The Nomination period of Elections to Council [1], FESCo [2] and
FAmSCo [3] is now over.
The list of nominees follows:
== Council (1 open seat) ==
* Justin W. Flory (jwf / jflory7)
* Langdon White (langdon)
* Nick Bebout (nb)
* Dennis Gilmore (dgilmore / ausil)
* Till Maas (tyll / till)
== FESCo (4 open seats) ==
* Dominik Mierzejewski (Rathann/rathann)
* Stephen Gallagher (sgallagh/sgallagh)
* Randy Barlow (bowlofeggs/bowlofeggs)
* Dennis Gilmore (dgilmore / ausil)
* Till Maas (tyll / till)
== FAmSCo (3 open seats) ==
* Itamar Reis Peixoto (itamarjp/itamarjp)
* Alex Oviedo Solis (alexove/alexove)
* Eduardo Echeverria (echevemaster/echevemaster)
* Eduard Lucena (x3mboy)
* Sumantro Mukherjee (sumantro / sumantrom)
* Andrew Ward (award3535)
* Daniel Lara (danniel/Danniel)
* Sirko Kemter (gnokii/gnokii)
* Ben Williams (Southern_Gentlem/jbwillia)
* Nick Bebout (nb/nb)
Nominees can now start with their own campaign, to attract people in
the Fedora community. I am also going to work with nominees and with
people from CommOps team to prepare Community Blog for publishing
answers from nominees on collected questions in the Election's
Questionnaire [4].
I wish all the nominees good luck and a lot of fun during the campaign period.
[1] https://fedoraproject.org/wiki/Council/Nominations
[2] https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
[3] https://fedoraproject.org/wiki/FAmSCo_nominations
[4] https://fedoraproject.org/wiki/Elections/Questionnaire
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Monday, July 31, 2017
[USN-3366-2] OpenJDK 8 regression
==========================================================================
Ubuntu Security Notice USN-3366-2
July 31, 2017
openjdk-8 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
USN 3366-1 introduced a regression in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that
update introduced a regression that caused some valid JAR files to
fail validation. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)
It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)
It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions
and cause a denial of service or possibly execute arbitrary
code. (CVE-2017-10074)
It was discovered that the JavaScript Scripting component of OpenJDK
incorrectly allowed access to Java APIs. An attacker could use this
to specially craft JavaScript code to bypass access restrictions.
(CVE-2017-10078)
It was discovered that OpenJDK did not properly process parentheses
in function signatures. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10081)
It was discovered that the ThreadPoolExecutor class in OpenJDK did not
properly perform access control checks when cleaning up threads. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and
possibly execute arbitrary code. (CVE-2017-10087)
It was discovered that the ServiceRegistry implementation
in OpenJDK did not perform access control checks in certain
situations. An attacker could use this to specially construct
an untrusted Java application or applet that escaped sandbox
restrictions. (CVE-2017-10089)
It was discovered that the channel groups implementation in
OpenJDK did not properly perform access control checks in some
situations. An attacker could use this to specially construct an
untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10090)
It was discovered that the DTM exception handling code in the
JAXP component of OpenJDK did not properly perform access control
checks. An attacker could use this to specially construct an untrusted
Java application or applet that could escape sandbox restrictions.
(CVE-2017-10096)
It was discovered that the JAXP component of OpenJDK incorrectly
granted access to some internal resolvers. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions. (CVE-2017-10101)
It was discovered that the Distributed Garbage Collector (DGC) in
OpenJDK did not properly track references in some situations. A
remote attacker could possibly use this to execute arbitrary
code. (CVE-2017-10102)
It was discovered that the Activation ID implementation in the RMI
component of OpenJDK did not properly check access control permissions
in some situations. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10107)
It was discovered that the BasicAttribute class in OpenJDK did not
properly bound memory allocation when de-serializing objects. An
attacker could use this to cause a denial of service (memory
consumption). (CVE-2017-10108)
It was discovered that the CodeSource class in OpenJDK did not
properly bound memory allocations when de-serializing object
instances. An attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-10109)
It was discovered that the AWT ImageWatched class in OpenJDK did not
properly perform access control checks, An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions (CVE-2017-10110)
Jackson Davis discovered that the LambdaFormEditor class in the
Libraries component of OpenJDK did not correctly perform bounds checks
in the permuteArgumentsForm() function. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions and possibly execute arbitrary
code. (CVE-2017-10111)
It was discovered that a timing side-channel vulnerability existed
in the DSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10115)
It was discovered that the LDAP implementation in OpenJDK incorrectly
followed references to non-LDAP URLs. An attacker could use this to
specially craft an LDAP referral URL that exposes sensitive information
or bypass access restrictions. (CVE-2017-10116)
It was discovered that a timing side-channel vulnerability existed
in the ECDSA implementation in OpenJDK. An attacker could use this
to expose sensitive information. (CVE-2017-10118)
Ilya Maykov discovered that a timing side-channel vulnerability
existed in the PKCS#8 implementation in OpenJDK. An attacker could
use this to expose sensitive information. (CVE-2017-10135)
It was discovered that the Elliptic Curve (EC) implementation
in OpenJDK did not properly compute certain elliptic curve
points. An attacker could use this to expose sensitive
information. (CVE-2017-10176)
It was discovered that OpenJDK did not properly restrict weak key
sizes in some situations. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10193)
It was discovered that OpenJDK did not properly enforce disabled
algorithm restrictions on X.509 certificate chains. An attacker
could use this to expose sensitive information or escape sandbox
restrictions. (CVE-2017-10198)
It was discovered that OpenJDK did not properly perform access control
checks when handling Web Service Definition Language (WSDL) XML
documents. An attacker could use this to expose sensitive information.
(CVE-2017-10243)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
openjdk-8-jre 8u131-b11-2ubuntu1.17.04.3
openjdk-8-jre-headless 8u131-b11-2ubuntu1.17.04.3
openjdk-8-jre-zero 8u131-b11-2ubuntu1.17.04.3
Ubuntu 16.04 LTS:
openjdk-8-jre 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-headless 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-jamvm 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-zero 8u131-b11-2ubuntu1.16.04.3
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3366-2
https://www.ubuntu.com/usn/usn-3366-1
https://launchpad.net/bugs/1707082
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.17.04.3
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.16.04.3
Ubuntu Security Notice USN-3366-2
July 31, 2017
openjdk-8 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
USN 3366-1 introduced a regression in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that
update introduced a regression that caused some valid JAR files to
fail validation. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)
It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)
It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions
and cause a denial of service or possibly execute arbitrary
code. (CVE-2017-10074)
It was discovered that the JavaScript Scripting component of OpenJDK
incorrectly allowed access to Java APIs. An attacker could use this
to specially craft JavaScript code to bypass access restrictions.
(CVE-2017-10078)
It was discovered that OpenJDK did not properly process parentheses
in function signatures. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10081)
It was discovered that the ThreadPoolExecutor class in OpenJDK did not
properly perform access control checks when cleaning up threads. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and
possibly execute arbitrary code. (CVE-2017-10087)
It was discovered that the ServiceRegistry implementation
in OpenJDK did not perform access control checks in certain
situations. An attacker could use this to specially construct
an untrusted Java application or applet that escaped sandbox
restrictions. (CVE-2017-10089)
It was discovered that the channel groups implementation in
OpenJDK did not properly perform access control checks in some
situations. An attacker could use this to specially construct an
untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10090)
It was discovered that the DTM exception handling code in the
JAXP component of OpenJDK did not properly perform access control
checks. An attacker could use this to specially construct an untrusted
Java application or applet that could escape sandbox restrictions.
