of the identify hint
data.
See https://marc.info/?l=openbsd-announce&m=144925068504102
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
[USN-2883-1] OpenSSL vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWqjjnAAoJEGVp2FWnRL6T1e8P/AtgUcX4hvZd/l6LBqAivRbs
443nj11fndun0pPtQ6aaYh0zBSgep+hw/P0Uth02cvW8ioKBz2s2XgNxeSa/IuWO
/XmNWTxonmmCw22snZK8Rvpg5lCbnuD/dUjhNrJFcd9v7+6aUMuEVa0m8mXY0k66
DD7Cpjt1vlEmx0w8miKRiHz1R4xmtqTrbUzYQeNRoTbyOSUbFUks6dv83lITdWRq
tR7+fVZTHTSRGDzLJLm83tx+4sc+697hwn2n127fG1nuX38cf5NPtZW1fTWsLCAe
X2LD27j6wUnt30Pd2FpTYDQI4H/Dt62uKtZZbnUDFYyO9N71I+Xdd3zNF1pm3nwA
dyJX4WSNRmJhMgemcYmxdF2Syn8Ju6dYKGabiD6yFlflTRQB4ajpnGdiBItGo3xJ
fUsM9Zi0kaM+tfokjLPFu7TIIsve0wgwwmZyZljpNJt931RvNFhFaEJrs+GNXDT7
6VR1HqTXlLNbBiYJr5x5CH8/LripSTs8OJtkTZQAQSOlbbXYcH/3VDg5ECLmRLEs
JxEIjp5FLNjI8KyLVGeLaijH+vCAO7MHnOGPlCx3zAESIzeSf6/o6egBIkCaB+wM
1HauYPFZGNnVmbS1xVghIpiUDn1735BMTN4QqOQnHegsnqxvu8jGsS4A5Whcni8Y
K1t+bgfveTBm6hGUnUX2
=MSwC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2883-1
January 28, 2016
openssl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
OpenSSL could be made to expose sensitive information over the network.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Antonio Sanso discovered that OpenSSL reused the same private DH exponent
for the life of a server process when configured with a X9.42 style
parameter file. This could allow a remote attacker to possibly discover the
server's private DH exponent when being used with non-safe primes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libssl1.0.0 1.0.2d-0ubuntu1.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2883-1
CVE-2016-0701
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.3
Version: GnuPG v2
iQIcBAEBCgAGBQJWqjjnAAoJEGVp2FWnRL6T1e8P/AtgUcX4hvZd/l6LBqAivRbs
443nj11fndun0pPtQ6aaYh0zBSgep+hw/P0Uth02cvW8ioKBz2s2XgNxeSa/IuWO
/XmNWTxonmmCw22snZK8Rvpg5lCbnuD/dUjhNrJFcd9v7+6aUMuEVa0m8mXY0k66
DD7Cpjt1vlEmx0w8miKRiHz1R4xmtqTrbUzYQeNRoTbyOSUbFUks6dv83lITdWRq
tR7+fVZTHTSRGDzLJLm83tx+4sc+697hwn2n127fG1nuX38cf5NPtZW1fTWsLCAe
X2LD27j6wUnt30Pd2FpTYDQI4H/Dt62uKtZZbnUDFYyO9N71I+Xdd3zNF1pm3nwA
dyJX4WSNRmJhMgemcYmxdF2Syn8Ju6dYKGabiD6yFlflTRQB4ajpnGdiBItGo3xJ
fUsM9Zi0kaM+tfokjLPFu7TIIsve0wgwwmZyZljpNJt931RvNFhFaEJrs+GNXDT7
6VR1HqTXlLNbBiYJr5x5CH8/LripSTs8OJtkTZQAQSOlbbXYcH/3VDg5ECLmRLEs
JxEIjp5FLNjI8KyLVGeLaijH+vCAO7MHnOGPlCx3zAESIzeSf6/o6egBIkCaB+wM
1HauYPFZGNnVmbS1xVghIpiUDn1735BMTN4QqOQnHegsnqxvu8jGsS4A5Whcni8Y
K1t+bgfveTBm6hGUnUX2
=MSwC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2883-1
January 28, 2016
openssl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
OpenSSL could be made to expose sensitive information over the network.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Antonio Sanso discovered that OpenSSL reused the same private DH exponent
for the life of a server process when configured with a X9.42 style
parameter file. This could allow a remote attacker to possibly discover the
server's private DH exponent when being used with non-safe primes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libssl1.0.0 1.0.2d-0ubuntu1.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2883-1
CVE-2016-0701
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.3
Wednesday, January 27, 2016
[USN-2882-1] curl vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWqRtbAAoJEGVp2FWnRL6TRSEP/2/WaaLSmyMuv7mccBLSAvBp
jtoPT+6QUVxfeSSOv98ySLG/Q4h52lgPGPDozj61nmZ7OBNPFPBfH+lbZgX3rxgu
v+cakwY2kqwlXwDCo6CVLO7LN2EMH6gGtoQBfFHTsV3T/Qp9VobX//wfBLW4vLaE
313uKL7s0mXGcW3z0iEeYW9Q1HxmVtx0BWWVtnOZ++YLc9yeVLBvyTT4AiPfmn5n
OI71/0rF/Y71u8P+dbxh8e+mMm0Cg3JHAUy0vl9z3p90S5pdYlyWeNGat5uw8Vmv
8qI8DORsHhEqkIfKJJpWJZhS58vKySdi3A5Db5j/JwbNyg61hWCBmfv1vhwa2ANZ
l9v9LWCAEAxm674vMgJsfebMbjzsZqOomhCmUwdvFjN8jC2WdgCJamldw7p3QHQa
xi/4YYO966Ae+3jRT/tND8PtcB8eRGIGyv8M7HHkLxxfpjhXmxvnZLcIiOgl/U8x
idiMKuR3wd2RXZis+jowZJ0m6igSfvwUd1NMBm4p7UOqoVBHsAIbHU93gK6rWz+z
lAcQIE9NNvOgnetcK/51ocbfxnKj7bEBdyYvCzLhZnRpdyPon0UMP/hvtN0iXH3o
DGB9QuxJbFfk83/n69ZjjXc35O2PI3yckj2Qq6+NziO3n0NHZZrIfOyqx9F0irH6
nTDP3do8dvvApQlgc6+U
=sMia
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2882-1
January 27, 2016
curl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
curl would incorrectly re-use credentials.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy
credentials when subsequently connecting to the same host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libcurl3 7.43.0-1ubuntu2.1
libcurl3-gnutls 7.43.0-1ubuntu2.1
libcurl3-nss 7.43.0-1ubuntu2.1
Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.3
libcurl3-gnutls 7.38.0-3ubuntu2.3
libcurl3-nss 7.38.0-3ubuntu2.3
Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.6
libcurl3-gnutls 7.35.0-1ubuntu2.6
libcurl3-nss 7.35.0-1ubuntu2.6
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.15
libcurl3-gnutls 7.22.0-3ubuntu4.15
libcurl3-nss 7.22.0-3ubuntu4.15
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2882-1
CVE-2016-0755
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.43.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.3
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.6
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.15
Version: GnuPG v2
iQIcBAEBCgAGBQJWqRtbAAoJEGVp2FWnRL6TRSEP/2/WaaLSmyMuv7mccBLSAvBp
jtoPT+6QUVxfeSSOv98ySLG/Q4h52lgPGPDozj61nmZ7OBNPFPBfH+lbZgX3rxgu
v+cakwY2kqwlXwDCo6CVLO7LN2EMH6gGtoQBfFHTsV3T/Qp9VobX//wfBLW4vLaE
313uKL7s0mXGcW3z0iEeYW9Q1HxmVtx0BWWVtnOZ++YLc9yeVLBvyTT4AiPfmn5n
OI71/0rF/Y71u8P+dbxh8e+mMm0Cg3JHAUy0vl9z3p90S5pdYlyWeNGat5uw8Vmv
8qI8DORsHhEqkIfKJJpWJZhS58vKySdi3A5Db5j/JwbNyg61hWCBmfv1vhwa2ANZ
l9v9LWCAEAxm674vMgJsfebMbjzsZqOomhCmUwdvFjN8jC2WdgCJamldw7p3QHQa
xi/4YYO966Ae+3jRT/tND8PtcB8eRGIGyv8M7HHkLxxfpjhXmxvnZLcIiOgl/U8x
idiMKuR3wd2RXZis+jowZJ0m6igSfvwUd1NMBm4p7UOqoVBHsAIbHU93gK6rWz+z
lAcQIE9NNvOgnetcK/51ocbfxnKj7bEBdyYvCzLhZnRpdyPon0UMP/hvtN0iXH3o
DGB9QuxJbFfk83/n69ZjjXc35O2PI3yckj2Qq6+NziO3n0NHZZrIfOyqx9F0irH6
nTDP3do8dvvApQlgc6+U
=sMia
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2882-1
January 27, 2016
curl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
curl would incorrectly re-use credentials.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy
credentials when subsequently connecting to the same host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libcurl3 7.43.0-1ubuntu2.1
libcurl3-gnutls 7.43.0-1ubuntu2.1
libcurl3-nss 7.43.0-1ubuntu2.1
Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.3
libcurl3-gnutls 7.38.0-3ubuntu2.3
libcurl3-nss 7.38.0-3ubuntu2.3
Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.6
libcurl3-gnutls 7.35.0-1ubuntu2.6
libcurl3-nss 7.35.0-1ubuntu2.6
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.15
libcurl3-gnutls 7.22.0-3ubuntu4.15
libcurl3-nss 7.22.0-3ubuntu4.15
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2882-1
CVE-2016-0755
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.43.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.3
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.6
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.15
[USN-2877-1] Oxide vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWqPALAAoJEGEfvezVlG4PafUH/R+UgF5C1gzDyuwUtt5FurlN
sJE0Wzm5JgNuHuGiLx6JW4LXZOjIpW6AQksf8f1UtKJQJG+U8N6mF+qSixxbHKYQ
nTt0toF8x3Zi4zz2fnZFjVmCQHwHQxhaM1FsbUFAuqRtrtSkUdinfh5lkxjFjMjA
WLXAQeu0wAd2spjZW1ntvGxcE/3wfFfZVjCMHpWeQzcHpcEQpR17Esow4ghPeFpX
YgwI+YbppYI9asc7PmMsRWsw22Mz6pDrRWYgT9wOa55NvTQ+GpjW0JGV4kINxWAX
SkVSljk5In7kkggYoWlwlj/6HKI1FDwdIMxUr7Mj4SLjhFlZyPoX9Tv/5n7Wh4g=
=LKTU
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2877-1
January 27, 2016
oxide-qt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
A bad cast was discovered in V8. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2016-1612)
An issue was discovered when initializing the UnacceleratedImageBufferSurface
class in Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2016-1614)
An issue was discovered with the CSP implementation in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to determine whether specific HSTS sites had been
visited by reading a CSP report. (CVE-2016-1617)
An issue was discovered with random number generator in Blink. An attacker
could potentially exploit this to defeat cryptographic protection
mechanisms. (CVE-2016-1618)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1620)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-2051)
Multiple security issues were discovered in Harfbuzz. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2016-2052)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
liboxideqtcore0 1.12.5-0ubuntu0.15.10.1
Ubuntu 15.04:
liboxideqtcore0 1.12.5-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.12.5-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2877-1
CVE-2016-1612, CVE-2016-1614, CVE-2016-1617, CVE-2016-1618,
CVE-2016-1620, CVE-2016-2051, CVE-2016-2052
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.14.04.1
Version: GnuPG v2
iQEcBAEBCAAGBQJWqPALAAoJEGEfvezVlG4PafUH/R+UgF5C1gzDyuwUtt5FurlN
sJE0Wzm5JgNuHuGiLx6JW4LXZOjIpW6AQksf8f1UtKJQJG+U8N6mF+qSixxbHKYQ
nTt0toF8x3Zi4zz2fnZFjVmCQHwHQxhaM1FsbUFAuqRtrtSkUdinfh5lkxjFjMjA
WLXAQeu0wAd2spjZW1ntvGxcE/3wfFfZVjCMHpWeQzcHpcEQpR17Esow4ghPeFpX
YgwI+YbppYI9asc7PmMsRWsw22Mz6pDrRWYgT9wOa55NvTQ+GpjW0JGV4kINxWAX
SkVSljk5In7kkggYoWlwlj/6HKI1FDwdIMxUr7Mj4SLjhFlZyPoX9Tv/5n7Wh4g=
=LKTU
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2877-1
January 27, 2016
oxide-qt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
A bad cast was discovered in V8. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2016-1612)
An issue was discovered when initializing the UnacceleratedImageBufferSurface
class in Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2016-1614)
An issue was discovered with the CSP implementation in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to determine whether specific HSTS sites had been
visited by reading a CSP report. (CVE-2016-1617)
An issue was discovered with random number generator in Blink. An attacker
could potentially exploit this to defeat cryptographic protection
mechanisms. (CVE-2016-1618)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1620)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-2051)
Multiple security issues were discovered in Harfbuzz. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2016-2052)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
liboxideqtcore0 1.12.5-0ubuntu0.15.10.1
Ubuntu 15.04:
liboxideqtcore0 1.12.5-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.12.5-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2877-1
CVE-2016-1612, CVE-2016-1614, CVE-2016-1617, CVE-2016-1618,
CVE-2016-1620, CVE-2016-2051, CVE-2016-2052
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.5-0ubuntu0.14.04.1
[USN-2880-1] Firefox vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWqOO8AAoJEGEfvezVlG4PZU0H/RVEbW2ns+7cDc8vflF5FCA9
nFr317pP+Fi1mO50W8KHrzh5VToh07Aq7XdkaaHvyHa1nZgf47Afx6WM8RFAp949
MUWl3utjvBmksL5HeynbaNhd1gvu+VIUSDT84Jivt4mqTDIosmigMwYodMS5Rzu0
GQHLZHSmg/8L2LNSzVS5/InQCaKgX+f4pRGFNdK+8H/OfvTXZAS4dYw4fiBoPd4G
IHLCqsIV/s1zakS4+6p3RkE1oWPSKrrwM4GBwxvVRUDDsXZ3IIjkLN4oTAlDt9FR
AOufxKxR7deWmxmxX8IGemJkAg8s2O3lsHDyFQhFiCn0yA+VhwSmhjPXDHynxaI=
=oDaM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2880-1
January 27, 2016
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,
Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith,
and Gabor Krizsanits discovered multiple memory safety issues in Firefox.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1930, CVE-2016-1931)
Gustavo Grieco discovered an out-of-memory crash when loading GIF images
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could exploit this to cause a denial of
service. (CVE-2016-1933)
Aki Helin discovered a buffer overflow when rendering WebGL content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1935)
It was discovered that a delay was missing when focusing the protocol
handler dialog. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
clickjacking attacks. (CVE-2016-1937)
Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS
produce incorrect results in some circumstances, resulting in
cryptographic weaknesses. (CVE-2016-1938)
Nicholas Hurley discovered that Firefox allows for control characters to
be set in cookie names. An attacker could potentially exploit this to
conduct cookie injection attacks on some web servers. (CVE-2016-1939)
It was discovered that when certain invalid URLs are pasted in to the
addressbar, the addressbar contents may be manipulated to show the
location of arbitrary websites. An attacker could potentially exploit this
to conduct URL spoofing attacks. (CVE-2016-1942)
Ronald Crane discovered three vulnerabilities through code inspection. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946)
François Marier discovered that Application Reputation lookups didn't
work correctly, disabling warnings for potentially malicious downloads. An
attacker could potentially exploit this by tricking a user in to
downloading a malicious file. Other parts of the Safe Browsing feature
were unaffected by this. (CVE-2016-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
firefox 44.0+build3-0ubuntu0.15.10.1
Ubuntu 15.04:
firefox 44.0+build3-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
firefox 44.0+build3-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 44.0+build3-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2880-1
CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935,
CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1942,
CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947
Package Information:
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.12.04.1
Version: GnuPG v2
iQEcBAEBCAAGBQJWqOO8AAoJEGEfvezVlG4PZU0H/RVEbW2ns+7cDc8vflF5FCA9
nFr317pP+Fi1mO50W8KHrzh5VToh07Aq7XdkaaHvyHa1nZgf47Afx6WM8RFAp949
MUWl3utjvBmksL5HeynbaNhd1gvu+VIUSDT84Jivt4mqTDIosmigMwYodMS5Rzu0
GQHLZHSmg/8L2LNSzVS5/InQCaKgX+f4pRGFNdK+8H/OfvTXZAS4dYw4fiBoPd4G
IHLCqsIV/s1zakS4+6p3RkE1oWPSKrrwM4GBwxvVRUDDsXZ3IIjkLN4oTAlDt9FR
AOufxKxR7deWmxmxX8IGemJkAg8s2O3lsHDyFQhFiCn0yA+VhwSmhjPXDHynxaI=
=oDaM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2880-1
January 27, 2016
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,
Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith,
and Gabor Krizsanits discovered multiple memory safety issues in Firefox.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1930, CVE-2016-1931)
Gustavo Grieco discovered an out-of-memory crash when loading GIF images
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could exploit this to cause a denial of
service. (CVE-2016-1933)
Aki Helin discovered a buffer overflow when rendering WebGL content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1935)
It was discovered that a delay was missing when focusing the protocol
handler dialog. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
clickjacking attacks. (CVE-2016-1937)
Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS
produce incorrect results in some circumstances, resulting in
cryptographic weaknesses. (CVE-2016-1938)
Nicholas Hurley discovered that Firefox allows for control characters to
be set in cookie names. An attacker could potentially exploit this to
conduct cookie injection attacks on some web servers. (CVE-2016-1939)
It was discovered that when certain invalid URLs are pasted in to the
addressbar, the addressbar contents may be manipulated to show the
location of arbitrary websites. An attacker could potentially exploit this
to conduct URL spoofing attacks. (CVE-2016-1942)
Ronald Crane discovered three vulnerabilities through code inspection. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946)
François Marier discovered that Application Reputation lookups didn't
work correctly, disabling warnings for potentially malicious downloads. An
attacker could potentially exploit this by tricking a user in to
downloading a malicious file. Other parts of the Safe Browsing feature
were unaffected by this. (CVE-2016-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
firefox 44.0+build3-0ubuntu0.15.10.1
Ubuntu 15.04:
firefox 44.0+build3-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
firefox 44.0+build3-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 44.0+build3-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2880-1
CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935,
CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1942,
CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947
Package Information:
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/44.0+build3-0ubuntu0.12.04.1
[CentOS-announce] CESA-2016:0073 Moderate CentOS 5 bind Security Update
CentOS Errata and Security Advisory 2016:0073 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ddbfbbe93f13b2ad52daa56c2d188fdbd27ec99f8c2bb47bae45795b294d0d11 bind-9.3.6-25.P1.el5_11.6.i386.rpm
25a9c6953ff01c7b5d0cae31c4d9f472501de99084a2462c12f98710791f93a1 bind-chroot-9.3.6-25.P1.el5_11.6.i386.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