(CVE-2017-10096)
It was discovered that the JAXP component of OpenJDK incorrectly
granted access to some internal resolvers. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions. (CVE-2017-10101)
It was discovered that the Distributed Garbage Collector (DGC) in
OpenJDK did not properly track references in some situations. A
remote attacker could possibly use this to execute arbitrary
code. (CVE-2017-10102)
It was discovered that the Activation ID implementation in the RMI
component of OpenJDK did not properly check access control permissions
in some situations. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10107)
It was discovered that the BasicAttribute class in OpenJDK did not
properly bound memory allocation when de-serializing objects. An
attacker could use this to cause a denial of service (memory
consumption). (CVE-2017-10108)
It was discovered that the CodeSource class in OpenJDK did not
properly bound memory allocations when de-serializing object
instances. An attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-10109)
It was discovered that the AWT ImageWatched class in OpenJDK did not
properly perform access control checks, An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions (CVE-2017-10110)
Jackson Davis discovered that the LambdaFormEditor class in the
Libraries component of OpenJDK did not correctly perform bounds checks
in the permuteArgumentsForm() function. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions and possibly execute arbitrary
code. (CVE-2017-10111)
It was discovered that a timing side-channel vulnerability existed
in the DSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10115)
It was discovered that the LDAP implementation in OpenJDK incorrectly
followed references to non-LDAP URLs. An attacker could use this to
specially craft an LDAP referral URL that exposes sensitive information
or bypass access restrictions. (CVE-2017-10116)
It was discovered that a timing side-channel vulnerability existed
in the ECDSA implementation in OpenJDK. An attacker could use this
to expose sensitive information. (CVE-2017-10118)
Ilya Maykov discovered that a timing side-channel vulnerability
existed in the PKCS#8 implementation in OpenJDK. An attacker could
use this to expose sensitive information. (CVE-2017-10135)
It was discovered that the Elliptic Curve (EC) implementation
in OpenJDK did not properly compute certain elliptic curve
points. An attacker could use this to expose sensitive
information. (CVE-2017-10176)
It was discovered that OpenJDK did not properly restrict weak key
sizes in some situations. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10193)
It was discovered that OpenJDK did not properly enforce disabled
algorithm restrictions on X.509 certificate chains. An attacker
could use this to expose sensitive information or escape sandbox
restrictions. (CVE-2017-10198)
It was discovered that OpenJDK did not properly perform access control
checks when handling Web Service Definition Language (WSDL) XML
documents. An attacker could use this to expose sensitive information.
(CVE-2017-10243)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
openjdk-8-jre 8u131-b11-2ubuntu1.17.04.3
openjdk-8-jre-headless 8u131-b11-2ubuntu1.17.04.3
openjdk-8-jre-zero 8u131-b11-2ubuntu1.17.04.3
Ubuntu 16.04 LTS:
openjdk-8-jre 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-headless 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-jamvm 8u131-b11-2ubuntu1.16.04.3
openjdk-8-jre-zero 8u131-b11-2ubuntu1.16.04.3
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3366-2
https://www.ubuntu.com/usn/usn-3366-1
https://launchpad.net/bugs/1707082
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.17.04.3
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.16.04.3
[USN-3374-1] RabbitMQ vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZf2pXAAoJEGVp2FWnRL6TxagQAJ3D4W4HqGA46XC3OshuhEFK
f0GsTiX/lgOOVDKyobaFOiD2NamQ/qErRZy3+hVahEqJThdjLfoKUj2l5wwA5UkO
W8+XOOWIgcBUxb6RaihacASAJNrjeLRwnmG2421jSJB8MIP97lm/Wp+XkbCVlPww
lE3+JIiy7VEKUl0yFyR14d7ub7NuQbF97Mpftq/HvXeCaRYsQYymF9oDfkA2jmc0
YpgYtAXWGaX0vH+wWpfniGA9IthIex6zOxWwEOb+7EwTEixo7Mz+DUaIvnaMOlvx
ucv53xvMGRQ5Amda1lgCX+akTrwuXcNG8T+fWUo++Bsz0+vzjuILYlTLa27hkR66
FFLg8G33NUVNIRXjcDOzeT3Z73GDu2ItCTqMH7UGVfdspRB1pRpJOjuEB+wRi0JU
RrJtm0UGjkn8+ErNztVAEvO0WG/KCXgyokHHSzA50el2PjHQwjUauQuGa6WPyjPN
sDuNTIYBAxdBBnUn5IrJpjqys9HDiVl/Q1L/O+2wzPqjG/w6KQ6aUGBfPt4pW5WX
76KSwjB/8bgLsJq2EFwFPJYTOcB++mTyP6T5xnaXlnvCxml+WUavMSxpla65N379
Ip3E/xqA9FMYeDnA96fnB++XBsIlXnmko6mJG6qFkFNaToKpKT4CcnoOOu//HGJZ
o0FB0EVLMAzRedpGYaVp
=eQvf
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3374-1
July 31, 2017
rabbitmq-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
RabbitMQ could allow unintended access to network services.
Software Description:
- rabbitmq-server: AMQP server written in Erlang
Details:
It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry
Transport) authentication. A remote attacker could use this issue to
authenticate successfully with an existing username by omitting the
password.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
rabbitmq-server 3.5.7-1ubuntu0.16.04.2
Ubuntu 14.04 LTS:
rabbitmq-server 3.2.4-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3374-1
CVE-2016-9877
Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.5.7-1ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.2.4-1ubuntu0.1
Version: GnuPG v2
iQIcBAEBCgAGBQJZf2pXAAoJEGVp2FWnRL6TxagQAJ3D4W4HqGA46XC3OshuhEFK
f0GsTiX/lgOOVDKyobaFOiD2NamQ/qErRZy3+hVahEqJThdjLfoKUj2l5wwA5UkO
W8+XOOWIgcBUxb6RaihacASAJNrjeLRwnmG2421jSJB8MIP97lm/Wp+XkbCVlPww
lE3+JIiy7VEKUl0yFyR14d7ub7NuQbF97Mpftq/HvXeCaRYsQYymF9oDfkA2jmc0
YpgYtAXWGaX0vH+wWpfniGA9IthIex6zOxWwEOb+7EwTEixo7Mz+DUaIvnaMOlvx
ucv53xvMGRQ5Amda1lgCX+akTrwuXcNG8T+fWUo++Bsz0+vzjuILYlTLa27hkR66
FFLg8G33NUVNIRXjcDOzeT3Z73GDu2ItCTqMH7UGVfdspRB1pRpJOjuEB+wRi0JU
RrJtm0UGjkn8+ErNztVAEvO0WG/KCXgyokHHSzA50el2PjHQwjUauQuGa6WPyjPN
sDuNTIYBAxdBBnUn5IrJpjqys9HDiVl/Q1L/O+2wzPqjG/w6KQ6aUGBfPt4pW5WX
76KSwjB/8bgLsJq2EFwFPJYTOcB++mTyP6T5xnaXlnvCxml+WUavMSxpla65N379
Ip3E/xqA9FMYeDnA96fnB++XBsIlXnmko6mJG6qFkFNaToKpKT4CcnoOOu//HGJZ
o0FB0EVLMAzRedpGYaVp
=eQvf
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3374-1
July 31, 2017
rabbitmq-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
RabbitMQ could allow unintended access to network services.