517edaa050d9d1aac33caf9df8d7697be2257ac58a62ebc4347bdf2ced679a15 bind-sdb-9.3.6-25.P1.el5_11.6.i386.rpm
86df6e077ef4232cad3d00bcad67df95412628764b43cc0e20099cd6469fc283 bind-utils-9.3.6-25.P1.el5_11.6.i386.rpm
a5b33baa5bcaad17b757a30b352281a6b7cfe23b820656c68f349ad54adb63f0 caching-nameserver-9.3.6-25.P1.el5_11.6.i386.rpm
x86_64:
38c75d87815be4802e9b4b0eadd6ff7aaecc7ab390b63bfd324556953606997b bind-9.3.6-25.P1.el5_11.6.x86_64.rpm
439b61a89198405603239230a83d32baf2fd2f1654716c19310748cb1d1242eb bind-chroot-9.3.6-25.P1.el5_11.6.x86_64.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
96f45a79b9d6c1639484a8a2ca9ae210e46e8dd6b4e92285fc994a7bde0d45a9 bind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
a02c456ce0113de0dffd642ba5a1fd2983eeb4a91a9d02653139f3cdabbb20bf bind-libbind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
024c84269610726dae11e7e5ff02c03210984bbd87cb06af13bd095cc57bffe1 bind-libs-9.3.6-25.P1.el5_11.6.x86_64.rpm
5413c5a298327da426f17910082560b27ea64bfda8d25fad526e667557ec033e bind-sdb-9.3.6-25.P1.el5_11.6.x86_64.rpm
4609a64d0b10e1ff219a4d6ddcf225bb98486db32d476dac085ffd9c4cf8db60 bind-utils-9.3.6-25.P1.el5_11.6.x86_64.rpm
6e8d5003341a937e49e221ed5bca41f680bef0143669e8a36283f07b96eddc95 caching-nameserver-9.3.6-25.P1.el5_11.6.x86_64.rpm
Source:
17b44d7032712e6a3542f01e2d58a31f5a0ee89f98616231d8810bd0798e0f3f bind-9.3.6-25.P1.el5_11.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ddbfbbe93f13b2ad52daa56c2d188fdbd27ec99f8c2bb47bae45795b294d0d11 bind-9.3.6-25.P1.el5_11.6.i386.rpm
25a9c6953ff01c7b5d0cae31c4d9f472501de99084a2462c12f98710791f93a1 bind-chroot-9.3.6-25.P1.el5_11.6.i386.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
517edaa050d9d1aac33caf9df8d7697be2257ac58a62ebc4347bdf2ced679a15 bind-sdb-9.3.6-25.P1.el5_11.6.i386.rpm
86df6e077ef4232cad3d00bcad67df95412628764b43cc0e20099cd6469fc283 bind-utils-9.3.6-25.P1.el5_11.6.i386.rpm
a5b33baa5bcaad17b757a30b352281a6b7cfe23b820656c68f349ad54adb63f0 caching-nameserver-9.3.6-25.P1.el5_11.6.i386.rpm
x86_64:
38c75d87815be4802e9b4b0eadd6ff7aaecc7ab390b63bfd324556953606997b bind-9.3.6-25.P1.el5_11.6.x86_64.rpm
439b61a89198405603239230a83d32baf2fd2f1654716c19310748cb1d1242eb bind-chroot-9.3.6-25.P1.el5_11.6.x86_64.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
96f45a79b9d6c1639484a8a2ca9ae210e46e8dd6b4e92285fc994a7bde0d45a9 bind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
a02c456ce0113de0dffd642ba5a1fd2983eeb4a91a9d02653139f3cdabbb20bf bind-libbind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
024c84269610726dae11e7e5ff02c03210984bbd87cb06af13bd095cc57bffe1 bind-libs-9.3.6-25.P1.el5_11.6.x86_64.rpm
5413c5a298327da426f17910082560b27ea64bfda8d25fad526e667557ec033e bind-sdb-9.3.6-25.P1.el5_11.6.x86_64.rpm
4609a64d0b10e1ff219a4d6ddcf225bb98486db32d476dac085ffd9c4cf8db60 bind-utils-9.3.6-25.P1.el5_11.6.x86_64.rpm
6e8d5003341a937e49e221ed5bca41f680bef0143669e8a36283f07b96eddc95 caching-nameserver-9.3.6-25.P1.el5_11.6.x86_64.rpm
Source:
17b44d7032712e6a3542f01e2d58a31f5a0ee89f98616231d8810bd0798e0f3f bind-9.3.6-25.P1.el5_11.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0071 Critical CentOS 5 firefox Security Update
CentOS Errata and Security Advisory 2016:0071 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7857a7a7b41cb33bf15e4d44951a9769a41087a741ce2a46dd0a22e0ce92a7f4 firefox-38.6.0-1.el5.centos.i386.rpm
x86_64:
7857a7a7b41cb33bf15e4d44951a9769a41087a741ce2a46dd0a22e0ce92a7f4 firefox-38.6.0-1.el5.centos.i386.rpm
218583469a900a71f38c9232ae3a6d099f1cf93e8ed841993521e76bd50991a7 firefox-38.6.0-1.el5.centos.x86_64.rpm
Source:
11dbb60ec69d824094085cb320bddd37cd8cda1f7f658d5227c43701eb6d73bb firefox-38.6.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7857a7a7b41cb33bf15e4d44951a9769a41087a741ce2a46dd0a22e0ce92a7f4 firefox-38.6.0-1.el5.centos.i386.rpm
x86_64:
7857a7a7b41cb33bf15e4d44951a9769a41087a741ce2a46dd0a22e0ce92a7f4 firefox-38.6.0-1.el5.centos.i386.rpm
218583469a900a71f38c9232ae3a6d099f1cf93e8ed841993521e76bd50991a7 firefox-38.6.0-1.el5.centos.x86_64.rpm
Source:
11dbb60ec69d824094085cb320bddd37cd8cda1f7f658d5227c43701eb6d73bb firefox-38.6.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0074 Moderate CentOS 5 bind97 Security Update
CentOS Errata and Security Advisory 2016:0074 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0074.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1ac16b73eca063cb4f562733a64e35cff3ef7873209b22c48e6bbe1b5df936e6 bind97-9.7.0-21.P2.el5_11.5.i386.rpm
d00a5209fd4a6c72783037af6b7909bcfa767a66385b245ad3b287ddfe48f4b7 bind97-chroot-9.7.0-21.P2.el5_11.5.i386.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
d924ae3b48500a8982a4ccb6249dd87bc9a5fe272abdee158e1eaa7935fdb58c bind97-utils-9.7.0-21.P2.el5_11.5.i386.rpm
x86_64:
b157e8406abe9110c9d40d4ae745d1136929de910986c82944f85240829ae42b bind97-9.7.0-21.P2.el5_11.5.x86_64.rpm
5418786b36f906420acc4c157d35a81d4e5e78acd42ce0cb477ae3043977f78e bind97-chroot-9.7.0-21.P2.el5_11.5.x86_64.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
c4da10547d26ffd16aa93e0ea69a9b1d7728c0a3f69d29e50339b1449305cf36 bind97-devel-9.7.0-21.P2.el5_11.5.x86_64.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
df963d049822cfbf4832f0b7fcf9481b55252248a0f7ee4e1ad554350a811e32 bind97-libs-9.7.0-21.P2.el5_11.5.x86_64.rpm
7962f4a2e941a2de8da8f8729a17d7f42b5d90a5b9f544ccd9351811dc7a2963 bind97-utils-9.7.0-21.P2.el5_11.5.x86_64.rpm
Source:
7a939bb5c6f9605c0b6798511dd7d5574fdaa2f24e325aaae0bc2ba2602de81d bind97-9.7.0-21.P2.el5_11.5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0074.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1ac16b73eca063cb4f562733a64e35cff3ef7873209b22c48e6bbe1b5df936e6 bind97-9.7.0-21.P2.el5_11.5.i386.rpm
d00a5209fd4a6c72783037af6b7909bcfa767a66385b245ad3b287ddfe48f4b7 bind97-chroot-9.7.0-21.P2.el5_11.5.i386.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
d924ae3b48500a8982a4ccb6249dd87bc9a5fe272abdee158e1eaa7935fdb58c bind97-utils-9.7.0-21.P2.el5_11.5.i386.rpm
x86_64:
b157e8406abe9110c9d40d4ae745d1136929de910986c82944f85240829ae42b bind97-9.7.0-21.P2.el5_11.5.x86_64.rpm
5418786b36f906420acc4c157d35a81d4e5e78acd42ce0cb477ae3043977f78e bind97-chroot-9.7.0-21.P2.el5_11.5.x86_64.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
c4da10547d26ffd16aa93e0ea69a9b1d7728c0a3f69d29e50339b1449305cf36 bind97-devel-9.7.0-21.P2.el5_11.5.x86_64.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
df963d049822cfbf4832f0b7fcf9481b55252248a0f7ee4e1ad554350a811e32 bind97-libs-9.7.0-21.P2.el5_11.5.x86_64.rpm
7962f4a2e941a2de8da8f8729a17d7f42b5d90a5b9f544ccd9351811dc7a2963 bind97-utils-9.7.0-21.P2.el5_11.5.x86_64.rpm
Source:
7a939bb5c6f9605c0b6798511dd7d5574fdaa2f24e325aaae0bc2ba2602de81d bind97-9.7.0-21.P2.el5_11.5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0073 Moderate CentOS 7 bind Security Update
CentOS Errata and Security Advisory 2016:0073 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
687d126e287b5261d66dfdefd6f2275667f6172810d437d89db00fe5b3699fd8 bind-9.9.4-29.el7_2.2.x86_64.rpm
85ec2b5256b2f7317eccb164514664a6d70ef259c88fe8fdb8420265fd35a656 bind-chroot-9.9.4-29.el7_2.2.x86_64.rpm
5c787513258b287757d732b1c64081bc3c5279a4302bfd4f290df16d142e33dd bind-devel-9.9.4-29.el7_2.2.i686.rpm
e8864072298c6083b61945891ddd0084da8426527e380bbd9d40f199589d6055 bind-devel-9.9.4-29.el7_2.2.x86_64.rpm
a8c318b3f3bfd258ba58125e638971ea58cc9be8489f42121bd16ac2c06c178b bind-libs-9.9.4-29.el7_2.2.i686.rpm
e21275bf4758672beeb929263ef90eacbe35a4ae72394c6281ac7ba7b47f8627 bind-libs-9.9.4-29.el7_2.2.x86_64.rpm
73a32ba26598b5a23b99530fe699fb934a67f3f968e584e2374a99672780fed1 bind-libs-lite-9.9.4-29.el7_2.2.i686.rpm
be4a8fec4ddf26a67053fcd4d7533564e032db6aa8f351c6953f1403917a5b64 bind-libs-lite-9.9.4-29.el7_2.2.x86_64.rpm
5e07d967ce3a00f18f5c78065b1dc3d6afd85447ebcb1c45772450f80479fc29 bind-license-9.9.4-29.el7_2.2.noarch.rpm
3c42a0bc47f6ddb9df1ad59adc9847ea78ad95c1bb0dbd5cd7ddd6b2423add9d bind-lite-devel-9.9.4-29.el7_2.2.i686.rpm
ac5cb51ddb57e365c99fbe15e978662ae6a11b2fbf6e3e2ba33f147b9835e858 bind-lite-devel-9.9.4-29.el7_2.2.x86_64.rpm
e92f2c1f37f67be2266c54dff8049dd9ddfbb4b8748ac1c899c5288f1125b055 bind-pkcs11-9.9.4-29.el7_2.2.x86_64.rpm
21c6d74ec37c375dd97f580f33a0b4ef9a03d4605ce385e30337712327c9e012 bind-pkcs11-devel-9.9.4-29.el7_2.2.i686.rpm
1b5db2d89b0ab1c0d576a5de73f08f4a6aaded98cdf40585cb90ff1ce9e2be11 bind-pkcs11-devel-9.9.4-29.el7_2.2.x86_64.rpm
6da046cfc1bed327100f00c18257e4db6163143027f688ce95093c92ab25d890 bind-pkcs11-libs-9.9.4-29.el7_2.2.i686.rpm
581c28fbae1ad38b9b969a8e4913e3d9cfd7bd8ca3bc8d816a43bec9d93722fb bind-pkcs11-libs-9.9.4-29.el7_2.2.x86_64.rpm
5368ad7cc0023a8b6764a935b207ca5f01e2eab4a7f68f35dc931d326f7d735f bind-pkcs11-utils-9.9.4-29.el7_2.2.x86_64.rpm
f1b676334768c532e108a5b2e659495957a0c3c9a56ea0e15ff00c960d0a9997 bind-sdb-9.9.4-29.el7_2.2.x86_64.rpm
dcec313d83c6b9027ac92c67b74cb79e3958cbacf3f5294128a1221722a79c09 bind-sdb-chroot-9.9.4-29.el7_2.2.x86_64.rpm
3094d168064b902abd356da286858c323d6d43b518701a9a9e163868adcdcd59 bind-utils-9.9.4-29.el7_2.2.x86_64.rpm
Source:
f7bf841e6e6c5aa5bb8f231eaf7f069272574987f3acf4d4d895db28259518c1 bind-9.9.4-29.el7_2.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
687d126e287b5261d66dfdefd6f2275667f6172810d437d89db00fe5b3699fd8 bind-9.9.4-29.el7_2.2.x86_64.rpm
85ec2b5256b2f7317eccb164514664a6d70ef259c88fe8fdb8420265fd35a656 bind-chroot-9.9.4-29.el7_2.2.x86_64.rpm
5c787513258b287757d732b1c64081bc3c5279a4302bfd4f290df16d142e33dd bind-devel-9.9.4-29.el7_2.2.i686.rpm
e8864072298c6083b61945891ddd0084da8426527e380bbd9d40f199589d6055 bind-devel-9.9.4-29.el7_2.2.x86_64.rpm
a8c318b3f3bfd258ba58125e638971ea58cc9be8489f42121bd16ac2c06c178b bind-libs-9.9.4-29.el7_2.2.i686.rpm
e21275bf4758672beeb929263ef90eacbe35a4ae72394c6281ac7ba7b47f8627 bind-libs-9.9.4-29.el7_2.2.x86_64.rpm
73a32ba26598b5a23b99530fe699fb934a67f3f968e584e2374a99672780fed1 bind-libs-lite-9.9.4-29.el7_2.2.i686.rpm
be4a8fec4ddf26a67053fcd4d7533564e032db6aa8f351c6953f1403917a5b64 bind-libs-lite-9.9.4-29.el7_2.2.x86_64.rpm
5e07d967ce3a00f18f5c78065b1dc3d6afd85447ebcb1c45772450f80479fc29 bind-license-9.9.4-29.el7_2.2.noarch.rpm
3c42a0bc47f6ddb9df1ad59adc9847ea78ad95c1bb0dbd5cd7ddd6b2423add9d bind-lite-devel-9.9.4-29.el7_2.2.i686.rpm
ac5cb51ddb57e365c99fbe15e978662ae6a11b2fbf6e3e2ba33f147b9835e858 bind-lite-devel-9.9.4-29.el7_2.2.x86_64.rpm
e92f2c1f37f67be2266c54dff8049dd9ddfbb4b8748ac1c899c5288f1125b055 bind-pkcs11-9.9.4-29.el7_2.2.x86_64.rpm
21c6d74ec37c375dd97f580f33a0b4ef9a03d4605ce385e30337712327c9e012 bind-pkcs11-devel-9.9.4-29.el7_2.2.i686.rpm
1b5db2d89b0ab1c0d576a5de73f08f4a6aaded98cdf40585cb90ff1ce9e2be11 bind-pkcs11-devel-9.9.4-29.el7_2.2.x86_64.rpm
6da046cfc1bed327100f00c18257e4db6163143027f688ce95093c92ab25d890 bind-pkcs11-libs-9.9.4-29.el7_2.2.i686.rpm
581c28fbae1ad38b9b969a8e4913e3d9cfd7bd8ca3bc8d816a43bec9d93722fb bind-pkcs11-libs-9.9.4-29.el7_2.2.x86_64.rpm
5368ad7cc0023a8b6764a935b207ca5f01e2eab4a7f68f35dc931d326f7d735f bind-pkcs11-utils-9.9.4-29.el7_2.2.x86_64.rpm
f1b676334768c532e108a5b2e659495957a0c3c9a56ea0e15ff00c960d0a9997 bind-sdb-9.9.4-29.el7_2.2.x86_64.rpm
dcec313d83c6b9027ac92c67b74cb79e3958cbacf3f5294128a1221722a79c09 bind-sdb-chroot-9.9.4-29.el7_2.2.x86_64.rpm
3094d168064b902abd356da286858c323d6d43b518701a9a9e163868adcdcd59 bind-utils-9.9.4-29.el7_2.2.x86_64.rpm
Source:
f7bf841e6e6c5aa5bb8f231eaf7f069272574987f3acf4d4d895db28259518c1 bind-9.9.4-29.el7_2.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0071 Critical CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2016:0071 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
be34c367e10c7dc57ece2a1e963b78ea8528f6f6dd2900111945c4b9349bb66d firefox-38.6.0-1.el7.centos.i686.rpm
2742f3432b2ddf784c0e350d66c1488546c65cc3154b974cae43ae4e94d48655 firefox-38.6.0-1.el7.centos.x86_64.rpm
Source:
7fc2d1a4212d902f469f0442a705d11065a8b1b3df348f8dbd4bc8668ef050a4 firefox-38.6.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
be34c367e10c7dc57ece2a1e963b78ea8528f6f6dd2900111945c4b9349bb66d firefox-38.6.0-1.el7.centos.i686.rpm
2742f3432b2ddf784c0e350d66c1488546c65cc3154b974cae43ae4e94d48655 firefox-38.6.0-1.el7.centos.x86_64.rpm
Source:
7fc2d1a4212d902f469f0442a705d11065a8b1b3df348f8dbd4bc8668ef050a4 firefox-38.6.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0073 Moderate CentOS 6 bind Security Update
CentOS Errata and Security Advisory 2016:0073 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b6ed7e941878203bab5f445fdf02242ebc7ddb9e106d21448fa934567b6c9d69 bind-9.8.2-0.37.rc1.el6_7.6.i686.rpm
ec4e913be997eb6ecb0adb463b3e048fd258abb50719d28e3bda699ba5564ac3 bind-chroot-9.8.2-0.37.rc1.el6_7.6.i686.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
3219ce9865b0c077cec06304bd44e6093a94e2deb20131ac9eaf12be99390c85 bind-sdb-9.8.2-0.37.rc1.el6_7.6.i686.rpm
fd0239cafda5baa254ce72b463032948de416ec28a52b13239efecaf16ed4672 bind-utils-9.8.2-0.37.rc1.el6_7.6.i686.rpm
x86_64:
5c6dc609593f17d383c2d7c4c491b6b782453e11ac62770461eaa569f86971de bind-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
fcac37ddb041c983721cec05d536513900a0726a106a39d8bd6a5635f0b8ad76 bind-chroot-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
a2b62f0e56767af74ecc39b32cff9bab02630d2ed828e1caa4cdc225f9cdf6b0 bind-devel-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bafaa0e1646245658301a2aec80915fd79a28b8cac54b0fbdd33a7aeb917cce0 bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
72f64bdd0a6deaede7760d0728da752558913fe5f266ad39b383fcda390e541a bind-sdb-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
563fb6fe2028e188ec044091e79e415b067d2073b4fde07b7f179fee3f611e77 bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
Source:
f6634e8e85939b9d204cb50d84fad0d31f095fc1c351ace5c20ee89cd522a984 bind-9.8.2-0.37.rc1.el6_7.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b6ed7e941878203bab5f445fdf02242ebc7ddb9e106d21448fa934567b6c9d69 bind-9.8.2-0.37.rc1.el6_7.6.i686.rpm
ec4e913be997eb6ecb0adb463b3e048fd258abb50719d28e3bda699ba5564ac3 bind-chroot-9.8.2-0.37.rc1.el6_7.6.i686.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
3219ce9865b0c077cec06304bd44e6093a94e2deb20131ac9eaf12be99390c85 bind-sdb-9.8.2-0.37.rc1.el6_7.6.i686.rpm
fd0239cafda5baa254ce72b463032948de416ec28a52b13239efecaf16ed4672 bind-utils-9.8.2-0.37.rc1.el6_7.6.i686.rpm
x86_64:
5c6dc609593f17d383c2d7c4c491b6b782453e11ac62770461eaa569f86971de bind-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
fcac37ddb041c983721cec05d536513900a0726a106a39d8bd6a5635f0b8ad76 bind-chroot-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
a2b62f0e56767af74ecc39b32cff9bab02630d2ed828e1caa4cdc225f9cdf6b0 bind-devel-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bafaa0e1646245658301a2aec80915fd79a28b8cac54b0fbdd33a7aeb917cce0 bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
72f64bdd0a6deaede7760d0728da752558913fe5f266ad39b383fcda390e541a bind-sdb-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
563fb6fe2028e188ec044091e79e415b067d2073b4fde07b7f179fee3f611e77 bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
Source:
f6634e8e85939b9d204cb50d84fad0d31f095fc1c351ace5c20ee89cd522a984 bind-9.8.2-0.37.rc1.el6_7.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0071 Critical CentOS 6 firefox Security Update
CentOS Errata and Security Advisory 2016:0071 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c6d657f5507534819aeb712af8752230bbeb50253e45e7e440d4fdeded3c0760 firefox-38.6.0-1.el6.centos.i686.rpm
x86_64:
c6d657f5507534819aeb712af8752230bbeb50253e45e7e440d4fdeded3c0760 firefox-38.6.0-1.el6.centos.i686.rpm
685c98c6e6206b7336074554106ac415212bacdc6060a288ad66949c1346cd5d firefox-38.6.0-1.el6.centos.x86_64.rpm
Source:
18d697b64f3b8817f71b83be1471b37167206f8547643dd26d0385cda53035fd firefox-38.6.0-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0071.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c6d657f5507534819aeb712af8752230bbeb50253e45e7e440d4fdeded3c0760 firefox-38.6.0-1.el6.centos.i686.rpm
x86_64:
c6d657f5507534819aeb712af8752230bbeb50253e45e7e440d4fdeded3c0760 firefox-38.6.0-1.el6.centos.i686.rpm
685c98c6e6206b7336074554106ac415212bacdc6060a288ad66949c1346cd5d firefox-38.6.0-1.el6.centos.x86_64.rpm
Source:
18d697b64f3b8817f71b83be1471b37167206f8547643dd26d0385cda53035fd firefox-38.6.0-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
F24 System Wide Change: LiveUserCreator as Primary Downloadable
= Proposed System Wide Change: LiveUserCreator as Primary Downloadable =
https://fedoraproject.org/wiki/Changes/LUCasPrimaryDownloadable
https://fedoraproject.org/wiki/Changes/LUCasPrimaryDownloadable
Change owner(s):
* Jiri Eischmann <eischmann AT redhat DOT com >
* Martin Briza
The new Fedora Liver USB Creator that is being finished has an
overhauled, more user friendly interface. Because USB sticks are the
most common way to install Fedora, it should be the primary download
option. It cover the whole installation media creation, it lets the
user pick the right flavor of Fedora, downloads its image, and copies
it to a USB drive.
== Detailed Description ==
Fedora Live USB Creator is getting a facelift that should make it much
easier to use (see mockups). It should cover the complete work flow of
creating an installation media. It provides information (descriptions,
screenshots,...) about flavors and variants of Fedora to help the user
to pick the right one for their usage, downloads the ISO, and copies
it to a USB flash disk. The goal of this change is to provide this
tool as the primary download option on getfedora.org and create a
mechanism to store and update information (descriptions,
screenshots,...) for the tool. This requires work not only from the
change owners, but also from other groups (websites, design,
marketing, releng teams).
== Scope ==
Proposal owners:
* Live USB Creator for Linux (pretty much ready, currently packaged
for Fedora in Copr, should we create a deb package, too?)
* Live USB Creator for Windows (pretty much ready, we just need to get
a signing key)
* Live USB Creator for Mac OS X (still in progress, should be ready
for F24 release)
Other developers:
* the websites team has to update the download page to make LUC the
primary download option.
Marketing and design:
* the design team has to work with websites team on necessary changes
to the download page.
* the marketing has to provide information for LUC including
descriptions and screenshots (screenshots of Workstation are currently
missing)
QA:
* adjust tests and test result matrices
Release engineering:
* not sure what's required from them
Policies and guidelines:
* The live-usb-creator tool is helping with new installations.
Existing installations are not affected.
Trademark approval:
* N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:10.linux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:10.linux Security Advisory
The FreeBSD Project
Topic: Linux compatibility layer issetugid(2) system call
vulnerability
Category: core
Module: kernel
Announced: 2016-01-27
Credits: Isaac Dunham, Brent Cook, Warner Losh
Affects: All supported versions of FreeBSD.
Corrected: 2016-01-27 07:28:55 UTC (stable/10, 10.2-STABLE)
2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
2016-01-27 07:34:23 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2016-1883
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD is binary-compatible with the Linux operating system through a
loadable kernel module/optional kernel component. The support is
provided on amd64 and i386 machines.
II. Problem Description
A programming error in the Linux compatibility layer could cause the
issetugid(2) system call to return incorrect information.
III. Impact
If an application relies on output of the issetugid(2) system call
and that information is incorrect, this could lead to a privilege
escalation.
IV. Workaround
No workaround is available, but systems not using the Linux binary
compatibility layer are not vulnerable.
The following command can be used to test if the Linux binary
compatibility layer is loaded:
# kldstat -m linuxelf
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Reboot the system or unload and reload the linux.ko kernel module.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Reboot the system or unload and reload the linux.ko kernel module.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch
# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch.asc
# gpg --verify linux.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294903
releng/9.3/ r294905
stable/10/ r294901
releng/10.1/ r294904
releng/10.2/ r294904
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:10.linux.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnsr0QAJtM4C+IgRcRHdNGL7vXp1NP
u3sFyktcRGCR0p+lMOaFYPp/Vmu09NglhcaxYFbk4WONVSnZKOuiWsjOL9by/eof
77i8bXINlB/8Pp+34KpxDtz5wR3jVAApaL8xvS+/DaKj3RdQ63RrHgtQRTAk+VSO
ISAXxF2U/XAcRlmBQ3oOtqeHads6M1LNG/D/I0FgpU2G17QoUpfa+AvOkS1wBw7d
mdcnC4NDKKx3QnyD0FTrh4z444PwvE3IQ7OSm7VX4/oOZdH+CC9coLCV1BXALrfA
WVmaUMDy8bWiv7JMsda2xl4KhcEx2Y0UN2hGYdMZJubqYcnUknMimW3b2fhsfgl1
UaQDD6xv9I4xZqo1NHh4/WiH33PvOmM+U0E6IMb5hTUbfSd0mXOn4yzTP5gJxe4h
fPk5ZUj/HTKx6C8ERMknTDdn+ZrLLlQJAoDbipPZkRBMcsgvRYGjKquBnrW9N0z2
BUtuLODg/GxMmkQXYV7mT08xw7YLvIbfSwGvlOd/k5hB/0KMTRLBFGd6vc2lZ+CL
dseeK59vUK50Arua8qbg6AlOYc9Dga/XeQ753za0zEm7LOXzjr7jlBex/04ZxvE/
N4OTxNYlASk1cwBcoytZ8da3D7Vqh7vw7QmUR8lAb/x5ijR1QjCApji+yRupCEG+
PGHIMcxSGeBx7Drd1eBE
=PyM5
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-16:10.linux Security Advisory
The FreeBSD Project
Topic: Linux compatibility layer issetugid(2) system call
vulnerability
Category: core
Module: kernel
Announced: 2016-01-27
Credits: Isaac Dunham, Brent Cook, Warner Losh
Affects: All supported versions of FreeBSD.
Corrected: 2016-01-27 07:28:55 UTC (stable/10, 10.2-STABLE)
2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
2016-01-27 07:34:23 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2016-1883
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD is binary-compatible with the Linux operating system through a
loadable kernel module/optional kernel component. The support is
provided on amd64 and i386 machines.
II. Problem Description
A programming error in the Linux compatibility layer could cause the
issetugid(2) system call to return incorrect information.
III. Impact
If an application relies on output of the issetugid(2) system call
and that information is incorrect, this could lead to a privilege
escalation.
IV. Workaround
No workaround is available, but systems not using the Linux binary
compatibility layer are not vulnerable.
The following command can be used to test if the Linux binary
compatibility layer is loaded:
# kldstat -m linuxelf
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Reboot the system or unload and reload the linux.ko kernel module.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Reboot the system or unload and reload the linux.ko kernel module.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch
# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch.asc
# gpg --verify linux.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294903
releng/9.3/ r294905
stable/10/ r294901
releng/10.1/ r294904
releng/10.2/ r294904
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:10.linux.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnsr0QAJtM4C+IgRcRHdNGL7vXp1NP
u3sFyktcRGCR0p+lMOaFYPp/Vmu09NglhcaxYFbk4WONVSnZKOuiWsjOL9by/eof
77i8bXINlB/8Pp+34KpxDtz5wR3jVAApaL8xvS+/DaKj3RdQ63RrHgtQRTAk+VSO
ISAXxF2U/XAcRlmBQ3oOtqeHads6M1LNG/D/I0FgpU2G17QoUpfa+AvOkS1wBw7d
mdcnC4NDKKx3QnyD0FTrh4z444PwvE3IQ7OSm7VX4/oOZdH+CC9coLCV1BXALrfA
WVmaUMDy8bWiv7JMsda2xl4KhcEx2Y0UN2hGYdMZJubqYcnUknMimW3b2fhsfgl1
UaQDD6xv9I4xZqo1NHh4/WiH33PvOmM+U0E6IMb5hTUbfSd0mXOn4yzTP5gJxe4h
fPk5ZUj/HTKx6C8ERMknTDdn+ZrLLlQJAoDbipPZkRBMcsgvRYGjKquBnrW9N0z2
BUtuLODg/GxMmkQXYV7mT08xw7YLvIbfSwGvlOd/k5hB/0KMTRLBFGd6vc2lZ+CL
dseeK59vUK50Arua8qbg6AlOYc9Dga/XeQ753za0zEm7LOXzjr7jlBex/04ZxvE/
N4OTxNYlASk1cwBcoytZ8da3D7Vqh7vw7QmUR8lAb/x5ijR1QjCApji+yRupCEG+
PGHIMcxSGeBx7Drd1eBE
=PyM5
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:09.ntp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:09.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-01-27
Credits: Cisco ASIG / Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2016-01-22 15:55:21 UTC (stable/10, 10.2-STABLE)
2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
2016-01-22 15:56:35 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976,
CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138,
CVE-2015-8139, CVE-2015-8140, CVE-2015-8158
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.
II. Problem Description
Multiple vulnerabilities have been discovered in ntp 4.2.8p5:
Potential Infinite Loop in ntpq. [CVE-2015-8158]
A logic error would allow packets with an origin timestamp of zero
to bypass this check whenever there is not an outstanding request
to the server. [CVE-2015-8138]
Off-path Denial of Service (DoS) attack on authenticated broadcast mode.
[CVE-2015-7979]
Stack exhaustion in recursive traversal of restriction list. [CVE-2015-7978]
reslist NULL pointer dereference. [CVE-2015-7977]
ntpq saveconfig command allows dangerous characters in filenames.
[CVE-2015-7976]
nextvar() missing length check. [CVE-2015-7975]
Skeleton Key: Missing key check allows impersonation between authenticated
peers. [CVE-2015-7974]
Deja Vu: Replay attack on authenticated broadcast mode. [CVE-2015-7973]
ntpq vulnerable to replay attacks. [CVE-2015-8140]
Origin Leak: ntpq and ntpdc, disclose origin. [CVE-2015-8139]
III. Impact
A malicious NTP server, or an attacker who can conduct MITM attack by
intercepting NTP query traffic, may be able to cause a ntpq client to
infinitely loop. [CVE-2015-8158]
A malicious NTP server, or an attacker who can conduct MITM attack by
intercepting NTP query traffic, may be able to prevent a ntpd(8) daemon
to distinguish between legitimate peer responses from forgeries. This
can partially be mitigated by configuring multiple time sources.
[CVE-2015-8138]
An off-path attacker who can send broadcast packets with bad
authentication (wrong key, mismatched key, incorrect MAC, etc) to
broadcast clients can cause these clients to tear down associations.
[CVE-2015-7979]
An attacker who can send unauthenticated 'reslist' command to a NTP
server may cause it to crash, resulting in a denial of service
condition due to stack exhaustion [CVE-2015-7978] or a NULL pointer
dereference [CVE-2015-7977].
An attacker who can send 'modify' requests to a NTP server may be
able to create file that contain dangerous characters in their name,
which could cause dangerous behavior in a later shell invocation.
[CVE-2015-7976]
A remote attacker may be able to crash a ntpq client. [CVE-2015-7975]
A malicious server which holds a trusted key may be able to
impersonate other trusted servers in an authenticated configuration.
[CVE-2015-7974]
A man-in-the-middle attacker or a malicious participant that has the
same trusted keys as the victim can replay time packets if the NTP
network is configured for broadcast operations. [CVE-2015-7973]
The ntpq protocol is vulnerable to replay attacks which may be used
to e.g. re-establish an association to malicious server. [CVE-2015-8140]
An attacker who can intercept NTP traffic can easily forge live server
responses. [CVE-2015-8139]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Network administrators are advised to implement BCP-38,
which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch.asc
# gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294570
releng/9.3/ r294905
stable/10/ r294569
releng/10.1/ r294904
releng/10.2/ r294904
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7973>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7974>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7975>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7976>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7977>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7978>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7979>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8138>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8139>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8140>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8158>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnt9cP/2EtdEPX/oBJXKFWqQv5cwvY
C4gmlK5MZok2an330XMPl0RO2RplsIw4Lo4BuUh7HPKhVa5loYasabKrULQ+4Pgv
z9INxDTDO8iooHeTeNe/VAb5YcKFrD7sqajdc0cY11rLEw1o53IuULz9wZnczAe/
KnHDNUyYaSU2Ep+c3+ADSJqOk3ffhsGDS+0byoOBcUN+66MnBg19/rKomiN5a7Nt
XSseoQgYISU8aaJDvPlGoaN/Xm5fnFZaKFlJ4y7h51sYYep0qgjQx+Gdakk0vNbh
CwsjpBKqDpFpBcSgdEC/bYHnNpYUTJB/tPmG3YDO5jMWQISKGrrnuMYeh+7PjTDS
vCrneztpVBscLG4ZKSlfmhpZ/Jfy31YPXm5P/w8NuA05i13K06P4gG5PKNyUMgsk
AZQ4Vg8YlyS0Ci4ufdc+AIQI35QMrKvfecJVu49+sNhUA4PpTe7coEU9dks3Dtaw
g2QbfnsEWzJ6RBJcw7aQDSgRoqrVQgMB8IIota+aMzeVurgyFxPm9LASk2RYjhmC
Ep283cc+HPUnihKBZTwwkw5iznbmpyRYlPghEc7slgOZCbk9pefnsCMOZAqRW9fZ
DUpt+HvZD5BKB4kCAUMIvKGS91cyBFaNcdJhlB8uUx2aP2UJmuzldk+x9K74wWGK
lnP0IazzXnWFobfwr+qT
=0ZhD
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-16:09.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-01-27
Credits: Cisco ASIG / Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2016-01-22 15:55:21 UTC (stable/10, 10.2-STABLE)
2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
2016-01-22 15:56:35 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976,
CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138,
CVE-2015-8139, CVE-2015-8140, CVE-2015-8158
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.
II. Problem Description
Multiple vulnerabilities have been discovered in ntp 4.2.8p5:
Potential Infinite Loop in ntpq. [CVE-2015-8158]
A logic error would allow packets with an origin timestamp of zero
to bypass this check whenever there is not an outstanding request
to the server. [CVE-2015-8138]
Off-path Denial of Service (DoS) attack on authenticated broadcast mode.
[CVE-2015-7979]
Stack exhaustion in recursive traversal of restriction list. [CVE-2015-7978]
reslist NULL pointer dereference. [CVE-2015-7977]
ntpq saveconfig command allows dangerous characters in filenames.
[CVE-2015-7976]
nextvar() missing length check. [CVE-2015-7975]
Skeleton Key: Missing key check allows impersonation between authenticated
peers. [CVE-2015-7974]
Deja Vu: Replay attack on authenticated broadcast mode. [CVE-2015-7973]
ntpq vulnerable to replay attacks. [CVE-2015-8140]
Origin Leak: ntpq and ntpdc, disclose origin. [CVE-2015-8139]
III. Impact
A malicious NTP server, or an attacker who can conduct MITM attack by
intercepting NTP query traffic, may be able to cause a ntpq client to
infinitely loop. [CVE-2015-8158]
A malicious NTP server, or an attacker who can conduct MITM attack by
intercepting NTP query traffic, may be able to prevent a ntpd(8) daemon
to distinguish between legitimate peer responses from forgeries. This
can partially be mitigated by configuring multiple time sources.
[CVE-2015-8138]
An off-path attacker who can send broadcast packets with bad
authentication (wrong key, mismatched key, incorrect MAC, etc) to
broadcast clients can cause these clients to tear down associations.
[CVE-2015-7979]
An attacker who can send unauthenticated 'reslist' command to a NTP
server may cause it to crash, resulting in a denial of service
condition due to stack exhaustion [CVE-2015-7978] or a NULL pointer
dereference [CVE-2015-7977].
An attacker who can send 'modify' requests to a NTP server may be
able to create file that contain dangerous characters in their name,
which could cause dangerous behavior in a later shell invocation.
[CVE-2015-7976]
A remote attacker may be able to crash a ntpq client. [CVE-2015-7975]
A malicious server which holds a trusted key may be able to
impersonate other trusted servers in an authenticated configuration.
[CVE-2015-7974]
A man-in-the-middle attacker or a malicious participant that has the
same trusted keys as the victim can replay time packets if the NTP
network is configured for broadcast operations. [CVE-2015-7973]
The ntpq protocol is vulnerable to replay attacks which may be used
to e.g. re-establish an association to malicious server. [CVE-2015-8140]
An attacker who can intercept NTP traffic can easily forge live server
responses. [CVE-2015-8139]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Network administrators are advised to implement BCP-38,
which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch.asc
# gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294570
releng/9.3/ r294905
stable/10/ r294569
releng/10.1/ r294904
releng/10.2/ r294904
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7973>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7974>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7975>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7976>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7977>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7978>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7979>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8138>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8139>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8140>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8158>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnt9cP/2EtdEPX/oBJXKFWqQv5cwvY
C4gmlK5MZok2an330XMPl0RO2RplsIw4Lo4BuUh7HPKhVa5loYasabKrULQ+4Pgv
z9INxDTDO8iooHeTeNe/VAb5YcKFrD7sqajdc0cY11rLEw1o53IuULz9wZnczAe/
KnHDNUyYaSU2Ep+c3+ADSJqOk3ffhsGDS+0byoOBcUN+66MnBg19/rKomiN5a7Nt
XSseoQgYISU8aaJDvPlGoaN/Xm5fnFZaKFlJ4y7h51sYYep0qgjQx+Gdakk0vNbh
CwsjpBKqDpFpBcSgdEC/bYHnNpYUTJB/tPmG3YDO5jMWQISKGrrnuMYeh+7PjTDS
vCrneztpVBscLG4ZKSlfmhpZ/Jfy31YPXm5P/w8NuA05i13K06P4gG5PKNyUMgsk
AZQ4Vg8YlyS0Ci4ufdc+AIQI35QMrKvfecJVu49+sNhUA4PpTe7coEU9dks3Dtaw
g2QbfnsEWzJ6RBJcw7aQDSgRoqrVQgMB8IIota+aMzeVurgyFxPm9LASk2RYjhmC
Ep283cc+HPUnihKBZTwwkw5iznbmpyRYlPghEc7slgOZCbk9pefnsCMOZAqRW9fZ
DUpt+HvZD5BKB4kCAUMIvKGS91cyBFaNcdJhlB8uUx2aP2UJmuzldk+x9K74wWGK
lnP0IazzXnWFobfwr+qT
=0ZhD
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:08.bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:08.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib
Module: bind
Announced: 2016-01-27
Credits: ISC
Affects: FreeBSD 9.x
Corrected: 2016-01-20 08:54:35 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2015-8704
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
Address Prefixes List (APL RR) is a type of DNS Resource Record defined in
RFC 3123.
II. Problem Description
There is an off-by-one error in a buffer size check when performing certain
string formatting operations.
III. Impact
Slaves using text-format db files could be vulnerable if receiving a
malformed record in a zone transfer from their master.
Masters using text-format db files could be vulnerable if they accept
a malformed record in a DDNS update message.
Recursive resolvers are potentially vulnerable when debug logging is
enabled and if they are fed a deliberately malformed record by a
malicious server.
A server which has cached a specially constructed record could encounter
this condition while performing 'rndc dumpdb'.
IV. Workaround
No workaround is available, but hosts not running named(8) are not
vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The named service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The named service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294405
releng/9.3/ r294905
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://kb.isc.org/article/AA-01335>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:08.bind.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rngIkP/Ru1a5U14/iJKqGO2o+OQkk5
j9G3rwEQROlPhtHdUE3vtA2fZcsayJaK1CjU3j91VWlTXHfBnju6gbJVPntNQqe5
TxRFmRhRjcyreNdt6hKvFgDrXmWwrytRukJ/XafdYxoWFDTtrUScwrOH87U8ILcF
gkWgzCQ7EnYqr7sEW1makDHmIOLukJo5pJOnUTRkraDP2oaKSros3GC+Fnh6Wf+q
wYOkgl2gj96ubJW4SvdZCAKFtnMrhw0ZZyrVDuPojzWU+ZotzWvZz3xGvoSqXy5U
rqqtUQNHMU0Aqhe9zurW4B2ioff6XALZPgRYqQRI8ezXTgDDhJSwa12mjTJuQmaR
hQRJlW5u5/Ejj2NML6NkhvLuSApwZcAZ2G7cLGdR6nEKKVEb6mXgnL7T/CdhhTj8
2owIz1iIdI2sUmhv6vuxPxB1k/O7b76LTZ2AL6jx4/mEtOVeofpNej5w7qnvCSqV
RcZsOYRXrMZ0YWuhBkKqnMGGIU0TBMDvjJL5gxf5RR14iLExcC1fKhkhbvRMag4Y
ck7Ja45Ltpwtd0t7/AfzbeI4OVmos4NB36HK5pYJchmOUavm6im5V6781mYGZgQn
HtOQEyi7tSeft+Fz21dmK6Z1GV6lRmrt52wAKyJ71nA/WESgma50WE49RX+cH1MH
nmon5PYKLuMuzFVNYZWs
=HYpu
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-16:08.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib
Module: bind
Announced: 2016-01-27
Credits: ISC
Affects: FreeBSD 9.x
Corrected: 2016-01-20 08:54:35 UTC (stable/9, 9.3-STABLE)
2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
CVE Name: CVE-2015-8704
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
Address Prefixes List (APL RR) is a type of DNS Resource Record defined in
RFC 3123.
II. Problem Description
There is an off-by-one error in a buffer size check when performing certain
string formatting operations.
III. Impact
Slaves using text-format db files could be vulnerable if receiving a
malformed record in a zone transfer from their master.
Masters using text-format db files could be vulnerable if they accept
a malformed record in a DDNS update message.
Recursive resolvers are potentially vulnerable when debug logging is
enabled and if they are fed a deliberately malformed record by a
malicious server.
A server which has cached a specially constructed record could encounter
this condition while performing 'rndc dumpdb'.