Software Description:
- rabbitmq-server: AMQP server written in Erlang
Details:
It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry
Transport) authentication. A remote attacker could use this issue to
authenticate successfully with an existing username by omitting the
password.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
rabbitmq-server 3.5.7-1ubuntu0.16.04.2
Ubuntu 14.04 LTS:
rabbitmq-server 3.2.4-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3374-1
CVE-2016-9877
Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.5.7-1ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.2.4-1ubuntu0.1
[USN-3363-2] ImageMagick regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZf2o/AAoJEGVp2FWnRL6T2CsP/iEGnl1iWljgIIRDyWslDeDZ
awOwMWvYWoeXmFKhApd/PrcnogsW2O42SXJAuhva6UfcWmHyWZPUKBspJmcgjmhi
k0OGBDs4pS2UTkg7OvkCLPOBV18fVkE7F/pwFqKkuod29fQz6iMWDauMpYCKa0c1
9EtLCBjBdC8Tp0IuBGTHRaLleYZCRv+nB1Mfj32LHf9zzMaMISybL+cpCbe7Y4c6
wbPNUNhyJvr884EJaBV/s45XmvOVJPMDL4YM/gmNZ0SxXcAbEE5gI168CAWYfNIa
oHIzytDagCXaqLsRlsSaQddXM36I0BkjChx6XofK9s9yR4+ZT3sBRlLluKb+QEJQ
HXTNZlYDqdz4B6cGZ8qYoEeHUPKgxlGX/YCod66PI+QCNxKn9uXdZ44ugpQl6YoI
cyfEee2/AZYL0zIHAf0iyDgU7qDa7Owmd8CKrcI0psJmuMrXAoMb11VWbPT/R0HV
kMWlgZOL1l9YSzlN2A7DqTxZVcZl3ErBf0sJ38bfZMrPPFDAXha4V9uulO62983W
kuM/tTLy7fUBFua9jWxIm54ktLusDfZBzIqL7nEK61FguJYIOlMPPyD4/S2a8QNo
wAhlOUMqj5WE+W7v+ytd6vKWvF2QqYoDK8mH6S8Ftm+5hC/8Gi/ZaIIFJG68wxAM
d4PxYHCI7owtVgmMx/Iy
=4esX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3363-2
July 31, 2017
imagemagick regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-3363-1 caused a regression in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a
regression for certain users when processing images. The problematic
patch has been reverted pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.9
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.9
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.9
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.9
Ubuntu 14.04 LTS:
imagemagick 8:6.7.7.10-6ubuntu3.9
libmagick++5 8:6.7.7.10-6ubuntu3.9
libmagickcore5 8:6.7.7.10-6ubuntu3.9
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3363-2
https://www.ubuntu.com/usn/usn-3363-1
https://launchpad.net/bugs/1707015
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.9
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.9
Version: GnuPG v2
iQIcBAEBCgAGBQJZf2o/AAoJEGVp2FWnRL6T2CsP/iEGnl1iWljgIIRDyWslDeDZ
awOwMWvYWoeXmFKhApd/PrcnogsW2O42SXJAuhva6UfcWmHyWZPUKBspJmcgjmhi
k0OGBDs4pS2UTkg7OvkCLPOBV18fVkE7F/pwFqKkuod29fQz6iMWDauMpYCKa0c1
9EtLCBjBdC8Tp0IuBGTHRaLleYZCRv+nB1Mfj32LHf9zzMaMISybL+cpCbe7Y4c6
wbPNUNhyJvr884EJaBV/s45XmvOVJPMDL4YM/gmNZ0SxXcAbEE5gI168CAWYfNIa
oHIzytDagCXaqLsRlsSaQddXM36I0BkjChx6XofK9s9yR4+ZT3sBRlLluKb+QEJQ
HXTNZlYDqdz4B6cGZ8qYoEeHUPKgxlGX/YCod66PI+QCNxKn9uXdZ44ugpQl6YoI
cyfEee2/AZYL0zIHAf0iyDgU7qDa7Owmd8CKrcI0psJmuMrXAoMb11VWbPT/R0HV
kMWlgZOL1l9YSzlN2A7DqTxZVcZl3ErBf0sJ38bfZMrPPFDAXha4V9uulO62983W
kuM/tTLy7fUBFua9jWxIm54ktLusDfZBzIqL7nEK61FguJYIOlMPPyD4/S2a8QNo
wAhlOUMqj5WE+W7v+ytd6vKWvF2QqYoDK8mH6S8Ftm+5hC/8Gi/ZaIIFJG68wxAM
d4PxYHCI7owtVgmMx/Iy
=4esX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3363-2
July 31, 2017
imagemagick regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-3363-1 caused a regression in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a
regression for certain users when processing images. The problematic
patch has been reverted pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.9
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.9
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.9
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.9
Ubuntu 14.04 LTS:
imagemagick 8:6.7.7.10-6ubuntu3.9
libmagick++5 8:6.7.7.10-6ubuntu3.9
libmagickcore5 8:6.7.7.10-6ubuntu3.9
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3363-2
https://www.ubuntu.com/usn/usn-3363-1
https://launchpad.net/bugs/1707015
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.9
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.9
[USN-3373-1] Apache HTTP Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3373-1
July 31, 2017
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
Emmanuel Dreyfus discovered that third-party modules using the
ap_get_basic_auth_pw() function outside of the authentication phase may
lead to authentication requirements being bypassed. This update adds a
new ap_get_basic_auth_components() function for use by third-party
modules. (CVE-2017-3167)
Vasileios Panopoulos discovered that the Apache mod_ssl module may
crash when third-party modules call ap_hook_process_connection() during
an HTTP request to an HTTPS port. (CVE-2017-3169)
Javier Jiménez discovered that the Apache HTTP Server incorrectly
handled parsing certain requests. A remote attacker could possibly use
this issue to cause the Apache HTTP Server to crash, resulting in a
denial of service. (CVE-2017-7668)
ChenQin and Hanno Böck discovered that the Apache mod_mime module
incorrectly handled certain Content-Type response headers. A remote
attacker could possibly use this issue to cause the Apache HTTP Server
to crash, resulting in a denial of service. (CVE-2017-7679)
David Dennerline and Régis Leroy discovered that the Apache HTTP Server
incorrectly handled unusual whitespace when parsing requests, contrary
to specifications. When being used in combination with a proxy or
backend server, a remote attacker could possibly use this issue to
perform an injection attack and pollute cache. This update may
introduce compatibility issues with clients that do not strictly follow
HTTP protocol specifications. A new configuration option
"HttpProtocolOptions Unsafe" can be used to revert to the previous
unsafe behaviour in problematic environments. (CVE-2016-8743)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
apache2.2-bin 2.2.22-1ubuntu1.12
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3373-1
CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668,
CVE-2017-7679
Ubuntu Security Notice USN-3373-1
July 31, 2017
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
Emmanuel Dreyfus discovered that third-party modules using the
ap_get_basic_auth_pw() function outside of the authentication phase may
lead to authentication requirements being bypassed. This update adds a
new ap_get_basic_auth_components() function for use by third-party
modules. (CVE-2017-3167)
Vasileios Panopoulos discovered that the Apache mod_ssl module may
crash when third-party modules call ap_hook_process_connection() during
an HTTP request to an HTTPS port. (CVE-2017-3169)
Javier Jiménez discovered that the Apache HTTP Server incorrectly
handled parsing certain requests. A remote attacker could possibly use
this issue to cause the Apache HTTP Server to crash, resulting in a
denial of service. (CVE-2017-7668)
ChenQin and Hanno Böck discovered that the Apache mod_mime module
incorrectly handled certain Content-Type response headers. A remote
attacker could possibly use this issue to cause the Apache HTTP Server
to crash, resulting in a denial of service. (CVE-2017-7679)
David Dennerline and Régis Leroy discovered that the Apache HTTP Server
incorrectly handled unusual whitespace when parsing requests, contrary
to specifications. When being used in combination with a proxy or
backend server, a remote attacker could possibly use this issue to
perform an injection attack and pollute cache. This update may
introduce compatibility issues with clients that do not strictly follow
HTTP protocol specifications. A new configuration option
"HttpProtocolOptions Unsafe" can be used to revert to the previous
unsafe behaviour in problematic environments. (CVE-2016-8743)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
apache2.2-bin 2.2.22-1ubuntu1.12
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3373-1
CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668,
CVE-2017-7679
[USN-3372-1] NSS vulnerability
==========================================================================
Ubuntu Security Notice USN-3372-1
July 31, 2017
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in NSS.
Software Description:
- nss: Network Security Service library
Details:
It was discovered that NSS incorrectly handled certain empty SSLv2
messages. A remote attacker could possibly use this issue to cause NSS
to crash, resulting in a denial of service. (CVE-2017-7502)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple
DES ciphers were vulnerable to birthday attacks. A remote attacker
could possibly use this flaw to obtain clear text data from long
encrypted sessions. This update causes NSS to limit use of the same
symmetric key. (CVE-2016-2183)
It was discovered that NSS incorrectly handled Base64 decoding. A
remote attacker could use this flaw to cause NSS to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2017-
5461)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libnss3 2:3.28.4-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any
applications that use NSS, such as Evolution and Chromium, to make all
the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3372-1
CVE-2016-2183, CVE-2017-5461, CVE-2017-7502
Ubuntu Security Notice USN-3372-1
July 31, 2017
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in NSS.
Software Description:
- nss: Network Security Service library
Details:
It was discovered that NSS incorrectly handled certain empty SSLv2
messages. A remote attacker could possibly use this issue to cause NSS
to crash, resulting in a denial of service. (CVE-2017-7502)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple
DES ciphers were vulnerable to birthday attacks. A remote attacker
could possibly use this flaw to obtain clear text data from long
encrypted sessions. This update causes NSS to limit use of the same
symmetric key. (CVE-2016-2183)
It was discovered that NSS incorrectly handled Base64 decoding. A
remote attacker could use this flaw to cause NSS to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2017-
5461)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libnss3 2:3.28.4-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any
applications that use NSS, such as Evolution and Chromium, to make all
the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3372-1
CVE-2016-2183, CVE-2017-5461, CVE-2017-7502
Friday, July 28, 2017
[USN-3371-1] Linux kernel (HWE) kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3371-1
July 28, 2017
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.10.0-28-generic 4.10.0-28.32~16.04.2
linux-image-4.10.0-28-generic-lpae 4.10.0-28.32~16.04.2
linux-image-4.10.0-28-lowlatency 4.10.0-28.32~16.04.2
linux-image-generic-hwe-16.04 4.10.0.28.31
linux-image-generic-lpae-hwe-16.04 4.10.0.28.31
linux-image-lowlatency-hwe-16.04 4.10.0.28.31
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3371-1
CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-28.32~16.04.2
Ubuntu Security Notice USN-3371-1
July 28, 2017
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.10.0-28-generic 4.10.0-28.32~16.04.2
linux-image-4.10.0-28-generic-lpae 4.10.0-28.32~16.04.2
linux-image-4.10.0-28-lowlatency 4.10.0-28.32~16.04.2
linux-image-generic-hwe-16.04 4.10.0.28.31
linux-image-generic-lpae-hwe-16.04 4.10.0.28.31
linux-image-lowlatency-hwe-16.04 4.10.0.28.31
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3371-1
CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-28.32~16.04.2
Outage: HyperKitty database schema change - 2017-08-04 21:00 UTC
There will be an outage starting at 2017-08-04 21:00 UTC, which will last
approximately 15 hours.