IV. Workaround
No workaround is available, but hosts not running named(8) are not
vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The named service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The named service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r294405
releng/9.3/ r294905
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://kb.isc.org/article/AA-01335>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:08.bind.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rngIkP/Ru1a5U14/iJKqGO2o+OQkk5
j9G3rwEQROlPhtHdUE3vtA2fZcsayJaK1CjU3j91VWlTXHfBnju6gbJVPntNQqe5
TxRFmRhRjcyreNdt6hKvFgDrXmWwrytRukJ/XafdYxoWFDTtrUScwrOH87U8ILcF
gkWgzCQ7EnYqr7sEW1makDHmIOLukJo5pJOnUTRkraDP2oaKSros3GC+Fnh6Wf+q
wYOkgl2gj96ubJW4SvdZCAKFtnMrhw0ZZyrVDuPojzWU+ZotzWvZz3xGvoSqXy5U
rqqtUQNHMU0Aqhe9zurW4B2ioff6XALZPgRYqQRI8ezXTgDDhJSwa12mjTJuQmaR
hQRJlW5u5/Ejj2NML6NkhvLuSApwZcAZ2G7cLGdR6nEKKVEb6mXgnL7T/CdhhTj8
2owIz1iIdI2sUmhv6vuxPxB1k/O7b76LTZ2AL6jx4/mEtOVeofpNej5w7qnvCSqV
RcZsOYRXrMZ0YWuhBkKqnMGGIU0TBMDvjJL5gxf5RR14iLExcC1fKhkhbvRMag4Y
ck7Ja45Ltpwtd0t7/AfzbeI4OVmos4NB36HK5pYJchmOUavm6im5V6781mYGZgQn
HtOQEyi7tSeft+Fz21dmK6Z1GV6lRmrt52wAKyJ71nA/WESgma50WE49RX+cH1MH
nmon5PYKLuMuzFVNYZWs
=HYpu
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Tuesday, January 26, 2016
[USN-2881-1] MySQL vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWp4Y6AAoJEGVp2FWnRL6TBHMP/09oiIyZomS/CGGzmaZAseqJ
8NGXwJJKkqgE6G/TSkxy3gAD+pupfrCM03E0FUWVGh0IGg7h+LuRQpyOBODThPgM
wgHlq8Jc2iSHxxEowsx+WfkMGpCvj6S9x3kRKGEqYcIqMCCU8mLtwzFJ/2HmH+SX
IzsV5cBkY5rBvFeq6NVOMtCCWb21zZx/CDn/wcKpb6SR2ErQVvHFVMDghD1bjGKJ
+5onHqmJmA5mR8QXT8LKdABvHqsqEZCzFNKsc47yqr5MICeLV4Jg1WuwbSG3ysno
VbmZpXvg31yjFUXa2hYREvz53la+ckiEFvbemxvrmjtz2ZWyGjczUBUMbc92QS0Q
i5Imn4NmZWnP5ZldyERiZVd9UaKa7G6k9ZZyFZGjTj1rVQoGyB3MIDchc4JC2kxX
uC8OwTRhNeXm0A504cI0Yj4TJCRwiqquu5K08uCMGjDP1Y4tz6dV2M2sRqQFTBvE
6iIkbPX7FtVeO8Di3ZtTsK/4XjyHiNKTeof+S4NkO8vbPdNAJWxTQmT1LoqSrSyt
5cvqChv6PrAcieXWP61vqIHAr+H9Lhp6LVL5kS10peSL/U+WLOGfUGQMAIR4g8Hr
6h1BN083ijk0y/SIrNBYeNDAK4xyQs+B665inZgA0s/V32g0SNRd+USZlMRNrm3D
Wgec59tjSXflJ7o+L732
=zLOK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2881-1
January 26, 2016
mysql-5.5, mysql-5.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.6: MySQL database
- mysql-5.5: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
mysql-server-5.6 5.6.28-0ubuntu0.15.10.1
Ubuntu 15.04:
mysql-server-5.6 5.6.28-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.47-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
mysql-server-5.5 5.5.47-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2881-1
CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546,
CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,
CVE-2016-0600, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608,
CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.28-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.28-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.47-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.47-0ubuntu0.12.04.1
Version: GnuPG v2
iQIcBAEBCgAGBQJWp4Y6AAoJEGVp2FWnRL6TBHMP/09oiIyZomS/CGGzmaZAseqJ
8NGXwJJKkqgE6G/TSkxy3gAD+pupfrCM03E0FUWVGh0IGg7h+LuRQpyOBODThPgM
wgHlq8Jc2iSHxxEowsx+WfkMGpCvj6S9x3kRKGEqYcIqMCCU8mLtwzFJ/2HmH+SX
IzsV5cBkY5rBvFeq6NVOMtCCWb21zZx/CDn/wcKpb6SR2ErQVvHFVMDghD1bjGKJ
+5onHqmJmA5mR8QXT8LKdABvHqsqEZCzFNKsc47yqr5MICeLV4Jg1WuwbSG3ysno
VbmZpXvg31yjFUXa2hYREvz53la+ckiEFvbemxvrmjtz2ZWyGjczUBUMbc92QS0Q
i5Imn4NmZWnP5ZldyERiZVd9UaKa7G6k9ZZyFZGjTj1rVQoGyB3MIDchc4JC2kxX
uC8OwTRhNeXm0A504cI0Yj4TJCRwiqquu5K08uCMGjDP1Y4tz6dV2M2sRqQFTBvE
6iIkbPX7FtVeO8Di3ZtTsK/4XjyHiNKTeof+S4NkO8vbPdNAJWxTQmT1LoqSrSyt
5cvqChv6PrAcieXWP61vqIHAr+H9Lhp6LVL5kS10peSL/U+WLOGfUGQMAIR4g8Hr
6h1BN083ijk0y/SIrNBYeNDAK4xyQs+B665inZgA0s/V32g0SNRd+USZlMRNrm3D
Wgec59tjSXflJ7o+L732
=zLOK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2881-1
January 26, 2016
mysql-5.5, mysql-5.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.6: MySQL database
- mysql-5.5: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
mysql-server-5.6 5.6.28-0ubuntu0.15.10.1
Ubuntu 15.04:
mysql-server-5.6 5.6.28-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.47-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
mysql-server-5.5 5.5.47-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2881-1
CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546,
CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,
CVE-2016-0600, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608,
CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.28-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.28-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.47-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.47-0ubuntu0.12.04.1
[CentOS-announce] CESA-2016:0067 Important CentOS 7 java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2016:0067 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
6d2a9fcd8c0047fbf75850d6f87916da874d826cd045fd282624d4e2c9027e2a java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
fc340ba9fdf41498a57f1e855c5ef4d914b1bf02dda5c3532efecdb721fbb64b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
d20b7ecea5d222dd53a8795dd24ef962e6fea3e12169dabaa09408fb99c6f96f java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
88daac1696331dc127050b86ead11f1e1311b630f2e8cb0105e09c54293b2a22 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
a2e0e4314c57c089bd5a0269b43dd4f90225f689c3cf31ade4445959c8d44c72 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
Source:
93a4207025786c507681644aeb2d0b477bc7ff567c95a7275df008576d8a61dc java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
6d2a9fcd8c0047fbf75850d6f87916da874d826cd045fd282624d4e2c9027e2a java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
fc340ba9fdf41498a57f1e855c5ef4d914b1bf02dda5c3532efecdb721fbb64b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
d20b7ecea5d222dd53a8795dd24ef962e6fea3e12169dabaa09408fb99c6f96f java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
88daac1696331dc127050b86ead11f1e1311b630f2e8cb0105e09c54293b2a22 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
a2e0e4314c57c089bd5a0269b43dd4f90225f689c3cf31ade4445959c8d44c72 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
Source:
93a4207025786c507681644aeb2d0b477bc7ff567c95a7275df008576d8a61dc java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0067 Important CentOS 5 java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2016:0067 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a564cd9490be5ab97d050c1a1cee2090f315dc6e8993c3bb57fac0c732c6a3d3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.i386.rpm
1e6e6102a88e6f8d1d99ba513f5d5bd27445c08ac35606126330dcb7eb309d8b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.i386.rpm
5c5f8fed0f9e6ea7f009fa5db9f1d8517160a68470d5fa42d3b5964c730e1e12 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.i386.rpm
e3a65df6870d94b0be2553dabb647892d44564fc25ce7f091a50e711fb1bb6a3 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.i386.rpm
7596230198a5fc3d7149f94becde9cccccc1166f03b7d664500df33bae23ea67 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.i386.rpm
x86_64:
65e34e63b9a6d16a8019e1e7027d41438ae81722373d5847c94a0ee879a5478b java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
3018d3ea3b1a291928891409ac60be0120863848ded1f271cc2b6a332a45b102 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
276a82950dbe20324ce1322cf2cd781466b8a0b8a155b6d7f7f46a0bce2e76d9 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
dc3173332668d4a3a75894c73ed938cf558592d49cc3e18c86e03a92ad776ba8 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
e14622d70222762fad88e2f2238e6ae27c8f630e0ed29dbd78c19e0d2d0fb329 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
Source:
67daf7f23cfdf1dc5aecdd9d6e1fdaedf77d3863445da21200f52628ec412953 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a564cd9490be5ab97d050c1a1cee2090f315dc6e8993c3bb57fac0c732c6a3d3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.i386.rpm
1e6e6102a88e6f8d1d99ba513f5d5bd27445c08ac35606126330dcb7eb309d8b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.i386.rpm
5c5f8fed0f9e6ea7f009fa5db9f1d8517160a68470d5fa42d3b5964c730e1e12 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.i386.rpm
e3a65df6870d94b0be2553dabb647892d44564fc25ce7f091a50e711fb1bb6a3 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.i386.rpm
7596230198a5fc3d7149f94becde9cccccc1166f03b7d664500df33bae23ea67 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.i386.rpm
x86_64:
65e34e63b9a6d16a8019e1e7027d41438ae81722373d5847c94a0ee879a5478b java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
3018d3ea3b1a291928891409ac60be0120863848ded1f271cc2b6a332a45b102 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
276a82950dbe20324ce1322cf2cd781466b8a0b8a155b6d7f7f46a0bce2e76d9 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
dc3173332668d4a3a75894c73ed938cf558592d49cc3e18c86e03a92ad776ba8 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
e14622d70222762fad88e2f2238e6ae27c8f630e0ed29dbd78c19e0d2d0fb329 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
Source:
67daf7f23cfdf1dc5aecdd9d6e1fdaedf77d3863445da21200f52628ec412953 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0067 Important CentOS 6 java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2016:0067 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8df06a899e26a7520bdeb3b4db31a8fe4c4686e10b2fefde977664de9c7fb658 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.i686.rpm
b645b00280c6b2df08eff4b3ea35f7c5dadffd5c261cfab385aaf9b1b9f37c39 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.i686.rpm
1a3a289f87f54ac2e0b351171f969e10c18f2b7f9068b37ffb962ecf3e5f2480 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.i686.rpm
bcae5c7e8520c7462c383d629d5e74047e2ce5991b7ac22f36ac035f0fc33000 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.i686.rpm
30a96ce89d2188f1ee96309dfd9ba72f37c77d3d8cc924baf3dcd25ae786d5f7 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.i686.rpm
x86_64:
dc86666020c01029080793f7a80ee11ff7b8aa692ee3e5d27b36281d54f5e1a3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
8090ed5219f8f569c4fb0dc94242b0fcfe62415de1089b1a99ade591102ba088 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
7f3c15ee1836066bad87abca524b4af50cc449f51f7ef5a248f4f3db2b2d62af java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
4ac324c5649d25af27d90af2b6310924c029ac7063f922a43e946969051cc92b java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
0b05e4b8e47cf5c7e6d7daf23c9eb8ab620ac85840dbc6d4d50bf5c4a4aa9743 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
Source:
5caca590014371e8066406ef364651473a52b86e7fc56f33acbef9d9b9aa2d80 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8df06a899e26a7520bdeb3b4db31a8fe4c4686e10b2fefde977664de9c7fb658 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.i686.rpm
b645b00280c6b2df08eff4b3ea35f7c5dadffd5c261cfab385aaf9b1b9f37c39 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.i686.rpm
1a3a289f87f54ac2e0b351171f969e10c18f2b7f9068b37ffb962ecf3e5f2480 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.i686.rpm
bcae5c7e8520c7462c383d629d5e74047e2ce5991b7ac22f36ac035f0fc33000 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.i686.rpm
30a96ce89d2188f1ee96309dfd9ba72f37c77d3d8cc924baf3dcd25ae786d5f7 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.i686.rpm
x86_64:
dc86666020c01029080793f7a80ee11ff7b8aa692ee3e5d27b36281d54f5e1a3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
8090ed5219f8f569c4fb0dc94242b0fcfe62415de1089b1a99ade591102ba088 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
7f3c15ee1836066bad87abca524b4af50cc449f51f7ef5a248f4f3db2b2d62af java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
4ac324c5649d25af27d90af2b6310924c029ac7063f922a43e946969051cc92b java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
0b05e4b8e47cf5c7e6d7daf23c9eb8ab620ac85840dbc6d4d50bf5c4a4aa9743 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
Source:
5caca590014371e8066406ef364651473a52b86e7fc56f33acbef9d9b9aa2d80 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Monday, January 25, 2016
[CentOS-announce] CESA-2016:0064 Important CentOS 7 kernel Security Update
CentOS Errata and Security Advisory 2016:0064 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0064.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
29350967bf2d01358deaf9a99e1520eeb0af7bedae1d1cde8fdc73bf80731d4c kernel-3.10.0-327.4.5.el7.x86_64.rpm
674d565da50e81500b2b7fc49fc5a8005e2819b07acbd1d405078e7bc605036a kernel-abi-whitelists-3.10.0-327.4.5.el7.noarch.rpm
3c412b021fdab6881f46d0d7a09e9a2f2e3ffb33a93fb4f365f508e8e35b5b2d kernel-debug-3.10.0-327.4.5.el7.x86_64.rpm
21b228926c50ffcf49e55ed47bab7012d7cb55b495e84934138089cc1595933b kernel-debug-devel-3.10.0-327.4.5.el7.x86_64.rpm
0e2b4c67a11169566fa3d14818dbfa96454a1ddf204d574e102d4f340cbb415c kernel-devel-3.10.0-327.4.5.el7.x86_64.rpm
1d345ee1527bdbf3aacbf97b39ce22fba2c9ba0c76e511970090b7a52c45b246 kernel-doc-3.10.0-327.4.5.el7.noarch.rpm
ad1cdc0d750914db690dfd58b0b58a16b09d0cadbd68281c26bbf4a31ef06f85 kernel-headers-3.10.0-327.4.5.el7.x86_64.rpm
128d4dec4b6fd338ad2974140d4ac1e79737539324669c2d9135dd338817a653 kernel-tools-3.10.0-327.4.5.el7.x86_64.rpm
6210ac1a8f1f0d783b8ea0ce617475eb124ce1163f51d5aba6988be8319e4bd7 kernel-tools-libs-3.10.0-327.4.5.el7.x86_64.rpm
d826d7458ffed75e9fcb1b3ec86977c1593044a9b54336819d5caf507be8f8e1 kernel-tools-libs-devel-3.10.0-327.4.5.el7.x86_64.rpm
8fa80deb6de526b395a35c4d49e2c9ac669397a954452bf454f87a0b182ba20d perf-3.10.0-327.4.5.el7.x86_64.rpm
4d65609eec974b3172035c5a0eacf470c565145cda94d6c6d4399766714d9ea6 python-perf-3.10.0-327.4.5.el7.x86_64.rpm
Source:
ad702b51357600291eededf7c8d8b83bbfca93c106fcb0515aa3040110a4199c kernel-3.10.0-327.4.5.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0064.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
29350967bf2d01358deaf9a99e1520eeb0af7bedae1d1cde8fdc73bf80731d4c kernel-3.10.0-327.4.5.el7.x86_64.rpm
674d565da50e81500b2b7fc49fc5a8005e2819b07acbd1d405078e7bc605036a kernel-abi-whitelists-3.10.0-327.4.5.el7.noarch.rpm
3c412b021fdab6881f46d0d7a09e9a2f2e3ffb33a93fb4f365f508e8e35b5b2d kernel-debug-3.10.0-327.4.5.el7.x86_64.rpm
21b228926c50ffcf49e55ed47bab7012d7cb55b495e84934138089cc1595933b kernel-debug-devel-3.10.0-327.4.5.el7.x86_64.rpm
0e2b4c67a11169566fa3d14818dbfa96454a1ddf204d574e102d4f340cbb415c kernel-devel-3.10.0-327.4.5.el7.x86_64.rpm
1d345ee1527bdbf3aacbf97b39ce22fba2c9ba0c76e511970090b7a52c45b246 kernel-doc-3.10.0-327.4.5.el7.noarch.rpm
ad1cdc0d750914db690dfd58b0b58a16b09d0cadbd68281c26bbf4a31ef06f85 kernel-headers-3.10.0-327.4.5.el7.x86_64.rpm
128d4dec4b6fd338ad2974140d4ac1e79737539324669c2d9135dd338817a653 kernel-tools-3.10.0-327.4.5.el7.x86_64.rpm
6210ac1a8f1f0d783b8ea0ce617475eb124ce1163f51d5aba6988be8319e4bd7 kernel-tools-libs-3.10.0-327.4.5.el7.x86_64.rpm
d826d7458ffed75e9fcb1b3ec86977c1593044a9b54336819d5caf507be8f8e1 kernel-tools-libs-devel-3.10.0-327.4.5.el7.x86_64.rpm
8fa80deb6de526b395a35c4d49e2c9ac669397a954452bf454f87a0b182ba20d perf-3.10.0-327.4.5.el7.x86_64.rpm
4d65609eec974b3172035c5a0eacf470c565145cda94d6c6d4399766714d9ea6 python-perf-3.10.0-327.4.5.el7.x86_64.rpm
Source:
ad702b51357600291eededf7c8d8b83bbfca93c106fcb0515aa3040110a4199c kernel-3.10.0-327.4.5.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0063 Important CentOS 7 ntp Security Update
CentOS Errata and Security Advisory 2016:0063 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
4b606ea94878f359cc016e2fb3545c87af50b77cab65c21ca7daa534c5a49252 ntp-4.2.6p5-22.el7.centos.1.x86_64.rpm
4a320e7a12cf9b0e662e05a5371df9fe3b8fe3881f8b489ec02fc97769ac8628 ntpdate-4.2.6p5-22.el7.centos.1.x86_64.rpm
37c9092a5fc997a11dd02bd4748024584c305f691437e4546418e453cec19c7e ntp-doc-4.2.6p5-22.el7.centos.1.noarch.rpm
b71ff70a1dfd7ed80ad43c76d651b821b5cdc3cd4360b87f244b4aff154d5387 ntp-perl-4.2.6p5-22.el7.centos.1.noarch.rpm
71e36f16c2b105c208284bdfc4d08b1e93b0822fa7f08a569043c4cefdccf4f8 sntp-4.2.6p5-22.el7.centos.1.x86_64.rpm
Source:
207b221dcadaa5ce149bd47258f23eafe973686dfe31030d689850dfe6b4d9ed ntp-4.2.6p5-22.el7.centos.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
4b606ea94878f359cc016e2fb3545c87af50b77cab65c21ca7daa534c5a49252 ntp-4.2.6p5-22.el7.centos.1.x86_64.rpm
4a320e7a12cf9b0e662e05a5371df9fe3b8fe3881f8b489ec02fc97769ac8628 ntpdate-4.2.6p5-22.el7.centos.1.x86_64.rpm
37c9092a5fc997a11dd02bd4748024584c305f691437e4546418e453cec19c7e ntp-doc-4.2.6p5-22.el7.centos.1.noarch.rpm
b71ff70a1dfd7ed80ad43c76d651b821b5cdc3cd4360b87f244b4aff154d5387 ntp-perl-4.2.6p5-22.el7.centos.1.noarch.rpm
71e36f16c2b105c208284bdfc4d08b1e93b0822fa7f08a569043c4cefdccf4f8 sntp-4.2.6p5-22.el7.centos.1.x86_64.rpm
Source:
207b221dcadaa5ce149bd47258f23eafe973686dfe31030d689850dfe6b4d9ed ntp-4.2.6p5-22.el7.centos.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[announce] NYC*BUG Upcoming
We said we had an exciting list of upcoming meetings--and we weren't
lying. Tentatively this is the lineup, although we are still working on
getting some of the details up. All meetings will (likely) be in the
backroom of Stone Creek.
* February 3 "shell-fu" Isaac (.ike) Levy
* March 2 "Discussion of the Past and Future of PID 1 on BSD" Raul Cuza
Raul's meeting is something of a reply to reaffirmation of the BSD
init/rc systems, in the face of systemd
* April 6 "Debugging with llvm" John Wolfe
* May 4 "Urchin: Putting an End to Sloppy Shell Code" Thomas Levine
* June 15 "Adventures in HardenedBSD" Shawn Webb
Shawn will be coming up from Maryland for this meeting. Note the
date which was set as to not conflict with BSDCan
* July 6 "Meet the Smallest BSDs: RetroBSD and LiteBSD" Brian Callahan
* August 3 A *BSD Installfest
This installfest will happen after HOPE, and is a great meeting to
publicize at HOPE. We should have fliers for this event at HOPE
* Sept 7 "Teaching FreeBSD" George Neville-Neil
Also note these other upcoming events:
* Tokyo, Japan: AsiaBSCon, March 10-13
* Ottawa, Canada: BSDCan, June 10-11
with tutorials and the dev summit beforehand
* New York, NY: HOPE (Hackers on Planet Earth), July 22-24
a great opportunity for more popular BSD-related presentations
************************
Feb 3: Isaac Levy on "shell-fu"
18:45, Stone Creek Bar & Lounge: 140 E 27th St
Abstract
shell-fu in 3 short talks
To say everything starts with the shell, is quite an understatement.
Portable shell programming does not have to be painful, exposing the raw
power of UNIX with shell can even be fun.
This talk is relevant for expert and novice alike, aimed at anyone who
uses UNIX systems.
Not the 'shell tricks' variety of talk, but a language discussion
focused on portability, and showing off how simple and profoundly
powerful portable shell can be.
We will cover:
the 3 finger claw technique
using atomic filesystem operations
general shell-fu, input and variable handling
There is always something amazing to learn about sh(1).
Speaker Bio
Isaac (.ike) Levy is a crusty UNIX Hacker.
A long-time community contributor to the *BSD's, ike is obsessed with
high-availability and redundant networked servers systems, mostly
because he likes to sleep at night. Standing on the shoulders of giants,
his background includes partnering to run a Virtual Server ISP before
anyone called it a cloud, as well as having a long history building
internet-facing infrastructure with UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January
2004. He was a long-time member of the Lower East Side Mac Unix User
Group, and is still in denial that this group no longer exists. He has
spoken frequently on a number of UNIX and internet security topics at
various venues, particularly on the topic of FreeBSD's jail(8).
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce
lying. Tentatively this is the lineup, although we are still working on
getting some of the details up. All meetings will (likely) be in the
backroom of Stone Creek.
* February 3 "shell-fu" Isaac (.ike) Levy
* March 2 "Discussion of the Past and Future of PID 1 on BSD" Raul Cuza
Raul's meeting is something of a reply to reaffirmation of the BSD
init/rc systems, in the face of systemd
* April 6 "Debugging with llvm" John Wolfe
* May 4 "Urchin: Putting an End to Sloppy Shell Code" Thomas Levine
* June 15 "Adventures in HardenedBSD" Shawn Webb
Shawn will be coming up from Maryland for this meeting. Note the
date which was set as to not conflict with BSDCan
* July 6 "Meet the Smallest BSDs: RetroBSD and LiteBSD" Brian Callahan
* August 3 A *BSD Installfest
This installfest will happen after HOPE, and is a great meeting to
publicize at HOPE. We should have fliers for this event at HOPE
* Sept 7 "Teaching FreeBSD" George Neville-Neil
Also note these other upcoming events:
* Tokyo, Japan: AsiaBSCon, March 10-13
* Ottawa, Canada: BSDCan, June 10-11
with tutorials and the dev summit beforehand
* New York, NY: HOPE (Hackers on Planet Earth), July 22-24
a great opportunity for more popular BSD-related presentations
************************
Feb 3: Isaac Levy on "shell-fu"
18:45, Stone Creek Bar & Lounge: 140 E 27th St
Abstract
shell-fu in 3 short talks
To say everything starts with the shell, is quite an understatement.
Portable shell programming does not have to be painful, exposing the raw
power of UNIX with shell can even be fun.
This talk is relevant for expert and novice alike, aimed at anyone who
uses UNIX systems.
Not the 'shell tricks' variety of talk, but a language discussion
focused on portability, and showing off how simple and profoundly
powerful portable shell can be.
We will cover:
the 3 finger claw technique
using atomic filesystem operations
general shell-fu, input and variable handling
There is always something amazing to learn about sh(1).
Speaker Bio
Isaac (.ike) Levy is a crusty UNIX Hacker.
A long-time community contributor to the *BSD's, ike is obsessed with
high-availability and redundant networked servers systems, mostly
because he likes to sleep at night. Standing on the shoulders of giants,
his background includes partnering to run a Virtual Server ISP before
anyone called it a cloud, as well as having a long history building
internet-facing infrastructure with UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January
2004. He was a long-time member of the Lower East Side Mac Unix User
Group, and is still in denial that this group no longer exists. He has
spoken frequently on a number of UNIX and internet security topics at
various venues, particularly on the topic of FreeBSD's jail(8).
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce
[CentOS-announce] CESA-2016:0063 Important CentOS 6 ntp Security Update
CentOS Errata and Security Advisory 2016:0063 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b172e4c9936ba6db7e7df9a611f2ba305b0682bb0545c03ba23bc501ae7833f8 ntp-4.2.6p5-5.el6.centos.4.i686.rpm
0cbe654866db67e07ba4dbea484f6eea8136a0a23e5123dfebf1ac097162dfb4 ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
4fdf6a42d2a1178394d328832e70284d631a0b14535af97ffa94d659b545d4b8 ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm
x86_64:
c9bcbc789b84223a297f54197d407520f56d0d4d4775787dd0f746426d2e8866 ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm
07fcdccf4e98b884fc6e99bf568fb037547d7340083ba913d598d0b53cc162d7 ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
c2069c233875863df714450ba095380586746768fab379e7fe737c915e27721f ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm
Source:
7a3f04e3f4c7402309a5a7cbf9a7997778298cd1dbac24efd2ca98b9d75eacec ntp-4.2.6p5-5.el6.centos.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b172e4c9936ba6db7e7df9a611f2ba305b0682bb0545c03ba23bc501ae7833f8 ntp-4.2.6p5-5.el6.centos.4.i686.rpm
0cbe654866db67e07ba4dbea484f6eea8136a0a23e5123dfebf1ac097162dfb4 ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
4fdf6a42d2a1178394d328832e70284d631a0b14535af97ffa94d659b545d4b8 ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm
x86_64:
c9bcbc789b84223a297f54197d407520f56d0d4d4775787dd0f746426d2e8866 ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm
07fcdccf4e98b884fc6e99bf568fb037547d7340083ba913d598d0b53cc162d7 ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
c2069c233875863df714450ba095380586746768fab379e7fe737c915e27721f ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm
Source:
7a3f04e3f4c7402309a5a7cbf9a7997778298cd1dbac24efd2ca98b9d75eacec ntp-4.2.6p5-5.el6.centos.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
F24 System Wide Change: Langpacks Using RPM Tags
= Proposed System Wide Change: Langpacks Using RPM Tags =
https://fedoraproject.org/wiki/Changes/LangpacksInstallationWithRPMWeakDependencies
https://fedoraproject.org/wiki/Changes/LangpacksInstallationWithRPMWeakDependencies
Change owner(s):
* Parag Nemade <pnemade at fedoraproject dot org>
* Jan Silhan <jsilhan at fedoraproject dot org>
Langpacks installations is re-designed using language metapackages
langpacks-<langcode> and RPM weak dependencies (Supplements tag).
== Detailed Description ==
This is similar to what we have dnf langpacks plugin which is already
in Fedora but there is one missing thing that this plugin currently
does not provide automatic installation of langpacks. E.g. if you
enable or install Fedora in Japanese language then installation of any
base package like libreoffice-core or man-pages are not installing
automatically libreoffice-langpack-ja or man-pages-ja. This is because
dnf is not providing required hook to re-resolve the transaction
unlike yum. But now with using RPM tags or weak dependencies like
Supplements, we just need to ensure we have langpacks-xx metapackage
is already installed on the system and when a base package is getting
installed, it will pull its langpack for that xx language
automatically in the transaction set.
This will help in anaconda installation also. When particular set of
languages are selected in anaconda then anaconda should pull all the
required langpacks in the same initial installation.
== Scope ==
Proposal owners:
* Check all langpacks providing packages add Supplements tag in their
each langpack subpackage.
* Create metapackages like langpacks-<langcode>. We have submitted
package review here:
https://bugzilla.redhat.com/show_bug.cgi?id=1300569
Other developers:
* To all other developers of packages who provides langpacks, they
need to add the Supplements tag as given in this draft guideline to
each langpack subpackage.
Release engineering: N/A
Policies and guidelines:
* Working with FPC on this new langpacks guideline:
https://fedoraproject.org/wiki/PackagingDrafts/Langpack
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Saturday, January 23, 2016
Updated Debian 8: 8.3 released
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.3 released press@debian.org
January 23rd, 2016 https://www.debian.org/News/2016/20160123
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were published
separately and are referenced where applicable.
Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds important corrections to the following packages:
+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| android-platform- | [i386] rebuild to fix dependency on |
| frameworks-base [1] | android-libhost |
| | |
| apache2 [2] | Fix split-logfile to work with current |
| | perl, secondary-init-script to not source |
| | the main init script with 'set -e', tests |
| | on deferred MPM switch; add versioned |
| | Replaces / Breaks for libapache2-mod- |
| | macro |
| | |
| apt [3] | Hide first pdiff merge failure debug |
| | message; fix marking of deps of pkgs in |
| | APT::Never-MarkAuto-Sections as manual; |
| | do not parse Status fields from remote |
| | sources |
| | |
| apt-dater-host [4] | Fix kernel version detection |
| | |
| apt-offline [5] | Add missing dependency on python-apt |
| | |
| arb [6] | Skip compiler version check |
| | |
| augeas [7] | HTTPD lense: include /etc/apache2/conf- |
| | available directory, allow EOL comments |
| | after section tags |
| | |
| base-files [8] | Update for the 8.3 point release; os- |
| | release: drop trailing slash in |
| | SUPPORT_URL variable |
| | |
| bcfg2 [9] | Support Django 1.7 |
| | |
| ben [10] | Fix buildd.debian.org compact links; |
| | ignore potential errors when deleting |
| | lock file; call dose-debcheck with --deb- |
| | native-arch |
| | |
| ca-certificates [11] | Update Mozilla certificate authority |
| | bundle to version 2.6 |
| | |
| ceph [12] | URL-encode bucket name [CVE-2015-5245] |
| | |
| charybdis [13] | Security fix [CVE-2015-5290]; initialise |
| | gnutls properly |
| | |
| chrony [14] | Build depend on libcap-dev, to allow |
| | dropping of privileges |
| | |
| commons-httpclient [15] | Ensure HTTPS calls use |
| | http.socket.timeout during SSL Handshake |
| | [CVE-2015-5262] |
| | |
| cpuset [16] | Update filesystem namespace prefix patch |
| | |
| curlftpfs [17] | Avoid unsafe cast for getpass() on 64-bit |
| | architectures |
| | |
| dbconfig-common [18] | Fix permissions of PostgreSQL backup |
| | files |
| | |
| debian-handbook [19] | Update for Jessie |
| | |
| debian-installer [20] | Re-introduce installer images for QNAP |
| | TS-x09; provide u-boot images for plug |
| | computers; add the part_gpt module into |
| | the core grub image; add beep to UEFI x86 |
| | boot menu; add 's' shortcut for speech to |
| | UEFI x86 boot menu; exclude usb-serial- |
| | modules from the armel network-console |
| | image and usb-modules explicitly on |
| | armel/orion5x network-console; drop the |
| | file extension from the initrd for QNAP |
| | devices; adjust p-u support to handle |
| | file:// instead of (f|ht)tp:// only |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [21] | |
| | |
| docbook2x [22] | Do not install info/dir.gz files |
| | |
| doctrine [23] | Fix directory permissions issue |
| | [CVE-2015-5723] |
| | |
| drbd-utils [24] | Fix drbdadm adjust with IPv6 peer |
| | addresses |
| | |
| ejabberd [25] | Fix broken LDAP queries |
| | |
| exfat-utils [26] | Fix buffer overflow and infinite loop |
| | |
| exim4 [27] | Fix some MIME ACL related crashes; fix a |
| | bug causing duplicate deliveries, |
| | especially on TLS connections |
| | |
| fglrx-driver [28] | New upstream release; fix security issue |
| | [CVE-2015-7724] |
| | |
| file [29] | Fix --parameter handling |
| | |
| flash-kernel [30] | Avoid waiting for Ctrl-C if any debconf |
| | frontend is in use |
| | |
| fuse-exfat [31] | Fix buffer overflow and infinite loop |
| | |
| ganglia-modules- | Only restart the ganglia service after |
| linux [32] | installation if it was previously running |
| | |
| getmail4 [33] | Set poplib._MAXLINE=1MB |
| | |
| glance [34] | Prevent image status being directly |
| | modified via v1 API [CVE-2015-5251] |
| | |
| glibc [35] | Fix getaddrinfo sometimes returning |
| | uninitialized data with nscd; fix data |
| | corruption while reading the NSS files |
| | database [CVE-2015-5277]; fix buffer |
| | overflow (read past end of buffer) in |
| | internal_fnmatch; fix _IO_wstr_overflow |
| | integer overflow; fix unexpected closing |
| | of nss_files databases after lookups, |
| | causing denial of service [CVE-2014- |
| | 8121]; fix NSCD netgroup cache; |
| | unconditionally disable LD_POINTER_GUARD; |
| | mangle function pointers in |
| | tls_dtor_list; fix memory allocations |
| | issues that can lead to buffer overflows |
| | on the stack; update TSX blacklist to |
| | also include some Broadwell CPUs |
| | |
| gnome-orca [36] | Ensure correct focus on password entry, |
| | so characters are not echoed |
| | |
| gnome-shell-extension- | Display a warning if API key has not been |
| weather [37] | supplied by the user, since querying |
| | openweathermap.org no longer works |
| | without such a key |
| | |
| gummi [38] | Avoid predictable naming of temporary |
| | files [CVE 2015-7758] |
| | |
| human-icon-theme [39] | debian/clean-up.sh: do not run processes |
| | in background |
| | |
| ieee-data [40] | Update included data files, adding |
| | mam.txt and oui36.txt; stop downloading |
| | via HTTPS, as neither wget nor curl |
| | support TLS AIA, as now used by |
| | standards.ieee.org |
| | |
| intel-microcode [41] | Update included microcode |
| | |
| iptables- | Stop rules files being world-readable; |
| persistent [42] | rewrite README |
| | |
| isc-dhcp [43] | Fix error when maximum lease time is used |
| | on 64-bit systems |
| | |
| keepassx [44] | Fix storage of passwords in clear text |
| | [CVE-2015-8378] |
| | |
| libapache-mod- | Switch B-D from libtool to libtool-bin to |
| fastcgi [45] | fix build failure |
| | |
| libapache2-mod- | Fix crashes in modperl_interp_unselect() |
| perl2 [46] | |
| | |
| libcgi-session- | Untaint raw data coming from session |
| perl [47] | storage backends, fixing a regression |
| | caused by CVE-2015-8607 fixes in perl |
| | |
| libdatetime-timezone- | New upstream release |
| perl [48] | |
| | |
| libencode-perl [49] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| libhtml-scrubber- | Fix cross-site scripting vulnerability in |
| perl [50] | comments [CVE-2015-5667] |
| | |
| libinfinity [51] | Fix possible crashes when an entry is |
| | removed from the document browser and |
| | when access control lists are enabled |
| | |
| libiptables-parse- | Fix use of predictable names for |
| perl [52] | temporary files [CVE-2015-8326] |
| | |
| libraw [53] | Fix index overflow in smal_decode_segment |
| | [CVE-2015-8366]; fix memory objects are |
| | not intialized properly [CVE-2015-8367] |
| | |
| libssh [54] | Fix "null pointer dereference due to a |
| | logical error in the handling of a |
| | SSH_MSG_NEWKEYS and KEXDH_REPLY |
| | packets" [CVE-2015-3146] |
| | |
| linux [55] | Update to upstream release 3.16.7-ctk20; |
| | nbd: restore request timeout detection; |
| | [x86] enable PINCTRL_BAYTRAIL; [mips*/ |
| | octeon] enable CAVIUM_CN63XXP1; |
| | firmware_class: fix condition in |
| | directory search loop; [x86] KVM: svm: |
| | unconditionally intercept #DB [CVE-2015- |
| | 8104] |
| | |
| linux-tools [56] | Add new hyperv-daemons package |
| | |
| lldpd [57] | Fix a segfault and an assertion error |
| | when receiving incorrectly formed LLDP |
| | management addresses |
| | |
| madfuload [58] | Use autoreconf -fi to fix build failure |
| | with automake 1.14 |
| | |
| mdadm [59] | Disable incremental assembly, as it can |
| | cause issues booting a degraded RAID |
| | |
| mkvmlinuz [60] | Direct run-parts output to stderr |
| | |
| monit [61] | Fix umask-related regression from 5.8.1 |
| | |
| mpm-itk [62] | Fix an issue where closing of connections |
| | was attempted in the parent. This would |
| | result in "Connection: close" not being |
| | honoured, and various odd effects with |
| | SSL keepalive in certain browsers |
| | |
| multipath-tools [63] | Fix discovery of devices with blank sysfs |
| | attribute; add documentation to cover |
| | additional friendly names scenarios; |
| | init: fix stop failure when no root |
| | device is found; use 'SCSI_IDENT_.*' as |
| | the default property whitelist |
| | |
| netcfg [64] | Fix is_layer3_qeth on s390x to avoid |
| | bailing out if the network driver is not |
| | qeth |
| | |
| nvidia-graphics- | New upstream release [CVE-2015-5950]; fix |
| drivers [65] | Unsanitized User Mode Input issue |
| | [CVE-2015-7869] |
| | |
| nvidia-graphics- | New upstream release; fix unsanitized |
| drivers- | User Mode Input issue [CVE-2015-7869] |
| legacy-304xx [66] | |
| | |
| nvidia-graphics- | Rebuild against nvidia-kernel-source |
| modules [67] | 340.96 |
| | |
| openldap [68] | Fix a crash when adding a large attribute |
| | value with the auditlog overlay enabled |
| | |
| openvpn [69] | Add --no-block to if-up.d script to avoid |
| | hanging boot on interfaces with openvpn |
| | instances |
| | |
| owncloud [70] | Fix local file inclusion on Microsoft |
| | Windows Platform [CVE-2015-4716], |
| | resource exhaustion when sanitizing |
| | filenames [CVE-2015-4717], command |
| | injection when using external SMB storage |
| | [CVE-2015-4718], calendar export: |
| | Authorization Bypass Through User- |
| | Controlled Key [CVE-2015-6670]; fix |
| | reflected XSS in OCS provider discovery |
| | [oc-sa-2016-001] [CVE-2016-1498], |
| | disclosure of files that begin with \ ".v |
| | \" due to unchecked return value [oc- |
| | sa-2016-003] [CVE-2016-1500], information |
| | exposure via directory listing in the |
| | file scanner [oc-sa-2016-002] [CVE-2016- |
| | 1499], installation path disclosure |
| | through error message [oc-sa-2016-004] |
| | [CVE-2016-1501] |
| | |
| pam [71] | Fix DoS / user enumeration due to |
| | blocking pipe in pam_unix [CVE-2015-3238] |
| | |
| pcre3 [72] | Fix security issues [CVE-2015-2325 |
| | CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 |
| | CVE-2015-8384 CVE-2015-8388] |
| | |
| pdns [73] | Fix upgrades with default configuration |
| | |
| perl [74] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| php-auth-sasl [75] | Rebuild with pkg-php-tools 1.28 to |
| | correct PHP dependencies |
| | |
| php-doctrine- | Fix directory permissions issue |
| annotations [76] | [CVE-2015-5723] |
| | |
| php-doctrine-cache [77] | Fix file / directory permissions issue |
| | [CVE-2015-5723] |
| | |
| php-doctrine- | Fix file permissions issue [CVE-2015- |
| common [78] | 5723] |
| | |
| php-dropbox [79] | Refuse to handle any files containing an |
| | @ [CVE-2015-4715] |
| | |
| php-mail- | Rebuild with pkg-php-tools 1.28 to |
| mimedecode [80] | correct PHP dependencies |
| | |
| php5 [81] | New upstream release |
| | |
| plowshare4 [82] | Disable Javascript support |
| | |
| postgresql-9.1 [83] | New upstream release |
| | |
| pykerberos [84] | Add KDC authenticity verification support |
| | [CVE-2015-3206] |
| | |
| python-yaql [85] | Remove broken python3-yaql package |
| | |
| qpsmtpd [86] | Fix compatibility issue with newer |
| | Net::DNS versions |
| | |
| quassel [87] | Fix remote DoS in quassel core, using /op |
| | * command [CVE-2015-8547] |
| | |
| redis [88] | Ensure that a valid runtime directory is |
| | created when running under systemd |
| | |
| redmine [89] | Fix upgrades when there are locally- |
| | installed plugins; fix moving issues |
| | across projects |
| | |
| rsyslog [90] | Fix crash in imfile module when using |
| | inotify mode; prevent a segfault in |
| | dynafile creation |
| | |
| ruby-bson [91] | Fix DoS and possible injection [CVE-2015- |
| | 4410] |
| | |
| s390-dasd [92] | If no channel is found, exit cleanly. |
| | This allows s390-dasd to step out of the |
| | way on VMs with virtio disks |
| | |
| shadow [93] | Fix error handling in busy user detection |
| | |
| sparse [94] | Fix build failure with llvm-3.5 |
| | |
| spip [95] | Fix cross-site scripting issue |
| | |
| stk [96] | Install missing SKINI.{msg,tbl} include |
| | files |
| | |
| sus [97] | Update checksums for upstream tarball |
| | |
| swift [98] | Fix unauthorized delete of versioned |
| | Swift object [CVE-2015-1856]; fix |
| | information leak via Swift tempurls |
| | [CVE-2015-5223]; fix service name of |
| | object-expirer in init script; add |
| | container-sync init script; |
| | "standardise" user addition |
| | |
| systemd [99] | Fix namespace breakage due to incorrect |
| | path sorting; don't timeout after 90 |
| | seconds when no password was entered for |
| | cryptsetup devices; only set the kernel's |
| | timezone when the RTC runs in local time, |
| | avoiding possible jumps backward in time; |
| | fix incorrect handling of comma separator |
| | in systemd-delta; make DHCP broadcast |
| | behaviour configurable in systemd- |
| | networkd |
| | |
| tangerine-icon- | debian/clean-up.sh: do not run processes |
| theme [100] | in background |
| | |
| torbrowser- | Really apply patches from 0.1.9-1+deb8u1; |
| launcher [101] | stop confining start-tor-browser script |
| | with AppArmor; set usr.bin.torbrowser- |