To convert UTC to your local time, take a look at
or run:
date -d '2017-08-04 21:00 UTC'
Reason for outage: important HyperKitty database schema change
Affected Services:
* HyperKitty, the mailing-list archives and reading interface
* Postorius, the mailing-list administration interface
Unaffected Services:
Mailman will not be affected, emails sent to the lists will continue to be
delivered during the outage, but they will not be archived at that time
(the archiver will be offline). The emails delivered during the outage
will be added to the archives when they are back online.
Ticket Link: https://pagure.io/fedora-infrastructure/issue/6184
Contact Information:
Please join #fedora-admin in irc.freenode.net or add comments to the
ticket for this outage above.
Thursday, July 27, 2017
[USN-3369-1] FreeRADIUS vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZeiJvAAoJEGVp2FWnRL6T1uoP/RUuHdn8TZnY8SUVMoD6r24f
Orx73wFlPhDr5SxZuBfAWTCIBRWZNfvyQheouvn92STnpvZuugLB/Ad+Zf3+EGK1
vFXxAW7eE6WntfI6Xwgfv6/ww7PPXYCs2j9dGzG+MQG/x33cp+xY9kXYANIQowfH
sN8IAHMHRENuzhKmh1ZAUrpizNrZzWhTCp/bXNQ45sW7sC+jv4tPT/yA9kruPs7J
rAahPZSKo6u7hVegSIWNXmaaU/K1NZHp0cnMh9dlcuUREggQakesniJxVuVs1s1I
WLvaiRUnqdew3rHq8p3gfR8FXU7yX6RaFVQ1bQksh0GDX3qi0QBc7BBs3a5OPpL3
UejR0NWbFlCfobHyNdeQODRIHNKXa5C5whrJ3m+VFjzL84ftjshL7iAlPacEDFEs
X1X4PC/56LB8h74HWoTEGJdrXZr3yoSPdHgYFsQ6wF3SqtKaD/EB9MjbK2SXy2G1
pp+m75O9DnGHMzMMacpf8wyYcyP6CMrThc674c3T8RoxdGACWLABs0F1t14voQaJ
KOj71Kgrse5gwuDf/nFYopP9r7/3XjksaaUWuQjxTp5FKubLFMd0QkCOpj9RJZM1
hVtMEcaXE3treLtCRNjB6v2x7v9Y75k2iW1FMaHhnyEFcn6JJxn37A6WB7uo+mXq
momxO0MTQbSA0lu1S+7A
=JhMl
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3369-1
July 27, 2017
freeradius vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in FreeRADIUS.
Software Description:
- freeradius: high-performance and highly configurable RADIUS server
Details:
Guido Vranken discovered that FreeRADIUS incorrectly handled memory when
decoding packets. A remote attacker could use this issue to cause
FreeRADIUS to crash or hang, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
freeradius 3.0.12+dfsg-4ubuntu1.2
Ubuntu 16.04 LTS:
freeradius 2.2.8+dfsg-0.1ubuntu0.1
Ubuntu 14.04 LTS:
freeradius 2.1.12+dfsg-1.2ubuntu8.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3369-1
CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981,
CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985,
CVE-2017-10986, CVE-2017-10987
Package Information:
https://launchpad.net/ubuntu/+source/freeradius/3.0.12+dfsg-4ubuntu1.2
https://launchpad.net/ubuntu/+source/freeradius/2.2.8+dfsg-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/freeradius/2.1.12+dfsg-1.2ubuntu8.2
Version: GnuPG v2
iQIcBAEBCgAGBQJZeiJvAAoJEGVp2FWnRL6T1uoP/RUuHdn8TZnY8SUVMoD6r24f
Orx73wFlPhDr5SxZuBfAWTCIBRWZNfvyQheouvn92STnpvZuugLB/Ad+Zf3+EGK1
vFXxAW7eE6WntfI6Xwgfv6/ww7PPXYCs2j9dGzG+MQG/x33cp+xY9kXYANIQowfH
sN8IAHMHRENuzhKmh1ZAUrpizNrZzWhTCp/bXNQ45sW7sC+jv4tPT/yA9kruPs7J
rAahPZSKo6u7hVegSIWNXmaaU/K1NZHp0cnMh9dlcuUREggQakesniJxVuVs1s1I
WLvaiRUnqdew3rHq8p3gfR8FXU7yX6RaFVQ1bQksh0GDX3qi0QBc7BBs3a5OPpL3
UejR0NWbFlCfobHyNdeQODRIHNKXa5C5whrJ3m+VFjzL84ftjshL7iAlPacEDFEs
X1X4PC/56LB8h74HWoTEGJdrXZr3yoSPdHgYFsQ6wF3SqtKaD/EB9MjbK2SXy2G1
pp+m75O9DnGHMzMMacpf8wyYcyP6CMrThc674c3T8RoxdGACWLABs0F1t14voQaJ
KOj71Kgrse5gwuDf/nFYopP9r7/3XjksaaUWuQjxTp5FKubLFMd0QkCOpj9RJZM1
hVtMEcaXE3treLtCRNjB6v2x7v9Y75k2iW1FMaHhnyEFcn6JJxn37A6WB7uo+mXq
momxO0MTQbSA0lu1S+7A
=JhMl
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3369-1
July 27, 2017
freeradius vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in FreeRADIUS.
Software Description:
- freeradius: high-performance and highly configurable RADIUS server
Details:
Guido Vranken discovered that FreeRADIUS incorrectly handled memory when
decoding packets. A remote attacker could use this issue to cause
FreeRADIUS to crash or hang, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
freeradius 3.0.12+dfsg-4ubuntu1.2
Ubuntu 16.04 LTS:
freeradius 2.2.8+dfsg-0.1ubuntu0.1
Ubuntu 14.04 LTS:
freeradius 2.1.12+dfsg-1.2ubuntu8.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3369-1
CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981,
CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985,
CVE-2017-10986, CVE-2017-10987
Package Information:
https://launchpad.net/ubuntu/+source/freeradius/3.0.12+dfsg-4ubuntu1.2
https://launchpad.net/ubuntu/+source/freeradius/2.2.8+dfsg-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/freeradius/2.1.12+dfsg-1.2ubuntu8.2
[USN-3370-1] Apache HTTP Server vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZeiKEAAoJEGVp2FWnRL6TmuwQAJv3Ev5PqWEOUqFerIKmbfjz
NUJ5jumSPL1uRLsgmJH9w4F+ZEfsKta9rVDBHG1OhNlJIYvP9bxvHrfcZ0jOjaca
SLITmfSjJ9OtlNhHDFUlTWUE1lB93wdhhUznfwtct8Eq7Mb6UlVew50enNI356F4
H6scF+Sd3GO3H8W9V3+aCOpiQdVpMhQ0OVovjBrDEXegoYklM+yn4NzGGNAJieZv
Ek6OfwwNZJedifuPkcT5LvHgnN7LWrohY5D/QP/kOn7vHI/NuQ0aRcqBdRH5FuBS
P1Hei1LHoCgn5z65dhedG+tKq+07tdvmZ1k926v+ShdEFzqeFupsidc/K7bl/Iul
Qr9WlwKDHU+RRF+qijfFsqeGSaGHGQoIYLOnn2avX9+aR6o2YN1c04378LmgLSx9
kdufMddypo3SJtvDentsRcwRkyZnSimQLqfjrTkamMCEViec74gaGS4pT4ygEcxb
j8CCIgLoBWGsdijklLLkD+bJP1x//Fc1wRmR+mnnpdc1cskOw2mzuEVSvFmkxfhb
UjTOrLHTbrqi4r4wIUCQc+rPq37yRNIQp48rJcq8ADQhk4o0GjB6uM7mNUWe/DuJ
dPHspSBxWK/5os6TNiHnZjgIAFBDNEEmfpuCVY2zj86TayNo2/PwMDWZAx05fqvN
TepBggMfoL1lexawHz5H
=imNS
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3370-1
July 27, 2017
apache2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache HTTP Server could be made to crash or leak sensitive information if
it received specially crafted network traffic.
Software Description:
- apache2: Apache HTTP server
Details:
Robert Święcki discovered that the Apache HTTP Server mod_auth_digest
module incorrectly cleared values when processing certain requests. A
remote attacker could use this issue to cause the server to crash,
resulting in a denial or service, or possibly obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
apache2-bin 2.4.25-3ubuntu2.2
Ubuntu 16.04 LTS:
apache2-bin 2.4.18-2ubuntu3.4
Ubuntu 14.04 LTS:
apache2-bin 2.4.7-1ubuntu4.17
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3370-1
CVE-2017-9788
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2
https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17
Version: GnuPG v2
iQIcBAEBCgAGBQJZeiKEAAoJEGVp2FWnRL6TmuwQAJv3Ev5PqWEOUqFerIKmbfjz
NUJ5jumSPL1uRLsgmJH9w4F+ZEfsKta9rVDBHG1OhNlJIYvP9bxvHrfcZ0jOjaca
SLITmfSjJ9OtlNhHDFUlTWUE1lB93wdhhUznfwtct8Eq7Mb6UlVew50enNI356F4
H6scF+Sd3GO3H8W9V3+aCOpiQdVpMhQ0OVovjBrDEXegoYklM+yn4NzGGNAJieZv
Ek6OfwwNZJedifuPkcT5LvHgnN7LWrohY5D/QP/kOn7vHI/NuQ0aRcqBdRH5FuBS
P1Hei1LHoCgn5z65dhedG+tKq+07tdvmZ1k926v+ShdEFzqeFupsidc/K7bl/Iul
Qr9WlwKDHU+RRF+qijfFsqeGSaGHGQoIYLOnn2avX9+aR6o2YN1c04378LmgLSx9
kdufMddypo3SJtvDentsRcwRkyZnSimQLqfjrTkamMCEViec74gaGS4pT4ygEcxb
j8CCIgLoBWGsdijklLLkD+bJP1x//Fc1wRmR+mnnpdc1cskOw2mzuEVSvFmkxfhb
UjTOrLHTbrqi4r4wIUCQc+rPq37yRNIQp48rJcq8ADQhk4o0GjB6uM7mNUWe/DuJ
dPHspSBxWK/5os6TNiHnZjgIAFBDNEEmfpuCVY2zj86TayNo2/PwMDWZAx05fqvN
TepBggMfoL1lexawHz5H
=imNS
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3370-1
July 27, 2017
apache2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache HTTP Server could be made to crash or leak sensitive information if
it received specially crafted network traffic.
Software Description:
- apache2: Apache HTTP server
Details:
Robert Święcki discovered that the Apache HTTP Server mod_auth_digest
module incorrectly cleared values when processing certain requests. A
remote attacker could use this issue to cause the server to crash,
resulting in a denial or service, or possibly obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
apache2-bin 2.4.25-3ubuntu2.2
Ubuntu 16.04 LTS:
apache2-bin 2.4.18-2ubuntu3.4
Ubuntu 14.04 LTS:
apache2-bin 2.4.7-1ubuntu4.17
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3370-1
CVE-2017-9788
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2
https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17
[CentOS-announce] CEEA-2017:1805 CentOS 7 kmod-redhat-qedf Enhancement Update
CentOS Errata and Enhancement Advisory 2017:1805
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
8510d1dc1501653018cdc937a4cb4328fabc0108083b0308cb55301b38414dba kmod-redhat-qedf-8.10.7.0_dup7.3-1.el7_3.x86_64.rpm
Source:
1e5d5cc0b51055558df2538dc512777d8870cc9727b984776099e960af9e8c00 kmod-redhat-qedf-8.10.7.0_dup7.3-1.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
8510d1dc1501653018cdc937a4cb4328fabc0108083b0308cb55301b38414dba kmod-redhat-qedf-8.10.7.0_dup7.3-1.el7_3.x86_64.rpm
Source:
1e5d5cc0b51055558df2538dc512777d8870cc9727b984776099e960af9e8c00 kmod-redhat-qedf-8.10.7.0_dup7.3-1.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2017:1805 CentOS 7 kmod-redhat-qede Enhancement Update
CentOS Errata and Enhancement Advisory 2017:1805
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
2744e18793a8faff431b6d7921023e348a26bee67163f3fcf30e2f30fc5b97d1 kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm
c2abe7e9a94eee3327dde0ef4fdbf4c8fa5d981cc71cbc9e2b3195d44ab79c04 kmod-redhat-qede-devel-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm
Source:
2aa79cd8745dbe3a3f669361453fc4755569bc04b8b34c4ca8e3ab7d887f7c5c kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
2744e18793a8faff431b6d7921023e348a26bee67163f3fcf30e2f30fc5b97d1 kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm
c2abe7e9a94eee3327dde0ef4fdbf4c8fa5d981cc71cbc9e2b3195d44ab79c04 kmod-redhat-qede-devel-8.10.10.21_dup7.3-1.el7_3.x86_64.rpm
Source:
2aa79cd8745dbe3a3f669361453fc4755569bc04b8b34c4ca8e3ab7d887f7c5c kmod-redhat-qede-8.10.10.21_dup7.3-1.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2017:1805 CentOS 7 kmod-redhat-qed Enhancement Update
CentOS Errata and Enhancement Advisory 2017:1805
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
9c006c0b393981b70c0614c000afa915d5c93c625e760dfadfe95f75a053657d kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
0dfeb608ee3c79739743d12a3a1c7fa45d4158ad1780bb0768ac22333138bc05 kmod-redhat-qed-devel-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
1dc14cc4befdb6ce0986ff2b9cc490059453fdce294f42f88a600d9e8de15582 kmod-redhat-qed-firmware-8.15.3.0_dup7_3-2.el7_3.x86_64.rpm
Source:
b593624aee8832bf1a2cfaa204e2a1319c35eefff3e999859f6c2e2cfe08c7d8 kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2017:1805
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
9c006c0b393981b70c0614c000afa915d5c93c625e760dfadfe95f75a053657d kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
0dfeb608ee3c79739743d12a3a1c7fa45d4158ad1780bb0768ac22333138bc05 kmod-redhat-qed-devel-8.10.10.21_dup7.3-2.el7_3.x86_64.rpm
1dc14cc4befdb6ce0986ff2b9cc490059453fdce294f42f88a600d9e8de15582 kmod-redhat-qed-firmware-8.15.3.0_dup7_3-2.el7_3.x86_64.rpm
Source:
b593624aee8832bf1a2cfaa204e2a1319c35eefff3e999859f6c2e2cfe08c7d8 kmod-redhat-qed-8.10.10.21_dup7.3-2.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2017:1809 Important CentOS 7 tomcat Security Update
CentOS Errata and Security Advisory 2017:1809 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2017:1809
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
43294259acd512850715ad15c50e7767bea30b2c123117f5f760eb4ad5d02e0b tomcat-7.0.69-12.el7_3.noarch.rpm
e4605d5673e75ee3592faef8b59d1a2a8efa0da6e3cd8b04064380698586f9a3 tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
6330befc3bd1b7ab35b89ceca55174d94f7e0fe9cf2201166e18c399d48a1687 tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
d89786225c6c877fc6134d8e45a85b7fc77169de14ffc543b26ab58299a36f6a tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
38a4c3e437b1b8d3e4baa175b70a2bdc2681c175c5f7c8d12867100fb9c45134 tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
2a27c95ad8005bb879140c28deac8f2fac5d85ba225a0abed4ad99956b3231a6 tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
dd585fca98f9ff44e927c5820e8731b8604bd23c4c282883ff89501da5476274 tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
37f28d949569ca81df0b5934ee32116069f912a640e5704d53a6ee521cca4d89 tomcat-lib-7.0.69-12.el7_3.noarch.rpm
726d723713f270e4fb0fed6a2a59c2b224da4e2cf0b2b458a90cf5fcc90331b4 tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
84766cc7724a0399ed3e9830ac5803249395cd4ddd5cab2bdb8730e9cca0a2f0 tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Source:
209cc83cab3a92eaa48d20eb364e982722e639c29f1e3c984e2e03d45fcdbe73 tomcat-7.0.69-12.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2017:1809
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
43294259acd512850715ad15c50e7767bea30b2c123117f5f760eb4ad5d02e0b tomcat-7.0.69-12.el7_3.noarch.rpm
e4605d5673e75ee3592faef8b59d1a2a8efa0da6e3cd8b04064380698586f9a3 tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
6330befc3bd1b7ab35b89ceca55174d94f7e0fe9cf2201166e18c399d48a1687 tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
d89786225c6c877fc6134d8e45a85b7fc77169de14ffc543b26ab58299a36f6a tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
38a4c3e437b1b8d3e4baa175b70a2bdc2681c175c5f7c8d12867100fb9c45134 tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
2a27c95ad8005bb879140c28deac8f2fac5d85ba225a0abed4ad99956b3231a6 tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
dd585fca98f9ff44e927c5820e8731b8604bd23c4c282883ff89501da5476274 tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
37f28d949569ca81df0b5934ee32116069f912a640e5704d53a6ee521cca4d89 tomcat-lib-7.0.69-12.el7_3.noarch.rpm
726d723713f270e4fb0fed6a2a59c2b224da4e2cf0b2b458a90cf5fcc90331b4 tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
84766cc7724a0399ed3e9830ac5803249395cd4ddd5cab2bdb8730e9cca0a2f0 tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Source:
209cc83cab3a92eaa48d20eb364e982722e639c29f1e3c984e2e03d45fcdbe73 tomcat-7.0.69-12.el7_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Wednesday, July 26, 2017
[USN-3366-1] OpenJDK 8 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3366-1
July 26, 2017
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)
It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)
It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions
and cause a denial of service or possibly execute arbitrary
code. (CVE-2017-10074)
It was discovered that the JavaScript Scripting component of OpenJDK
incorrectly allowed access to Java APIs. An attacker could use this
to specially craft JavaScript code to bypass access restrictions.