| | launcher AppArmor profiles to complain |
| | mode |
| | |
| ttylog [102] | Fix truncation of device name when |
| | selecting device |
| | |
| tzdata [103] | New upstream release |
| | |
| uqm [104] | Add missing -lm flag, fixing build |
| | failure |
| | |
| vlc [105] | New upstream stable release |
| | |
| webkitgtk [106] | New upstream stable release; fix "late |
| | TLS certificate verification" [CVE-2015- |
| | 2330] |
| | |
| wxmaxima [107] | Prevent crash on encountering parenthesis |
| | in dialogues |
| | |
| zendframework [108] | Fix entropy issue with captcha [ZF2015- |
| | 09] |
| | |
+-------------------------+-------------------------------------------+
1: https://packages.debian.org/src:android-platform-frameworks-base
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:apt
4: https://packages.debian.org/src:apt-dater-host
5: https://packages.debian.org/src:apt-offline
6: https://packages.debian.org/src:arb
7: https://packages.debian.org/src:augeas
8: https://packages.debian.org/src:base-files
9: https://packages.debian.org/src:bcfg2
10: https://packages.debian.org/src:ben
11: https://packages.debian.org/src:ca-certificates
12: https://packages.debian.org/src:ceph
13: https://packages.debian.org/src:charybdis
14: https://packages.debian.org/src:chrony
15: https://packages.debian.org/src:commons-httpclient
16: https://packages.debian.org/src:cpuset
17: https://packages.debian.org/src:curlftpfs
18: https://packages.debian.org/src:dbconfig-common
19: https://packages.debian.org/src:debian-handbook
20: https://packages.debian.org/src:debian-installer
21: https://packages.debian.org/src:debian-installer-netboot-images
22: https://packages.debian.org/src:docbook2x
23: https://packages.debian.org/src:doctrine
24: https://packages.debian.org/src:drbd-utils
25: https://packages.debian.org/src:ejabberd
26: https://packages.debian.org/src:exfat-utils
27: https://packages.debian.org/src:exim4
28: https://packages.debian.org/src:fglrx-driver
29: https://packages.debian.org/src:file
30: https://packages.debian.org/src:flash-kernel
31: https://packages.debian.org/src:fuse-exfat
32: https://packages.debian.org/src:ganglia-modules-linux
33: https://packages.debian.org/src:getmail4
34: https://packages.debian.org/src:glance
35: https://packages.debian.org/src:glibc
36: https://packages.debian.org/src:gnome-orca
37: https://packages.debian.org/src:gnome-shell-extension-weather
38: https://packages.debian.org/src:gummi
39: https://packages.debian.org/src:human-icon-theme
40: https://packages.debian.org/src:ieee-data
41: https://packages.debian.org/src:intel-microcode
42: https://packages.debian.org/src:iptables-persistent
43: https://packages.debian.org/src:isc-dhcp
44: https://packages.debian.org/src:keepassx
45: https://packages.debian.org/src:libapache-mod-fastcgi
46: https://packages.debian.org/src:libapache2-mod-perl2
47: https://packages.debian.org/src:libcgi-session-perl
48: https://packages.debian.org/src:libdatetime-timezone-perl
49: https://packages.debian.org/src:libencode-perl
50: https://packages.debian.org/src:libhtml-scrubber-perl
51: https://packages.debian.org/src:libinfinity
52: https://packages.debian.org/src:libiptables-parse-perl
53: https://packages.debian.org/src:libraw
54: https://packages.debian.org/src:libssh
55: https://packages.debian.org/src:linux
56: https://packages.debian.org/src:linux-tools
57: https://packages.debian.org/src:lldpd
58: https://packages.debian.org/src:madfuload
59: https://packages.debian.org/src:mdadm
60: https://packages.debian.org/src:mkvmlinuz
61: https://packages.debian.org/src:monit
62: https://packages.debian.org/src:mpm-itk
63: https://packages.debian.org/src:multipath-tools
64: https://packages.debian.org/src:netcfg
65: https://packages.debian.org/src:nvidia-graphics-drivers
66: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx
67: https://packages.debian.org/src:nvidia-graphics-modules
68: https://packages.debian.org/src:openldap
69: https://packages.debian.org/src:openvpn
70: https://packages.debian.org/src:owncloud
71: https://packages.debian.org/src:pam
72: https://packages.debian.org/src:pcre3
73: https://packages.debian.org/src:pdns
74: https://packages.debian.org/src:perl
75: https://packages.debian.org/src:php-auth-sasl
76: https://packages.debian.org/src:php-doctrine-annotations
77: https://packages.debian.org/src:php-doctrine-cache
78: https://packages.debian.org/src:php-doctrine-common
79: https://packages.debian.org/src:php-dropbox
80: https://packages.debian.org/src:php-mail-mimedecode
81: https://packages.debian.org/src:php5
82: https://packages.debian.org/src:plowshare4
83: https://packages.debian.org/src:postgresql-9.1
84: https://packages.debian.org/src:pykerberos
85: https://packages.debian.org/src:python-yaql
86: https://packages.debian.org/src:qpsmtpd
87: https://packages.debian.org/src:quassel
88: https://packages.debian.org/src:redis
89: https://packages.debian.org/src:redmine
90: https://packages.debian.org/src:rsyslog
91: https://packages.debian.org/src:ruby-bson
92: https://packages.debian.org/src:s390-dasd
93: https://packages.debian.org/src:shadow
94: https://packages.debian.org/src:sparse
95: https://packages.debian.org/src:spip
96: https://packages.debian.org/src:stk
97: https://packages.debian.org/src:sus
98: https://packages.debian.org/src:swift
99: https://packages.debian.org/src:systemd
100: https://packages.debian.org/src:tangerine-icon-theme
101: https://packages.debian.org/src:torbrowser-launcher
102: https://packages.debian.org/src:ttylog
103: https://packages.debian.org/src:tzdata
104: https://packages.debian.org/src:uqm
105: https://packages.debian.org/src:vlc
106: https://packages.debian.org/src:webkitgtk
107: https://packages.debian.org/src:wxmaxima
108: https://packages.debian.org/src:zendframework
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+------------------------------------+
| Advisory ID | Package |
+----------------+------------------------------------+
| DSA-3208 [109] | freexl [110] |
| | |
| DSA-3235 [111] | openjdk-7 [112] |
| | |
| DSA-3280 [113] | php5 [114] |
| | |
| DSA-3311 [115] | mariadb-10.0 [116] |
| | |
| DSA-3316 [117] | openjdk-7 [118] |
| | |
| DSA-3324 [119] | icedove [120] |
| | |
| DSA-3327 [121] | squid3 [122] |
| | |
| DSA-3332 [123] | wordpress [124] |
| | |
| DSA-3337 [125] | gdk-pixbuf [126] |
| | |
| DSA-3344 [127] | php5 [128] |
| | |
| DSA-3346 [129] | drupal7 [130] |
| | |
| DSA-3347 [131] | pdns [132] |
| | |
| DSA-3348 [133] | qemu [134] |
| | |
| DSA-3350 [135] | bind9 [136] |
| | |
| DSA-3351 [137] | chromium-browser [138] |
| | |
| DSA-3352 [139] | screen [140] |
| | |
| DSA-3353 [141] | openslp-dfsg [142] |
| | |
| DSA-3354 [143] | spice [144] |
| | |
| DSA-3355 [145] | libvdpau [146] |
| | |
| DSA-3356 [147] | openldap [148] |
| | |
| DSA-3357 [149] | vzctl [150] |
| | |
| DSA-3358 [151] | php5 [152] |
| | |
| DSA-3359 [153] | virtualbox [154] |
| | |
| DSA-3360 [155] | icu [156] |
| | |
| DSA-3361 [157] | qemu [158] |
| | |
| DSA-3363 [159] | owncloud-client [160] |
| | |
| DSA-3364 [161] | linux [162] |
| | |
| DSA-3365 [163] | iceweasel [164] |
| | |
| DSA-3366 [165] | rpcbind [166] |
| | |
| DSA-3367 [167] | wireshark [168] |
| | |
| DSA-3368 [169] | cyrus-sasl2 [170] |
| | |
| DSA-3369 [171] | zendframework [172] |
| | |
| DSA-3370 [173] | freetype [174] |
| | |
| DSA-3371 [175] | spice [176] |
| | |
| DSA-3373 [177] | owncloud [178] |
| | |
| DSA-3374 [179] | postgresql-9.4 [180] |
| | |
| DSA-3375 [181] | wordpress [182] |
| | |
| DSA-3376 [183] | chromium-browser [184] |
| | |
| DSA-3377 [185] | mysql-5.5 [186] |
| | |
| DSA-3378 [187] | gdk-pixbuf [188] |
| | |
| DSA-3379 [189] | miniupnpc [190] |
| | |
| DSA-3380 [191] | php5 [192] |
| | |
| DSA-3381 [193] | openjdk-7 [194] |
| | |
| DSA-3382 [195] | phpmyadmin [196] |
| | |
| DSA-3384 [197] | virtualbox [198] |
| | |
| DSA-3385 [199] | mariadb-10.0 [200] |
| | |
| DSA-3386 [201] | unzip [202] |
| | |
| DSA-3387 [203] | openafs [204] |
| | |
| DSA-3388 [205] | ntp [206] |
| | |
| DSA-3390 [207] | xen [208] |
| | |
| DSA-3391 [209] | php-horde [210] |
| | |
| DSA-3392 [211] | freeimage [212] |
| | |
| DSA-3393 [213] | iceweasel [214] |
| | |
| DSA-3394 [215] | libreoffice [216] |
| | |
| DSA-3395 [217] | krb5 [218] |
| | |
| DSA-3397 [219] | wpa [220] |
| | |
| DSA-3398 [221] | strongswan [222] |
| | |
| DSA-3399 [223] | libpng [224] |
| | |
| DSA-3400 [225] | lxc [226] |
| | |
| DSA-3401 [227] | openjdk-7 [228] |
| | |
| DSA-3402 [229] | symfony [230] |
| | |
| DSA-3403 [231] | libcommons-collections3-java [232] |
| | |
| DSA-3404 [233] | python-django [234] |
| | |
| DSA-3405 [235] | smokeping [236] |
| | |
| DSA-3406 [237] | nspr [238] |
| | |
| DSA-3407 [239] | dpkg [240] |
| | |
| DSA-3409 [241] | putty [242] |
| | |
| DSA-3411 [243] | cups-filters [244] |
| | |
| DSA-3412 [245] | redis [246] |
| | |
| DSA-3413 [247] | openssl [248] |
| | |
| DSA-3414 [249] | xen [250] |
| | |
| DSA-3415 [251] | chromium-browser [252] |
| | |
| DSA-3416 [253] | libphp-phpmailer [254] |
| | |
| DSA-3417 [255] | bouncycastle [256] |
| | |
| DSA-3418 [257] | chromium-browser [258] |
| | |
| DSA-3419 [259] | cups-filters [260] |
| | |
| DSA-3420 [261] | bind9 [262] |
| | |
| DSA-3421 [263] | grub2 [264] |
| | |
| DSA-3422 [265] | iceweasel [266] |
| | |
| DSA-3423 [267] | cacti [268] |
| | |
| DSA-3424 [269] | subversion [270] |
| | |
| DSA-3425 [271] | tryton-server [272] |
| | |
| DSA-3426 [273] | linux [274] |
| | |
| DSA-3427 [275] | blueman [276] |
| | |
| DSA-3428 [277] | tomcat8 [278] |
| | |
| DSA-3429 [279] | foomatic-filters [280] |
| | |
| DSA-3430 [281] | libxml2 [282] |
| | |
| DSA-3431 [283] | ganeti [284] |
| | |
| DSA-3433 [285] | ldb [286] |
| | |
| DSA-3433 [287] | samba [288] |
| | |
| DSA-3434 [289] | linux [290] |
| | |
| DSA-3435 [291] | git [292] |
| | |
| DSA-3438 [293] | xscreensaver [294] |
| | |
| DSA-3439 [295] | prosody [296] |
| | |
| DSA-3440 [297] | sudo [298] |
| | |
| DSA-3441 [299] | perl [300] |
| | |
| DSA-3442 [301] | isc-dhcp [302] |
| | |
| DSA-3443 [303] | libpng [304] |
| | |
| DSA-3444 [305] | wordpress [306] |
| | |
| DSA-3445 [307] | pygments [308] |
| | |
| DSA-3446 [309] | openssh [310] |
| | |
+----------------+------------------------------------+
109: https://www.debian.org/security/2015/dsa-3208
110: https://packages.debian.org/src:freexl
111: https://www.debian.org/security/2015/dsa-3235
112: https://packages.debian.org/src:openjdk-7
113: https://www.debian.org/security/2015/dsa-3280
114: https://packages.debian.org/src:php5
115: https://www.debian.org/security/2015/dsa-3311
116: https://packages.debian.org/src:mariadb-10.0
117: https://www.debian.org/security/2015/dsa-3316
118: https://packages.debian.org/src:openjdk-7
119: https://www.debian.org/security/2015/dsa-3324
120: https://packages.debian.org/src:icedove
121: https://www.debian.org/security/2015/dsa-3327
122: https://packages.debian.org/src:squid3
123: https://www.debian.org/security/2015/dsa-3332
124: https://packages.debian.org/src:wordpress
125: https://www.debian.org/security/2015/dsa-3337
126: https://packages.debian.org/src:gdk-pixbuf
127: https://www.debian.org/security/2015/dsa-3344
128: https://packages.debian.org/src:php5
129: https://www.debian.org/security/2015/dsa-3346
130: https://packages.debian.org/src:drupal7
131: https://www.debian.org/security/2015/dsa-3347
132: https://packages.debian.org/src:pdns
133: https://www.debian.org/security/2015/dsa-3348
134: https://packages.debian.org/src:qemu
135: https://www.debian.org/security/2015/dsa-3350
136: https://packages.debian.org/src:bind9
137: https://www.debian.org/security/2015/dsa-3351
138: https://packages.debian.org/src:chromium-browser
139: https://www.debian.org/security/2015/dsa-3352
140: https://packages.debian.org/src:screen
141: https://www.debian.org/security/2015/dsa-3353
142: https://packages.debian.org/src:openslp-dfsg
143: https://www.debian.org/security/2015/dsa-3354
144: https://packages.debian.org/src:spice
145: https://www.debian.org/security/2015/dsa-3355
146: https://packages.debian.org/src:libvdpau
147: https://www.debian.org/security/2015/dsa-3356
148: https://packages.debian.org/src:openldap
149: https://www.debian.org/security/2015/dsa-3357
150: https://packages.debian.org/src:vzctl
151: https://www.debian.org/security/2015/dsa-3358
152: https://packages.debian.org/src:php5
153: https://www.debian.org/security/2015/dsa-3359
154: https://packages.debian.org/src:virtualbox
155: https://www.debian.org/security/2015/dsa-3360
156: https://packages.debian.org/src:icu
157: https://www.debian.org/security/2015/dsa-3361
158: https://packages.debian.org/src:qemu
159: https://www.debian.org/security/2015/dsa-3363
160: https://packages.debian.org/src:owncloud-client
161: https://www.debian.org/security/2015/dsa-3364
162: https://packages.debian.org/src:linux
163: https://www.debian.org/security/2015/dsa-3365
164: https://packages.debian.org/src:iceweasel
165: https://www.debian.org/security/2015/dsa-3366
166: https://packages.debian.org/src:rpcbind
167: https://www.debian.org/security/2015/dsa-3367
168: https://packages.debian.org/src:wireshark
169: https://www.debian.org/security/2015/dsa-3368
170: https://packages.debian.org/src:cyrus-sasl2
171: https://www.debian.org/security/2015/dsa-3369
172: https://packages.debian.org/src:zendframework
173: https://www.debian.org/security/2015/dsa-3370
174: https://packages.debian.org/src:freetype
175: https://www.debian.org/security/2015/dsa-3371
176: https://packages.debian.org/src:spice
177: https://www.debian.org/security/2015/dsa-3373
178: https://packages.debian.org/src:owncloud
179: https://www.debian.org/security/2015/dsa-3374
180: https://packages.debian.org/src:postgresql-9.4
181: https://www.debian.org/security/2015/dsa-3375
182: https://packages.debian.org/src:wordpress
183: https://www.debian.org/security/2015/dsa-3376
184: https://packages.debian.org/src:chromium-browser
185: https://www.debian.org/security/2015/dsa-3377
186: https://packages.debian.org/src:mysql-5.5
187: https://www.debian.org/security/2015/dsa-3378
188: https://packages.debian.org/src:gdk-pixbuf
189: https://www.debian.org/security/2015/dsa-3379
190: https://packages.debian.org/src:miniupnpc
191: https://www.debian.org/security/2015/dsa-3380
192: https://packages.debian.org/src:php5
193: https://www.debian.org/security/2015/dsa-3381
194: https://packages.debian.org/src:openjdk-7
195: https://www.debian.org/security/2015/dsa-3382
196: https://packages.debian.org/src:phpmyadmin
197: https://www.debian.org/security/2015/dsa-3384
198: https://packages.debian.org/src:virtualbox
199: https://www.debian.org/security/2015/dsa-3385
200: https://packages.debian.org/src:mariadb-10.0
201: https://www.debian.org/security/2015/dsa-3386
202: https://packages.debian.org/src:unzip
203: https://www.debian.org/security/2015/dsa-3387
204: https://packages.debian.org/src:openafs
205: https://www.debian.org/security/2015/dsa-3388
206: https://packages.debian.org/src:ntp
207: https://www.debian.org/security/2015/dsa-3390
208: https://packages.debian.org/src:xen
209: https://www.debian.org/security/2015/dsa-3391
210: https://packages.debian.org/src:php-horde
211: https://www.debian.org/security/2015/dsa-3392
212: https://packages.debian.org/src:freeimage
213: https://www.debian.org/security/2015/dsa-3393
214: https://packages.debian.org/src:iceweasel
215: https://www.debian.org/security/2015/dsa-3394
216: https://packages.debian.org/src:libreoffice
217: https://www.debian.org/security/2015/dsa-3395
218: https://packages.debian.org/src:krb5
219: https://www.debian.org/security/2015/dsa-3397
220: https://packages.debian.org/src:wpa
221: https://www.debian.org/security/2015/dsa-3398
222: https://packages.debian.org/src:strongswan
223: https://www.debian.org/security/2015/dsa-3399
224: https://packages.debian.org/src:libpng
225: https://www.debian.org/security/2015/dsa-3400
226: https://packages.debian.org/src:lxc
227: https://www.debian.org/security/2015/dsa-3401
228: https://packages.debian.org/src:openjdk-7
229: https://www.debian.org/security/2015/dsa-3402
230: https://packages.debian.org/src:symfony
231: https://www.debian.org/security/2015/dsa-3403
232: https://packages.debian.org/src:libcommons-collections3-java
233: https://www.debian.org/security/2015/dsa-3404
234: https://packages.debian.org/src:python-django
235: https://www.debian.org/security/2015/dsa-3405
236: https://packages.debian.org/src:smokeping
237: https://www.debian.org/security/2015/dsa-3406
238: https://packages.debian.org/src:nspr
239: https://www.debian.org/security/2015/dsa-3407
240: https://packages.debian.org/src:dpkg
241: https://www.debian.org/security/2015/dsa-3409
242: https://packages.debian.org/src:putty
243: https://www.debian.org/security/2015/dsa-3411
244: https://packages.debian.org/src:cups-filters
245: https://www.debian.org/security/2015/dsa-3412
246: https://packages.debian.org/src:redis
247: https://www.debian.org/security/2015/dsa-3413
248: https://packages.debian.org/src:openssl
249: https://www.debian.org/security/2015/dsa-3414
250: https://packages.debian.org/src:xen
251: https://www.debian.org/security/2015/dsa-3415
252: https://packages.debian.org/src:chromium-browser
253: https://www.debian.org/security/2015/dsa-3416
254: https://packages.debian.org/src:libphp-phpmailer
255: https://www.debian.org/security/2015/dsa-3417
256: https://packages.debian.org/src:bouncycastle
257: https://www.debian.org/security/2015/dsa-3418
258: https://packages.debian.org/src:chromium-browser
259: https://www.debian.org/security/2015/dsa-3419
260: https://packages.debian.org/src:cups-filters
261: https://www.debian.org/security/2015/dsa-3420
262: https://packages.debian.org/src:bind9
263: https://www.debian.org/security/2015/dsa-3421
264: https://packages.debian.org/src:grub2
265: https://www.debian.org/security/2015/dsa-3422
266: https://packages.debian.org/src:iceweasel
267: https://www.debian.org/security/2015/dsa-3423
268: https://packages.debian.org/src:cacti
269: https://www.debian.org/security/2015/dsa-3424
270: https://packages.debian.org/src:subversion
271: https://www.debian.org/security/2015/dsa-3425
272: https://packages.debian.org/src:tryton-server
273: https://www.debian.org/security/2015/dsa-3426
274: https://packages.debian.org/src:linux
275: https://www.debian.org/security/2015/dsa-3427
276: https://packages.debian.org/src:blueman
277: https://www.debian.org/security/2015/dsa-3428
278: https://packages.debian.org/src:tomcat8
279: https://www.debian.org/security/2015/dsa-3429
280: https://packages.debian.org/src:foomatic-filters
281: https://www.debian.org/security/2015/dsa-3430
282: https://packages.debian.org/src:libxml2
283: https://www.debian.org/security/2016/dsa-3431
284: https://packages.debian.org/src:ganeti
285: https://www.debian.org/security/2016/dsa-3433
286: https://packages.debian.org/src:ldb
287: https://www.debian.org/security/2016/dsa-3433
288: https://packages.debian.org/src:samba
289: https://www.debian.org/security/2016/dsa-3434
290: https://packages.debian.org/src:linux
291: https://www.debian.org/security/2016/dsa-3435
292: https://packages.debian.org/src:git
293: https://www.debian.org/security/2016/dsa-3438
294: https://packages.debian.org/src:xscreensaver
295: https://www.debian.org/security/2016/dsa-3439
296: https://packages.debian.org/src:prosody
297: https://www.debian.org/security/2016/dsa-3440
298: https://packages.debian.org/src:sudo
299: https://www.debian.org/security/2016/dsa-3441
300: https://packages.debian.org/src:perl
301: https://www.debian.org/security/2016/dsa-3442
302: https://packages.debian.org/src:isc-dhcp
303: https://www.debian.org/security/2016/dsa-3443
304: https://packages.debian.org/src:libpng
305: https://www.debian.org/security/2016/dsa-3444
306: https://packages.debian.org/src:wordpress
307: https://www.debian.org/security/2016/dsa-3445
308: https://packages.debian.org/src:pygments
309: https://www.debian.org/security/2016/dsa-3446
310: https://packages.debian.org/src:openssh
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------+--------------------------------------------+
| Package | Reason |
+---------------------+--------------------------------------------+
| core-network [311] | Security issues |
| | |
| elasticsearch [312] | No longer supported |
| | |
| googlecl [313] | Broken due to relying on obsolete APIs |
| | |
| libnsbmp [314] | Security issues, unmaintained |
| | |
| libnsgif [315] | Security issues, unmaintained |
| | |
| vimperator [316] | Incompatible with newer iceweasel versions |
| | |
+---------------------+--------------------------------------------+
311: https://packages.debian.org/src:core-network
312: https://packages.debian.org/src:elasticsearch
313: https://packages.debian.org/src:googlecl
314: https://packages.debian.org/src:libnsbmp
315: https://packages.debian.org/src:libnsgif
316: https://packages.debian.org/src:vimperator
Debian Installer
----------------
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/jessie/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/ [317]
317: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 8: 8.3 released press@debian.org
January 23rd, 2016 https://www.debian.org/News/2016/20160123
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable
distribution Debian 8 (codename "jessie"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments for serious problems. Security advisories were published
separately and are referenced where applicable.
Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds important corrections to the following packages:
+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| android-platform- | [i386] rebuild to fix dependency on |
| frameworks-base [1] | android-libhost |
| | |
| apache2 [2] | Fix split-logfile to work with current |
| | perl, secondary-init-script to not source |
| | the main init script with 'set -e', tests |
| | on deferred MPM switch; add versioned |
| | Replaces / Breaks for libapache2-mod- |
| | macro |
| | |
| apt [3] | Hide first pdiff merge failure debug |
| | message; fix marking of deps of pkgs in |
| | APT::Never-MarkAuto-Sections as manual; |
| | do not parse Status fields from remote |
| | sources |
| | |
| apt-dater-host [4] | Fix kernel version detection |
| | |
| apt-offline [5] | Add missing dependency on python-apt |
| | |
| arb [6] | Skip compiler version check |
| | |
| augeas [7] | HTTPD lense: include /etc/apache2/conf- |
| | available directory, allow EOL comments |
| | after section tags |
| | |
| base-files [8] | Update for the 8.3 point release; os- |
| | release: drop trailing slash in |
| | SUPPORT_URL variable |
| | |
| bcfg2 [9] | Support Django 1.7 |
| | |
| ben [10] | Fix buildd.debian.org compact links; |
| | ignore potential errors when deleting |
| | lock file; call dose-debcheck with --deb- |
| | native-arch |
| | |
| ca-certificates [11] | Update Mozilla certificate authority |
| | bundle to version 2.6 |
| | |
| ceph [12] | URL-encode bucket name [CVE-2015-5245] |
| | |
| charybdis [13] | Security fix [CVE-2015-5290]; initialise |
| | gnutls properly |
| | |
| chrony [14] | Build depend on libcap-dev, to allow |
| | dropping of privileges |
| | |
| commons-httpclient [15] | Ensure HTTPS calls use |
| | http.socket.timeout during SSL Handshake |
| | [CVE-2015-5262] |
| | |
| cpuset [16] | Update filesystem namespace prefix patch |
| | |
| curlftpfs [17] | Avoid unsafe cast for getpass() on 64-bit |
| | architectures |
| | |
| dbconfig-common [18] | Fix permissions of PostgreSQL backup |
| | files |
| | |
| debian-handbook [19] | Update for Jessie |
| | |
| debian-installer [20] | Re-introduce installer images for QNAP |
| | TS-x09; provide u-boot images for plug |
| | computers; add the part_gpt module into |
| | the core grub image; add beep to UEFI x86 |
| | boot menu; add 's' shortcut for speech to |
| | UEFI x86 boot menu; exclude usb-serial- |
| | modules from the armel network-console |
| | image and usb-modules explicitly on |
| | armel/orion5x network-console; drop the |
| | file extension from the initrd for QNAP |
| | devices; adjust p-u support to handle |
| | file:// instead of (f|ht)tp:// only |
| | |
| debian-installer- | Rebuild for the point release |
| netboot-images [21] | |
| | |
| docbook2x [22] | Do not install info/dir.gz files |
| | |
| doctrine [23] | Fix directory permissions issue |
| | [CVE-2015-5723] |
| | |
| drbd-utils [24] | Fix drbdadm adjust with IPv6 peer |
| | addresses |
| | |
| ejabberd [25] | Fix broken LDAP queries |
| | |
| exfat-utils [26] | Fix buffer overflow and infinite loop |
| | |
| exim4 [27] | Fix some MIME ACL related crashes; fix a |
| | bug causing duplicate deliveries, |
| | especially on TLS connections |
| | |
| fglrx-driver [28] | New upstream release; fix security issue |
| | [CVE-2015-7724] |
| | |
| file [29] | Fix --parameter handling |
| | |
| flash-kernel [30] | Avoid waiting for Ctrl-C if any debconf |
| | frontend is in use |
| | |
| fuse-exfat [31] | Fix buffer overflow and infinite loop |
| | |
| ganglia-modules- | Only restart the ganglia service after |
| linux [32] | installation if it was previously running |
| | |
| getmail4 [33] | Set poplib._MAXLINE=1MB |
| | |
| glance [34] | Prevent image status being directly |
| | modified via v1 API [CVE-2015-5251] |
| | |
| glibc [35] | Fix getaddrinfo sometimes returning |
| | uninitialized data with nscd; fix data |
| | corruption while reading the NSS files |
| | database [CVE-2015-5277]; fix buffer |
| | overflow (read past end of buffer) in |
| | internal_fnmatch; fix _IO_wstr_overflow |
| | integer overflow; fix unexpected closing |
| | of nss_files databases after lookups, |
| | causing denial of service [CVE-2014- |
| | 8121]; fix NSCD netgroup cache; |
| | unconditionally disable LD_POINTER_GUARD; |
| | mangle function pointers in |
| | tls_dtor_list; fix memory allocations |
| | issues that can lead to buffer overflows |
| | on the stack; update TSX blacklist to |
| | also include some Broadwell CPUs |
| | |
| gnome-orca [36] | Ensure correct focus on password entry, |
| | so characters are not echoed |
| | |
| gnome-shell-extension- | Display a warning if API key has not been |
| weather [37] | supplied by the user, since querying |
| | openweathermap.org no longer works |
| | without such a key |
| | |
| gummi [38] | Avoid predictable naming of temporary |
| | files [CVE 2015-7758] |
| | |
| human-icon-theme [39] | debian/clean-up.sh: do not run processes |
| | in background |
| | |
| ieee-data [40] | Update included data files, adding |
| | mam.txt and oui36.txt; stop downloading |
| | via HTTPS, as neither wget nor curl |
| | support TLS AIA, as now used by |
| | standards.ieee.org |
| | |
| intel-microcode [41] | Update included microcode |
| | |
| iptables- | Stop rules files being world-readable; |
| persistent [42] | rewrite README |
| | |
| isc-dhcp [43] | Fix error when maximum lease time is used |
| | on 64-bit systems |
| | |
| keepassx [44] | Fix storage of passwords in clear text |
| | [CVE-2015-8378] |
| | |
| libapache-mod- | Switch B-D from libtool to libtool-bin to |
| fastcgi [45] | fix build failure |
| | |
| libapache2-mod- | Fix crashes in modperl_interp_unselect() |
| perl2 [46] | |
| | |
| libcgi-session- | Untaint raw data coming from session |
| perl [47] | storage backends, fixing a regression |
| | caused by CVE-2015-8607 fixes in perl |
| | |
| libdatetime-timezone- | New upstream release |
| perl [48] | |
| | |
| libencode-perl [49] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| libhtml-scrubber- | Fix cross-site scripting vulnerability in |
| perl [50] | comments [CVE-2015-5667] |
| | |
| libinfinity [51] | Fix possible crashes when an entry is |
| | removed from the document browser and |
| | when access control lists are enabled |
| | |
| libiptables-parse- | Fix use of predictable names for |
| perl [52] | temporary files [CVE-2015-8326] |
| | |
| libraw [53] | Fix index overflow in smal_decode_segment |
| | [CVE-2015-8366]; fix memory objects are |
| | not intialized properly [CVE-2015-8367] |
| | |
| libssh [54] | Fix "null pointer dereference due to a |
| | logical error in the handling of a |
| | SSH_MSG_NEWKEYS and KEXDH_REPLY |
| | packets" [CVE-2015-3146] |
| | |
| linux [55] | Update to upstream release 3.16.7-ctk20; |
| | nbd: restore request timeout detection; |
| | [x86] enable PINCTRL_BAYTRAIL; [mips*/ |
| | octeon] enable CAVIUM_CN63XXP1; |
| | firmware_class: fix condition in |
| | directory search loop; [x86] KVM: svm: |
| | unconditionally intercept #DB [CVE-2015- |
| | 8104] |
| | |
| linux-tools [56] | Add new hyperv-daemons package |
| | |
| lldpd [57] | Fix a segfault and an assertion error |
| | when receiving incorrectly formed LLDP |
| | management addresses |
| | |
| madfuload [58] | Use autoreconf -fi to fix build failure |
| | with automake 1.14 |
| | |
| mdadm [59] | Disable incremental assembly, as it can |
| | cause issues booting a degraded RAID |
| | |
| mkvmlinuz [60] | Direct run-parts output to stderr |
| | |
| monit [61] | Fix umask-related regression from 5.8.1 |
| | |
| mpm-itk [62] | Fix an issue where closing of connections |
| | was attempted in the parent. This would |
| | result in "Connection: close" not being |
| | honoured, and various odd effects with |
| | SSL keepalive in certain browsers |
| | |
| multipath-tools [63] | Fix discovery of devices with blank sysfs |
| | attribute; add documentation to cover |
| | additional friendly names scenarios; |
| | init: fix stop failure when no root |
| | device is found; use 'SCSI_IDENT_.*' as |
| | the default property whitelist |
| | |
| netcfg [64] | Fix is_layer3_qeth on s390x to avoid |
| | bailing out if the network driver is not |
| | qeth |
| | |
| nvidia-graphics- | New upstream release [CVE-2015-5950]; fix |
| drivers [65] | Unsanitized User Mode Input issue |
| | [CVE-2015-7869] |
| | |
| nvidia-graphics- | New upstream release; fix unsanitized |
| drivers- | User Mode Input issue [CVE-2015-7869] |
| legacy-304xx [66] | |
| | |
| nvidia-graphics- | Rebuild against nvidia-kernel-source |
| modules [67] | 340.96 |
| | |
| openldap [68] | Fix a crash when adding a large attribute |
| | value with the auditlog overlay enabled |
| | |
| openvpn [69] | Add --no-block to if-up.d script to avoid |
| | hanging boot on interfaces with openvpn |
| | instances |
| | |
| owncloud [70] | Fix local file inclusion on Microsoft |
| | Windows Platform [CVE-2015-4716], |
| | resource exhaustion when sanitizing |
| | filenames [CVE-2015-4717], command |
| | injection when using external SMB storage |
| | [CVE-2015-4718], calendar export: |
| | Authorization Bypass Through User- |
| | Controlled Key [CVE-2015-6670]; fix |
| | reflected XSS in OCS provider discovery |
| | [oc-sa-2016-001] [CVE-2016-1498], |
| | disclosure of files that begin with \ ".v |
| | \" due to unchecked return value [oc- |
| | sa-2016-003] [CVE-2016-1500], information |
| | exposure via directory listing in the |
| | file scanner [oc-sa-2016-002] [CVE-2016- |
| | 1499], installation path disclosure |
| | through error message [oc-sa-2016-004] |
| | [CVE-2016-1501] |
| | |
| pam [71] | Fix DoS / user enumeration due to |
| | blocking pipe in pam_unix [CVE-2015-3238] |
| | |
| pcre3 [72] | Fix security issues [CVE-2015-2325 |
| | CVE-2015-2326 CVE-2015-3210 CVE-2015-5073 |
| | CVE-2015-8384 CVE-2015-8388] |
| | |
| pdns [73] | Fix upgrades with default configuration |
| | |
| perl [74] | Correctly handle a lack of BOM when |
| | decoding |
| | |
| php-auth-sasl [75] | Rebuild with pkg-php-tools 1.28 to |
| | correct PHP dependencies |
| | |
| php-doctrine- | Fix directory permissions issue |
| annotations [76] | [CVE-2015-5723] |
| | |
| php-doctrine-cache [77] | Fix file / directory permissions issue |
| | [CVE-2015-5723] |
| | |
| php-doctrine- | Fix file permissions issue [CVE-2015- |
| common [78] | 5723] |
| | |
| php-dropbox [79] | Refuse to handle any files containing an |
| | @ [CVE-2015-4715] |
| | |
| php-mail- | Rebuild with pkg-php-tools 1.28 to |
| mimedecode [80] | correct PHP dependencies |
| | |
| php5 [81] | New upstream release |
| | |
| plowshare4 [82] | Disable Javascript support |
| | |
| postgresql-9.1 [83] | New upstream release |
| | |
| pykerberos [84] | Add KDC authenticity verification support |
| | [CVE-2015-3206] |
| | |
| python-yaql [85] | Remove broken python3-yaql package |
| | |
| qpsmtpd [86] | Fix compatibility issue with newer |
| | Net::DNS versions |
| | |
| quassel [87] | Fix remote DoS in quassel core, using /op |
| | * command [CVE-2015-8547] |
| | |
| redis [88] | Ensure that a valid runtime directory is |
| | created when running under systemd |
| | |
| redmine [89] | Fix upgrades when there are locally- |
| | installed plugins; fix moving issues |
| | across projects |
| | |
| rsyslog [90] | Fix crash in imfile module when using |
| | inotify mode; prevent a segfault in |
| | dynafile creation |
| | |
| ruby-bson [91] | Fix DoS and possible injection [CVE-2015- |
| | 4410] |
| | |
| s390-dasd [92] | If no channel is found, exit cleanly. |
| | This allows s390-dasd to step out of the |
| | way on VMs with virtio disks |
| | |
| shadow [93] | Fix error handling in busy user detection |
| | |
| sparse [94] | Fix build failure with llvm-3.5 |
| | |
| spip [95] | Fix cross-site scripting issue |
| | |
| stk [96] | Install missing SKINI.{msg,tbl} include |
| | files |
| | |
| sus [97] | Update checksums for upstream tarball |
| | |
| swift [98] | Fix unauthorized delete of versioned |
| | Swift object [CVE-2015-1856]; fix |
| | information leak via Swift tempurls |
| | [CVE-2015-5223]; fix service name of |
| | object-expirer in init script; add |
| | container-sync init script; |
| | "standardise" user addition |
| | |
| systemd [99] | Fix namespace breakage due to incorrect |
| | path sorting; don't timeout after 90 |
| | seconds when no password was entered for |
| | cryptsetup devices; only set the kernel's |
| | timezone when the RTC runs in local time, |
| | avoiding possible jumps backward in time; |
| | fix incorrect handling of comma separator |
| | in systemd-delta; make DHCP broadcast |
| | behaviour configurable in systemd- |
| | networkd |
| | |
| tangerine-icon- | debian/clean-up.sh: do not run processes |
| theme [100] | in background |
| | |
| torbrowser- | Really apply patches from 0.1.9-1+deb8u1; |
| launcher [101] | stop confining start-tor-browser script |
| | with AppArmor; set usr.bin.torbrowser- |
| | launcher AppArmor profiles to complain |
| | mode |
| | |
| ttylog [102] | Fix truncation of device name when |
| | selecting device |
| | |
| tzdata [103] | New upstream release |
| | |
| uqm [104] | Add missing -lm flag, fixing build |
| | failure |
| | |
| vlc [105] | New upstream stable release |
| | |
| webkitgtk [106] | New upstream stable release; fix "late |
| | TLS certificate verification" [CVE-2015- |
| | 2330] |
| | |
| wxmaxima [107] | Prevent crash on encountering parenthesis |
| | in dialogues |
| | |
| zendframework [108] | Fix entropy issue with captcha [ZF2015- |
| | 09] |
| | |
+-------------------------+-------------------------------------------+
1: https://packages.debian.org/src:android-platform-frameworks-base
2: https://packages.debian.org/src:apache2
3: https://packages.debian.org/src:apt
4: https://packages.debian.org/src:apt-dater-host
5: https://packages.debian.org/src:apt-offline
6: https://packages.debian.org/src:arb
7: https://packages.debian.org/src:augeas
8: https://packages.debian.org/src:base-files
9: https://packages.debian.org/src:bcfg2
10: https://packages.debian.org/src:ben
11: https://packages.debian.org/src:ca-certificates
12: https://packages.debian.org/src:ceph
13: https://packages.debian.org/src:charybdis
14: https://packages.debian.org/src:chrony
15: https://packages.debian.org/src:commons-httpclient
16: https://packages.debian.org/src:cpuset
17: https://packages.debian.org/src:curlftpfs
18: https://packages.debian.org/src:dbconfig-common
19: https://packages.debian.org/src:debian-handbook
20: https://packages.debian.org/src:debian-installer
21: https://packages.debian.org/src:debian-installer-netboot-images
22: https://packages.debian.org/src:docbook2x
23: https://packages.debian.org/src:doctrine
24: https://packages.debian.org/src:drbd-utils
25: https://packages.debian.org/src:ejabberd
26: https://packages.debian.org/src:exfat-utils
27: https://packages.debian.org/src:exim4
28: https://packages.debian.org/src:fglrx-driver
29: https://packages.debian.org/src:file
30: https://packages.debian.org/src:flash-kernel
31: https://packages.debian.org/src:fuse-exfat
32: https://packages.debian.org/src:ganglia-modules-linux
33: https://packages.debian.org/src:getmail4
34: https://packages.debian.org/src:glance
35: https://packages.debian.org/src:glibc
36: https://packages.debian.org/src:gnome-orca
37: https://packages.debian.org/src:gnome-shell-extension-weather
38: https://packages.debian.org/src:gummi
39: https://packages.debian.org/src:human-icon-theme
40: https://packages.debian.org/src:ieee-data
41: https://packages.debian.org/src:intel-microcode
42: https://packages.debian.org/src:iptables-persistent
43: https://packages.debian.org/src:isc-dhcp
44: https://packages.debian.org/src:keepassx
45: https://packages.debian.org/src:libapache-mod-fastcgi
46: https://packages.debian.org/src:libapache2-mod-perl2
47: https://packages.debian.org/src:libcgi-session-perl
48: https://packages.debian.org/src:libdatetime-timezone-perl
49: https://packages.debian.org/src:libencode-perl
50: https://packages.debian.org/src:libhtml-scrubber-perl
51: https://packages.debian.org/src:libinfinity
52: https://packages.debian.org/src:libiptables-parse-perl
53: https://packages.debian.org/src:libraw
54: https://packages.debian.org/src:libssh
55: https://packages.debian.org/src:linux
56: https://packages.debian.org/src:linux-tools
57: https://packages.debian.org/src:lldpd
58: https://packages.debian.org/src:madfuload
59: https://packages.debian.org/src:mdadm
60: https://packages.debian.org/src:mkvmlinuz
61: https://packages.debian.org/src:monit
62: https://packages.debian.org/src:mpm-itk
63: https://packages.debian.org/src:multipath-tools
64: https://packages.debian.org/src:netcfg
65: https://packages.debian.org/src:nvidia-graphics-drivers
66: https://packages.debian.org/src:nvidia-graphics-drivers-legacy-304xx
67: https://packages.debian.org/src:nvidia-graphics-modules
68: https://packages.debian.org/src:openldap
69: https://packages.debian.org/src:openvpn
70: https://packages.debian.org/src:owncloud
71: https://packages.debian.org/src:pam