(CVE-2017-10078)
It was discovered that OpenJDK did not properly process parentheses
in function signatures. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10081)
It was discovered that the ThreadPoolExecutor class in OpenJDK did not
properly perform access control checks when cleaning up threads. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and
possibly execute arbitrary code. (CVE-2017-10087)
It was discovered that the ServiceRegistry implementation
in OpenJDK did not perform access control checks in certain
situations. An attacker could use this to specially construct
an untrusted Java application or applet that escaped sandbox
restrictions. (CVE-2017-10089)
It was discovered that the channel groups implementation in
OpenJDK did not properly perform access control checks in some
situations. An attacker could use this to specially construct an
untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10090)
It was discovered that the DTM exception handling code in the
JAXP component of OpenJDK did not properly perform access control
checks. An attacker could use this to specially construct an untrusted
Java application or applet that could escape sandbox restrictions.
(CVE-2017-10096)
It was discovered that the JAXP component of OpenJDK incorrectly
granted access to some internal resolvers. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions. (CVE-2017-10101)
It was discovered that the Distributed Garbage Collector (DGC) in
OpenJDK did not properly track references in some situations. A
remote attacker could possibly use this to execute arbitrary
code. (CVE-2017-10102)
It was discovered that the Activation ID implementation in the RMI
component of OpenJDK did not properly check access control permissions
in some situations. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10107)
It was discovered that the BasicAttribute class in OpenJDK did not
properly bound memory allocation when de-serializing objects. An
attacker could use this to cause a denial of service (memory
consumption). (CVE-2017-10108)
It was discovered that the CodeSource class in OpenJDK did not
properly bound memory allocations when de-serializing object
instances. An attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-10109)
It was discovered that the AWT ImageWatched class in OpenJDK did not
properly perform access control checks, An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions (CVE-2017-10110)
Jackson Davis discovered that the LambdaFormEditor class in the
Libraries component of OpenJDK did not correctly perform bounds checks
in the permuteArgumentsForm() function. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions and possibly execute arbitrary
code. (CVE-2017-10111)
It was discovered that a timing side-channel vulnerability existed
in the DSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10115)
It was discovered that the LDAP implementation in OpenJDK incorrectly
followed references to non-LDAP URLs. An attacker could use this to
specially craft an LDAP referral URL that exposes sensitive information
or bypass access restrictions. (CVE-2017-10116)
It was discovered that a timing side-channel vulnerability existed
in the ECDSA implementation in OpenJDK. An attacker could use this
to expose sensitive information. (CVE-2017-10118)
Ilya Maykov discovered that a timing side-channel vulnerability
existed in the PKCS#8 implementation in OpenJDK. An attacker could
use this to expose sensitive information. (CVE-2017-10135)
It was discovered that the Elliptic Curve (EC) implementation
in OpenJDK did not properly compute certain elliptic curve
points. An attacker could use this to expose sensitive
information. (CVE-2017-10176)
It was discovered that OpenJDK did not properly restrict weak key
sizes in some situations. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10193)
It was discovered that OpenJDK did not properly enforce disabled
algorithm restrictions on X.509 certificate chains. An attacker
could use this to expose sensitive information or escape sandbox
restrictions. (CVE-2017-10198)
It was discovered that OpenJDK did not properly perform access control
checks when handling Web Service Definition Language (WSDL) XML
documents. An attacker could use this to expose sensitive information.
(CVE-2017-10243)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
openjdk-8-jdk 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jdk-headless 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre-headless 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre-zero 8u131-b11-2ubuntu1.17.04.2
Ubuntu 16.04 LTS:
openjdk-8-jdk 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jdk-headless 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-headless 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-jamvm 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-zero 8u131-b11-2ubuntu1.16.04.2
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3366-1
CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078,
CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090,
CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107,
CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111,
CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135,
CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.17.04.2
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.16.04.2
Ubuntu Security Notice USN-3366-1
July 26, 2017
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)
It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)
It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions
and cause a denial of service or possibly execute arbitrary
code. (CVE-2017-10074)
It was discovered that the JavaScript Scripting component of OpenJDK
incorrectly allowed access to Java APIs. An attacker could use this
to specially craft JavaScript code to bypass access restrictions.
(CVE-2017-10078)
It was discovered that OpenJDK did not properly process parentheses
in function signatures. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10081)
It was discovered that the ThreadPoolExecutor class in OpenJDK did not
properly perform access control checks when cleaning up threads. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and
possibly execute arbitrary code. (CVE-2017-10087)
It was discovered that the ServiceRegistry implementation
in OpenJDK did not perform access control checks in certain
situations. An attacker could use this to specially construct
an untrusted Java application or applet that escaped sandbox
restrictions. (CVE-2017-10089)
It was discovered that the channel groups implementation in
OpenJDK did not properly perform access control checks in some
situations. An attacker could use this to specially construct an
untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10090)
It was discovered that the DTM exception handling code in the
JAXP component of OpenJDK did not properly perform access control
checks. An attacker could use this to specially construct an untrusted
Java application or applet that could escape sandbox restrictions.
(CVE-2017-10096)
It was discovered that the JAXP component of OpenJDK incorrectly
granted access to some internal resolvers. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions. (CVE-2017-10101)
It was discovered that the Distributed Garbage Collector (DGC) in
OpenJDK did not properly track references in some situations. A
remote attacker could possibly use this to execute arbitrary
code. (CVE-2017-10102)
It was discovered that the Activation ID implementation in the RMI
component of OpenJDK did not properly check access control permissions
in some situations. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10107)
It was discovered that the BasicAttribute class in OpenJDK did not
properly bound memory allocation when de-serializing objects. An
attacker could use this to cause a denial of service (memory
consumption). (CVE-2017-10108)
It was discovered that the CodeSource class in OpenJDK did not
properly bound memory allocations when de-serializing object
instances. An attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-10109)
It was discovered that the AWT ImageWatched class in OpenJDK did not
properly perform access control checks, An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions (CVE-2017-10110)
Jackson Davis discovered that the LambdaFormEditor class in the
Libraries component of OpenJDK did not correctly perform bounds checks
in the permuteArgumentsForm() function. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions and possibly execute arbitrary
code. (CVE-2017-10111)
It was discovered that a timing side-channel vulnerability existed
in the DSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10115)
It was discovered that the LDAP implementation in OpenJDK incorrectly
followed references to non-LDAP URLs. An attacker could use this to
specially craft an LDAP referral URL that exposes sensitive information
or bypass access restrictions. (CVE-2017-10116)
It was discovered that a timing side-channel vulnerability existed
in the ECDSA implementation in OpenJDK. An attacker could use this
to expose sensitive information. (CVE-2017-10118)
Ilya Maykov discovered that a timing side-channel vulnerability
existed in the PKCS#8 implementation in OpenJDK. An attacker could
use this to expose sensitive information. (CVE-2017-10135)
It was discovered that the Elliptic Curve (EC) implementation
in OpenJDK did not properly compute certain elliptic curve
points. An attacker could use this to expose sensitive
information. (CVE-2017-10176)
It was discovered that OpenJDK did not properly restrict weak key
sizes in some situations. An attacker could use this to specially
construct an untrusted Java application or applet that could escape
sandbox restrictions. (CVE-2017-10193)
It was discovered that OpenJDK did not properly enforce disabled
algorithm restrictions on X.509 certificate chains. An attacker
could use this to expose sensitive information or escape sandbox
restrictions. (CVE-2017-10198)
It was discovered that OpenJDK did not properly perform access control
checks when handling Web Service Definition Language (WSDL) XML
documents. An attacker could use this to expose sensitive information.
(CVE-2017-10243)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
openjdk-8-jdk 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jdk-headless 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre-headless 8u131-b11-2ubuntu1.17.04.2
openjdk-8-jre-zero 8u131-b11-2ubuntu1.17.04.2
Ubuntu 16.04 LTS:
openjdk-8-jdk 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jdk-headless 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-headless 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-jamvm 8u131-b11-2ubuntu1.16.04.2
openjdk-8-jre-zero 8u131-b11-2ubuntu1.16.04.2
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3366-1
CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078,
CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090,
CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107,
CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111,
CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135,
CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.17.04.2
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-2ubuntu1.16.04.2
[USN-3367-1] gdb vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZeMx1AAoJEGVp2FWnRL6TkgQP/1wju1DYDeybTyNHStSq2yY8
bFzQWwlAWPI0OIkBGaDVkehj6kSg26J5KIoHO/HGHyp5hY3NXFgLdRMWDqTKw1dv
LVYk2q18q53WZ2F4To584Qfs9MXdXURVGbnnutsLjKDs/dkxEv4jqQArBWYxoA2z
pTzuQyuLdiREzcJKzBQknbRJNYcMayEF8ywtQFiIYJ9QYSmqYAS/RGeJdP6LBpW/
2QPrHkuLXc0RfZlIuEs9Myu32rwRleZ+Xkxms92eIuJxf8Tu9IFp3HP9U+goWc/n
dWBgdDwXf95Q2myzQRUdnDq6auC52xJarF7heKEHvVA1kvVADzEAei/ErJz+Sbzu
RYfMjruOXDEZhTp9xutyqgV1946g+0L0P48kBBz++D5D8xi18hC5dd9lRlZJKVyV
f16z0KTR6rxTCZw1HcIMQbKRhuJMYlv6v2d7zyA47SrDtK2CgiGtwsHYCiLsjSE3
pGjHHjc2WRzNh1X/TNCdyKHLK6hkQD9KyUB65Wg2LPhYq1SIoO2JqXEbwJhvP417
U3OyZgvqIR+Kr24s/sAiumDuvdpstRQ/AlLklXdNx15iV7Y28O/fNHYtdbSFRdEo
ZWLPRcWDTC7bG2SeXVHX+7khb59L6yOyxMCYVuGkfkfl9yXf0cG9zOxN6pB+51/6
0H6a+RDj8z0xhOIxepkT
=a2iE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3367-1
July 26, 2017
gdb vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in gdb.
Software Description:
- gdb: GNU Debugger
Details:
Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT
headers in PE executables. If a user or automated system were tricked into
processing a specially crafted binary, a remote attacker could use this
issue to cause gdb to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-8501)
It was discovered that gdb incorrectly handled printing bad bytes in Intel
Hex objects. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
gdb to crash, resulting in a denial of service. This issue only applied to
Ubuntu 14.04 LTS. (CVE-2014-9939)
It was discovered that gdb incorrectly handled certain string operations.
If a user or automated system were tricked into processing a specially
crafted binary, a remote attacker could use this issue to cause gdb to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-2226)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
gdb 7.12.50.20170314-0ubuntu1.1
Ubuntu 16.04 LTS:
gdb 7.11.1-0ubuntu1~16.5
Ubuntu 14.04 LTS:
gdb 7.7.1-0ubuntu5~14.04.3
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3367-1
CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491,
CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/gdb/7.12.50.20170314-0ubuntu1.1
https://launchpad.net/ubuntu/+source/gdb/7.11.1-0ubuntu1~16.5
https://launchpad.net/ubuntu/+source/gdb/7.7.1-0ubuntu5~14.04.3
Version: GnuPG v2
iQIcBAEBCgAGBQJZeMx1AAoJEGVp2FWnRL6TkgQP/1wju1DYDeybTyNHStSq2yY8
bFzQWwlAWPI0OIkBGaDVkehj6kSg26J5KIoHO/HGHyp5hY3NXFgLdRMWDqTKw1dv
LVYk2q18q53WZ2F4To584Qfs9MXdXURVGbnnutsLjKDs/dkxEv4jqQArBWYxoA2z
pTzuQyuLdiREzcJKzBQknbRJNYcMayEF8ywtQFiIYJ9QYSmqYAS/RGeJdP6LBpW/
2QPrHkuLXc0RfZlIuEs9Myu32rwRleZ+Xkxms92eIuJxf8Tu9IFp3HP9U+goWc/n
dWBgdDwXf95Q2myzQRUdnDq6auC52xJarF7heKEHvVA1kvVADzEAei/ErJz+Sbzu
RYfMjruOXDEZhTp9xutyqgV1946g+0L0P48kBBz++D5D8xi18hC5dd9lRlZJKVyV
f16z0KTR6rxTCZw1HcIMQbKRhuJMYlv6v2d7zyA47SrDtK2CgiGtwsHYCiLsjSE3
pGjHHjc2WRzNh1X/TNCdyKHLK6hkQD9KyUB65Wg2LPhYq1SIoO2JqXEbwJhvP417
U3OyZgvqIR+Kr24s/sAiumDuvdpstRQ/AlLklXdNx15iV7Y28O/fNHYtdbSFRdEo
ZWLPRcWDTC7bG2SeXVHX+7khb59L6yOyxMCYVuGkfkfl9yXf0cG9zOxN6pB+51/6
0H6a+RDj8z0xhOIxepkT
=a2iE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3367-1
July 26, 2017
gdb vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in gdb.
Software Description:
- gdb: GNU Debugger
Details:
Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT
headers in PE executables. If a user or automated system were tricked into
processing a specially crafted binary, a remote attacker could use this
issue to cause gdb to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-8501)
It was discovered that gdb incorrectly handled printing bad bytes in Intel
Hex objects. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
gdb to crash, resulting in a denial of service. This issue only applied to
Ubuntu 14.04 LTS. (CVE-2014-9939)
It was discovered that gdb incorrectly handled certain string operations.
If a user or automated system were tricked into processing a specially
crafted binary, a remote attacker could use this issue to cause gdb to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-2226)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
gdb 7.12.50.20170314-0ubuntu1.1
Ubuntu 16.04 LTS:
gdb 7.11.1-0ubuntu1~16.5
Ubuntu 14.04 LTS:
gdb 7.7.1-0ubuntu5~14.04.3
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3367-1
CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491,
CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/gdb/7.12.50.20170314-0ubuntu1.1
https://launchpad.net/ubuntu/+source/gdb/7.11.1-0ubuntu1~16.5
https://launchpad.net/ubuntu/+source/gdb/7.7.1-0ubuntu5~14.04.3
[USN-3368-1] libiberty vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZeMyOAAoJEGVp2FWnRL6Tv7IP+wc7qgnDNBPWG1FmxLKiJY/h
4KT9VIpFAAJBNGwv2zmLFOsPGfn4Y6i5/5yqDyp1EBy3npbEZoa89vIBWQf2szXl
c71pZ9Ob774pAnHzGN61AGju37wyUB2EY+lTwftjW0MxkFSxyFIAVtZmRz6ucqFk
M3mniNXeLeuZyN7xX63v3H8XJi4QIqot/YJWRI444GOQ9zDbFT+0H7+6jmRyl+sH
UOvHArqOZPRDmBlRS83yOY2AzH0EA2jgHwl071HLey32Sy4TCLZfN/aGk5GfSX6G
UO6/RrZk6010+l/1N7ZOBNslPLE3Q8lHHueIoueqL/FOUuvsVkUQ1nzAGu01T3D1
HE7dyERSbh5SibWawAUGOtUtRag77rbCpC8H6XN5KD1oLzNUw2P5RpZPSYB4W4YX
It5rXfSZpa4tKqLzaH2rHpYP+JB2o+PlLA4E1PxAiqCh5crrXw9OcfPuxlzqQJL+
LoqJosMXnZ/yAmo5hApXScW8VLtlICV9vChPw+bDPLzuJDtY+DE+BkiZZCdq2Sm7
hO+JQaWNxYH4CsxIckPnzdeJj3BPDqqx06TFzSgwaRGOWbrjK4J5kad7yQHLjGLm
CBpcpdeNcEoSnTsDESiZ/nyXDfStXCSOLKI7saJ0tvjaHPXqJLGxyHfVawtwryou
PzQez5OxZkYEIIsGKEHg
=U6I1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3368-1
July 26, 2017
libiberty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libiberty.