72: https://packages.debian.org/src:pcre3
73: https://packages.debian.org/src:pdns
74: https://packages.debian.org/src:perl
75: https://packages.debian.org/src:php-auth-sasl
76: https://packages.debian.org/src:php-doctrine-annotations
77: https://packages.debian.org/src:php-doctrine-cache
78: https://packages.debian.org/src:php-doctrine-common
79: https://packages.debian.org/src:php-dropbox
80: https://packages.debian.org/src:php-mail-mimedecode
81: https://packages.debian.org/src:php5
82: https://packages.debian.org/src:plowshare4
83: https://packages.debian.org/src:postgresql-9.1
84: https://packages.debian.org/src:pykerberos
85: https://packages.debian.org/src:python-yaql
86: https://packages.debian.org/src:qpsmtpd
87: https://packages.debian.org/src:quassel
88: https://packages.debian.org/src:redis
89: https://packages.debian.org/src:redmine
90: https://packages.debian.org/src:rsyslog
91: https://packages.debian.org/src:ruby-bson
92: https://packages.debian.org/src:s390-dasd
93: https://packages.debian.org/src:shadow
94: https://packages.debian.org/src:sparse
95: https://packages.debian.org/src:spip
96: https://packages.debian.org/src:stk
97: https://packages.debian.org/src:sus
98: https://packages.debian.org/src:swift
99: https://packages.debian.org/src:systemd
100: https://packages.debian.org/src:tangerine-icon-theme
101: https://packages.debian.org/src:torbrowser-launcher
102: https://packages.debian.org/src:ttylog
103: https://packages.debian.org/src:tzdata
104: https://packages.debian.org/src:uqm
105: https://packages.debian.org/src:vlc
106: https://packages.debian.org/src:webkitgtk
107: https://packages.debian.org/src:wxmaxima
108: https://packages.debian.org/src:zendframework
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+------------------------------------+
| Advisory ID | Package |
+----------------+------------------------------------+
| DSA-3208 [109] | freexl [110] |
| | |
| DSA-3235 [111] | openjdk-7 [112] |
| | |
| DSA-3280 [113] | php5 [114] |
| | |
| DSA-3311 [115] | mariadb-10.0 [116] |
| | |
| DSA-3316 [117] | openjdk-7 [118] |
| | |
| DSA-3324 [119] | icedove [120] |
| | |
| DSA-3327 [121] | squid3 [122] |
| | |
| DSA-3332 [123] | wordpress [124] |
| | |
| DSA-3337 [125] | gdk-pixbuf [126] |
| | |
| DSA-3344 [127] | php5 [128] |
| | |
| DSA-3346 [129] | drupal7 [130] |
| | |
| DSA-3347 [131] | pdns [132] |
| | |
| DSA-3348 [133] | qemu [134] |
| | |
| DSA-3350 [135] | bind9 [136] |
| | |
| DSA-3351 [137] | chromium-browser [138] |
| | |
| DSA-3352 [139] | screen [140] |
| | |
| DSA-3353 [141] | openslp-dfsg [142] |
| | |
| DSA-3354 [143] | spice [144] |
| | |
| DSA-3355 [145] | libvdpau [146] |
| | |
| DSA-3356 [147] | openldap [148] |
| | |
| DSA-3357 [149] | vzctl [150] |
| | |
| DSA-3358 [151] | php5 [152] |
| | |
| DSA-3359 [153] | virtualbox [154] |
| | |
| DSA-3360 [155] | icu [156] |
| | |
| DSA-3361 [157] | qemu [158] |
| | |
| DSA-3363 [159] | owncloud-client [160] |
| | |
| DSA-3364 [161] | linux [162] |
| | |
| DSA-3365 [163] | iceweasel [164] |
| | |
| DSA-3366 [165] | rpcbind [166] |
| | |
| DSA-3367 [167] | wireshark [168] |
| | |
| DSA-3368 [169] | cyrus-sasl2 [170] |
| | |
| DSA-3369 [171] | zendframework [172] |
| | |
| DSA-3370 [173] | freetype [174] |
| | |
| DSA-3371 [175] | spice [176] |
| | |
| DSA-3373 [177] | owncloud [178] |
| | |
| DSA-3374 [179] | postgresql-9.4 [180] |
| | |
| DSA-3375 [181] | wordpress [182] |
| | |
| DSA-3376 [183] | chromium-browser [184] |
| | |
| DSA-3377 [185] | mysql-5.5 [186] |
| | |
| DSA-3378 [187] | gdk-pixbuf [188] |
| | |
| DSA-3379 [189] | miniupnpc [190] |
| | |
| DSA-3380 [191] | php5 [192] |
| | |
| DSA-3381 [193] | openjdk-7 [194] |
| | |
| DSA-3382 [195] | phpmyadmin [196] |
| | |
| DSA-3384 [197] | virtualbox [198] |
| | |
| DSA-3385 [199] | mariadb-10.0 [200] |
| | |
| DSA-3386 [201] | unzip [202] |
| | |
| DSA-3387 [203] | openafs [204] |
| | |
| DSA-3388 [205] | ntp [206] |
| | |
| DSA-3390 [207] | xen [208] |
| | |
| DSA-3391 [209] | php-horde [210] |
| | |
| DSA-3392 [211] | freeimage [212] |
| | |
| DSA-3393 [213] | iceweasel [214] |
| | |
| DSA-3394 [215] | libreoffice [216] |
| | |
| DSA-3395 [217] | krb5 [218] |
| | |
| DSA-3397 [219] | wpa [220] |
| | |
| DSA-3398 [221] | strongswan [222] |
| | |
| DSA-3399 [223] | libpng [224] |
| | |
| DSA-3400 [225] | lxc [226] |
| | |
| DSA-3401 [227] | openjdk-7 [228] |
| | |
| DSA-3402 [229] | symfony [230] |
| | |
| DSA-3403 [231] | libcommons-collections3-java [232] |
| | |
| DSA-3404 [233] | python-django [234] |
| | |
| DSA-3405 [235] | smokeping [236] |
| | |
| DSA-3406 [237] | nspr [238] |
| | |
| DSA-3407 [239] | dpkg [240] |
| | |
| DSA-3409 [241] | putty [242] |
| | |
| DSA-3411 [243] | cups-filters [244] |
| | |
| DSA-3412 [245] | redis [246] |
| | |
| DSA-3413 [247] | openssl [248] |
| | |
| DSA-3414 [249] | xen [250] |
| | |
| DSA-3415 [251] | chromium-browser [252] |
| | |
| DSA-3416 [253] | libphp-phpmailer [254] |
| | |
| DSA-3417 [255] | bouncycastle [256] |
| | |
| DSA-3418 [257] | chromium-browser [258] |
| | |
| DSA-3419 [259] | cups-filters [260] |
| | |
| DSA-3420 [261] | bind9 [262] |
| | |
| DSA-3421 [263] | grub2 [264] |
| | |
| DSA-3422 [265] | iceweasel [266] |
| | |
| DSA-3423 [267] | cacti [268] |
| | |
| DSA-3424 [269] | subversion [270] |
| | |
| DSA-3425 [271] | tryton-server [272] |
| | |
| DSA-3426 [273] | linux [274] |
| | |
| DSA-3427 [275] | blueman [276] |
| | |
| DSA-3428 [277] | tomcat8 [278] |
| | |
| DSA-3429 [279] | foomatic-filters [280] |
| | |
| DSA-3430 [281] | libxml2 [282] |
| | |
| DSA-3431 [283] | ganeti [284] |
| | |
| DSA-3433 [285] | ldb [286] |
| | |
| DSA-3433 [287] | samba [288] |
| | |
| DSA-3434 [289] | linux [290] |
| | |
| DSA-3435 [291] | git [292] |
| | |
| DSA-3438 [293] | xscreensaver [294] |
| | |
| DSA-3439 [295] | prosody [296] |
| | |
| DSA-3440 [297] | sudo [298] |
| | |
| DSA-3441 [299] | perl [300] |
| | |
| DSA-3442 [301] | isc-dhcp [302] |
| | |
| DSA-3443 [303] | libpng [304] |
| | |
| DSA-3444 [305] | wordpress [306] |
| | |
| DSA-3445 [307] | pygments [308] |
| | |
| DSA-3446 [309] | openssh [310] |
| | |
+----------------+------------------------------------+
109: https://www.debian.org/security/2015/dsa-3208
110: https://packages.debian.org/src:freexl
111: https://www.debian.org/security/2015/dsa-3235
112: https://packages.debian.org/src:openjdk-7
113: https://www.debian.org/security/2015/dsa-3280
114: https://packages.debian.org/src:php5
115: https://www.debian.org/security/2015/dsa-3311
116: https://packages.debian.org/src:mariadb-10.0
117: https://www.debian.org/security/2015/dsa-3316
118: https://packages.debian.org/src:openjdk-7
119: https://www.debian.org/security/2015/dsa-3324
120: https://packages.debian.org/src:icedove
121: https://www.debian.org/security/2015/dsa-3327
122: https://packages.debian.org/src:squid3
123: https://www.debian.org/security/2015/dsa-3332
124: https://packages.debian.org/src:wordpress
125: https://www.debian.org/security/2015/dsa-3337
126: https://packages.debian.org/src:gdk-pixbuf
127: https://www.debian.org/security/2015/dsa-3344
128: https://packages.debian.org/src:php5
129: https://www.debian.org/security/2015/dsa-3346
130: https://packages.debian.org/src:drupal7
131: https://www.debian.org/security/2015/dsa-3347
132: https://packages.debian.org/src:pdns
133: https://www.debian.org/security/2015/dsa-3348
134: https://packages.debian.org/src:qemu
135: https://www.debian.org/security/2015/dsa-3350
136: https://packages.debian.org/src:bind9
137: https://www.debian.org/security/2015/dsa-3351
138: https://packages.debian.org/src:chromium-browser
139: https://www.debian.org/security/2015/dsa-3352
140: https://packages.debian.org/src:screen
141: https://www.debian.org/security/2015/dsa-3353
142: https://packages.debian.org/src:openslp-dfsg
143: https://www.debian.org/security/2015/dsa-3354
144: https://packages.debian.org/src:spice
145: https://www.debian.org/security/2015/dsa-3355
146: https://packages.debian.org/src:libvdpau
147: https://www.debian.org/security/2015/dsa-3356
148: https://packages.debian.org/src:openldap
149: https://www.debian.org/security/2015/dsa-3357
150: https://packages.debian.org/src:vzctl
151: https://www.debian.org/security/2015/dsa-3358
152: https://packages.debian.org/src:php5
153: https://www.debian.org/security/2015/dsa-3359
154: https://packages.debian.org/src:virtualbox
155: https://www.debian.org/security/2015/dsa-3360
156: https://packages.debian.org/src:icu
157: https://www.debian.org/security/2015/dsa-3361
158: https://packages.debian.org/src:qemu
159: https://www.debian.org/security/2015/dsa-3363
160: https://packages.debian.org/src:owncloud-client
161: https://www.debian.org/security/2015/dsa-3364
162: https://packages.debian.org/src:linux
163: https://www.debian.org/security/2015/dsa-3365
164: https://packages.debian.org/src:iceweasel
165: https://www.debian.org/security/2015/dsa-3366
166: https://packages.debian.org/src:rpcbind
167: https://www.debian.org/security/2015/dsa-3367
168: https://packages.debian.org/src:wireshark
169: https://www.debian.org/security/2015/dsa-3368
170: https://packages.debian.org/src:cyrus-sasl2
171: https://www.debian.org/security/2015/dsa-3369
172: https://packages.debian.org/src:zendframework
173: https://www.debian.org/security/2015/dsa-3370
174: https://packages.debian.org/src:freetype
175: https://www.debian.org/security/2015/dsa-3371
176: https://packages.debian.org/src:spice
177: https://www.debian.org/security/2015/dsa-3373
178: https://packages.debian.org/src:owncloud
179: https://www.debian.org/security/2015/dsa-3374
180: https://packages.debian.org/src:postgresql-9.4
181: https://www.debian.org/security/2015/dsa-3375
182: https://packages.debian.org/src:wordpress
183: https://www.debian.org/security/2015/dsa-3376
184: https://packages.debian.org/src:chromium-browser
185: https://www.debian.org/security/2015/dsa-3377
186: https://packages.debian.org/src:mysql-5.5
187: https://www.debian.org/security/2015/dsa-3378
188: https://packages.debian.org/src:gdk-pixbuf
189: https://www.debian.org/security/2015/dsa-3379
190: https://packages.debian.org/src:miniupnpc
191: https://www.debian.org/security/2015/dsa-3380
192: https://packages.debian.org/src:php5
193: https://www.debian.org/security/2015/dsa-3381
194: https://packages.debian.org/src:openjdk-7
195: https://www.debian.org/security/2015/dsa-3382
196: https://packages.debian.org/src:phpmyadmin
197: https://www.debian.org/security/2015/dsa-3384
198: https://packages.debian.org/src:virtualbox
199: https://www.debian.org/security/2015/dsa-3385
200: https://packages.debian.org/src:mariadb-10.0
201: https://www.debian.org/security/2015/dsa-3386
202: https://packages.debian.org/src:unzip
203: https://www.debian.org/security/2015/dsa-3387
204: https://packages.debian.org/src:openafs
205: https://www.debian.org/security/2015/dsa-3388
206: https://packages.debian.org/src:ntp
207: https://www.debian.org/security/2015/dsa-3390
208: https://packages.debian.org/src:xen
209: https://www.debian.org/security/2015/dsa-3391
210: https://packages.debian.org/src:php-horde
211: https://www.debian.org/security/2015/dsa-3392
212: https://packages.debian.org/src:freeimage
213: https://www.debian.org/security/2015/dsa-3393
214: https://packages.debian.org/src:iceweasel
215: https://www.debian.org/security/2015/dsa-3394
216: https://packages.debian.org/src:libreoffice
217: https://www.debian.org/security/2015/dsa-3395
218: https://packages.debian.org/src:krb5
219: https://www.debian.org/security/2015/dsa-3397
220: https://packages.debian.org/src:wpa
221: https://www.debian.org/security/2015/dsa-3398
222: https://packages.debian.org/src:strongswan
223: https://www.debian.org/security/2015/dsa-3399
224: https://packages.debian.org/src:libpng
225: https://www.debian.org/security/2015/dsa-3400
226: https://packages.debian.org/src:lxc
227: https://www.debian.org/security/2015/dsa-3401
228: https://packages.debian.org/src:openjdk-7
229: https://www.debian.org/security/2015/dsa-3402
230: https://packages.debian.org/src:symfony
231: https://www.debian.org/security/2015/dsa-3403
232: https://packages.debian.org/src:libcommons-collections3-java
233: https://www.debian.org/security/2015/dsa-3404
234: https://packages.debian.org/src:python-django
235: https://www.debian.org/security/2015/dsa-3405
236: https://packages.debian.org/src:smokeping
237: https://www.debian.org/security/2015/dsa-3406
238: https://packages.debian.org/src:nspr
239: https://www.debian.org/security/2015/dsa-3407
240: https://packages.debian.org/src:dpkg
241: https://www.debian.org/security/2015/dsa-3409
242: https://packages.debian.org/src:putty
243: https://www.debian.org/security/2015/dsa-3411
244: https://packages.debian.org/src:cups-filters
245: https://www.debian.org/security/2015/dsa-3412
246: https://packages.debian.org/src:redis
247: https://www.debian.org/security/2015/dsa-3413
248: https://packages.debian.org/src:openssl
249: https://www.debian.org/security/2015/dsa-3414
250: https://packages.debian.org/src:xen
251: https://www.debian.org/security/2015/dsa-3415
252: https://packages.debian.org/src:chromium-browser
253: https://www.debian.org/security/2015/dsa-3416
254: https://packages.debian.org/src:libphp-phpmailer
255: https://www.debian.org/security/2015/dsa-3417
256: https://packages.debian.org/src:bouncycastle
257: https://www.debian.org/security/2015/dsa-3418
258: https://packages.debian.org/src:chromium-browser
259: https://www.debian.org/security/2015/dsa-3419
260: https://packages.debian.org/src:cups-filters
261: https://www.debian.org/security/2015/dsa-3420
262: https://packages.debian.org/src:bind9
263: https://www.debian.org/security/2015/dsa-3421
264: https://packages.debian.org/src:grub2
265: https://www.debian.org/security/2015/dsa-3422
266: https://packages.debian.org/src:iceweasel
267: https://www.debian.org/security/2015/dsa-3423
268: https://packages.debian.org/src:cacti
269: https://www.debian.org/security/2015/dsa-3424
270: https://packages.debian.org/src:subversion
271: https://www.debian.org/security/2015/dsa-3425
272: https://packages.debian.org/src:tryton-server
273: https://www.debian.org/security/2015/dsa-3426
274: https://packages.debian.org/src:linux
275: https://www.debian.org/security/2015/dsa-3427
276: https://packages.debian.org/src:blueman
277: https://www.debian.org/security/2015/dsa-3428
278: https://packages.debian.org/src:tomcat8
279: https://www.debian.org/security/2015/dsa-3429
280: https://packages.debian.org/src:foomatic-filters
281: https://www.debian.org/security/2015/dsa-3430
282: https://packages.debian.org/src:libxml2
283: https://www.debian.org/security/2016/dsa-3431
284: https://packages.debian.org/src:ganeti
285: https://www.debian.org/security/2016/dsa-3433
286: https://packages.debian.org/src:ldb
287: https://www.debian.org/security/2016/dsa-3433
288: https://packages.debian.org/src:samba
289: https://www.debian.org/security/2016/dsa-3434
290: https://packages.debian.org/src:linux
291: https://www.debian.org/security/2016/dsa-3435
292: https://packages.debian.org/src:git
293: https://www.debian.org/security/2016/dsa-3438
294: https://packages.debian.org/src:xscreensaver
295: https://www.debian.org/security/2016/dsa-3439
296: https://packages.debian.org/src:prosody
297: https://www.debian.org/security/2016/dsa-3440
298: https://packages.debian.org/src:sudo
299: https://www.debian.org/security/2016/dsa-3441
300: https://packages.debian.org/src:perl
301: https://www.debian.org/security/2016/dsa-3442
302: https://packages.debian.org/src:isc-dhcp
303: https://www.debian.org/security/2016/dsa-3443
304: https://packages.debian.org/src:libpng
305: https://www.debian.org/security/2016/dsa-3444
306: https://packages.debian.org/src:wordpress
307: https://www.debian.org/security/2016/dsa-3445
308: https://packages.debian.org/src:pygments
309: https://www.debian.org/security/2016/dsa-3446
310: https://packages.debian.org/src:openssh
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+---------------------+--------------------------------------------+
| Package | Reason |
+---------------------+--------------------------------------------+
| core-network [311] | Security issues |
| | |
| elasticsearch [312] | No longer supported |
| | |
| googlecl [313] | Broken due to relying on obsolete APIs |
| | |
| libnsbmp [314] | Security issues, unmaintained |
| | |
| libnsgif [315] | Security issues, unmaintained |
| | |
| vimperator [316] | Incompatible with newer iceweasel versions |
| | |
+---------------------+--------------------------------------------+
311: https://packages.debian.org/src:core-network
312: https://packages.debian.org/src:elasticsearch
313: https://packages.debian.org/src:googlecl
314: https://packages.debian.org/src:libnsbmp
315: https://packages.debian.org/src:libnsgif
316: https://packages.debian.org/src:vimperator
Debian Installer
----------------
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/jessie/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/ [317]
317: https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Subscribe to:
Posts (Atom)