Software Description:
- libiberty: library of utility functions used by GNU programs
Details:
It was discovered that libiberty incorrectly handled certain string
operations. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2226)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libiberty-dev 20161220-1ubuntu0.2
Ubuntu 16.04 LTS:
libiberty-dev 20160215-1ubuntu0.2
Ubuntu 14.04 LTS:
libiberty-dev 20131116-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3368-1
CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/libiberty/20161220-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20160215-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20131116-1ubuntu0.2
Version: GnuPG v2
iQIcBAEBCgAGBQJZeMyOAAoJEGVp2FWnRL6Tv7IP+wc7qgnDNBPWG1FmxLKiJY/h
4KT9VIpFAAJBNGwv2zmLFOsPGfn4Y6i5/5yqDyp1EBy3npbEZoa89vIBWQf2szXl
c71pZ9Ob774pAnHzGN61AGju37wyUB2EY+lTwftjW0MxkFSxyFIAVtZmRz6ucqFk
M3mniNXeLeuZyN7xX63v3H8XJi4QIqot/YJWRI444GOQ9zDbFT+0H7+6jmRyl+sH
UOvHArqOZPRDmBlRS83yOY2AzH0EA2jgHwl071HLey32Sy4TCLZfN/aGk5GfSX6G
UO6/RrZk6010+l/1N7ZOBNslPLE3Q8lHHueIoueqL/FOUuvsVkUQ1nzAGu01T3D1
HE7dyERSbh5SibWawAUGOtUtRag77rbCpC8H6XN5KD1oLzNUw2P5RpZPSYB4W4YX
It5rXfSZpa4tKqLzaH2rHpYP+JB2o+PlLA4E1PxAiqCh5crrXw9OcfPuxlzqQJL+
LoqJosMXnZ/yAmo5hApXScW8VLtlICV9vChPw+bDPLzuJDtY+DE+BkiZZCdq2Sm7
hO+JQaWNxYH4CsxIckPnzdeJj3BPDqqx06TFzSgwaRGOWbrjK4J5kad7yQHLjGLm
CBpcpdeNcEoSnTsDESiZ/nyXDfStXCSOLKI7saJ0tvjaHPXqJLGxyHfVawtwryou
PzQez5OxZkYEIIsGKEHg
=U6I1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3368-1
July 26, 2017
libiberty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libiberty.
Software Description:
- libiberty: library of utility functions used by GNU programs
Details:
It was discovered that libiberty incorrectly handled certain string
operations. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2226)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libiberty-dev 20161220-1ubuntu0.2
Ubuntu 16.04 LTS:
libiberty-dev 20160215-1ubuntu0.2
Ubuntu 14.04 LTS:
libiberty-dev 20131116-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3368-1
CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/libiberty/20161220-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20160215-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20131116-1ubuntu0.2
Tuesday, July 25, 2017
[FreeBSD-Announce] FreeBSD 11.1-RELEASE Now Available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
FreeBSD 11.1-RELEASE Announcement
The FreeBSD Release Engineering Team is pleased to announce the
availability of FreeBSD 11.1-RELEASE. This is the second release of the
stable/11 branch.
Some of the highlights:
* Clang, LLVM, LLD, LLDB, and libc++ have been updated to version
4.0.0.
* Many third-party (contributed) software updates, such as the Elf Tool
Chain, ACPICA, libarchive(3), ntpd(8), unbound(8), and more.
* Support for blacklistd(8) has been added to OpenSSH.
* The zfsbootcfg(8) utility has been added, providing one-time
boot.config(5)-style options for zfsboot(8).
* The efivar(8) utility has been added, providing an interface to
manage UEFI variables.
* Support for Microsoft(R) Hyper-V(TM) Generation 2 virtual machines
has been added.
* The ena(4) driver has been added, providing support for "next
generation" Enhanced Networking on the Amazon(R) EC2(TM) platform.
* The NFS client now supports the Amazon(R) Elastic File System(TM)
(EFS).
* The EFI loader can now access remote files via TFTP in addition to
NFS as a runtime configuration option.
* ZFS now stores compressed data in cache, improving cache hit rates
and performance.
* Several updates to provide build reproducibility.
For a complete list of new features and known problems, please see the
online release notes and errata list, available at:
* https://www.FreeBSD.org/releases/11.1R/relnotes.html
* https://www.FreeBSD.org/releases/11.1R/errata.html
For more information about FreeBSD release engineering activities, please
see:
* https://www.FreeBSD.org/releng/
Availability
FreeBSD 11.1-RELEASE is now available for the amd64, i386, powerpc,
powerpc64, sparc64, armv6, and aarch64 architectures.
FreeBSD 11.1-RELEASE can be installed from bootable ISO images or over
the network. Some architectures also support installing from a USB memory
stick. The required files can be downloaded as described in the section
below.
SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card
images are included at the bottom of this message.
PGP-signed checksums for the release images are also available at:
* https://www.FreeBSD.org/releases/11.1R/signatures.html
A PGP-signed version of this announcement is available at:
* https://www.FreeBSD.org/releases/11.1R/announce.asc
Note for those upgrading from 11.1-RC2 in VirtualBox(TM):
If system panics were experienced when upgrading from 11.1-RC1 to
11.1-RC2, and the emulators/virtualbox-ose-additions{,-nox11} port was
built locally as a resolution, the port will either need to be rebuilt
when upgrading from 11.1-RC2 to 11.1-RELEASE, or reinstall the package
from the pkg(8) mirrors using either:
# pkg install -f virtualbox-ose-additions
or:
# pkg install -f virtualbox-ose-additions-nox11
To ensure the system does not panic after rebooting into the updated
kernel, it is recommended to disable the vboxguest service in rc.conf(5)
prior to rebooting the system if possible, or use pkg(8) to forcefully
reinstall the package.
Systems being upgraded from 11.1-RC1 and earlier and 11.1-RC3 to
11.1-RELEASE should be unaffected.
The purpose of the images provided as part of the release are as follows:
dvd1
This contains everything necessary to install the base FreeBSD
operating system, the documentation, debugging distribution sets,
and a small set of pre-built packages aimed at getting a
graphical workstation up and running. It also supports booting
into a "livefs" based rescue mode. This should be all you need if
you can burn and use DVD-sized media.
disc1
This contains the base FreeBSD operating system. It also supports
booting into a "livefs" based rescue mode. There are no pre-built
packages.
bootonly
This supports booting a machine using the CDROM drive but does
not contain the installation distribution sets for installing
FreeBSD from the CD itself. You would need to perform a network
based install (e.g., from an HTTP or FTP server) after booting
from the CD.
memstick
This can be written to an USB memory stick (flash drive) and used
to do an install on machines capable of booting off USB drives.
It also supports booting into a "livefs" based rescue mode. There
are no pre-built packages.
As one example of how to use the memstick image, assuming the USB
drive appears as /dev/da0 on your machine something like this
should work:
# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
mini-memstick
This can be written to an USB memory stick (flash drive) and used
to boot a machine, but does not contain the installation
distribution sets on the medium itself, similar to the bootonly
image. It also supports booting into a "livefs" based rescue
mode. There are no pre-built packages.
As one example of how to use the mini-memstick image, assuming
the USB drive appears as /dev/da0 on your machine something like
this should work:
# dd if=FreeBSD-11.1-RELEASE-amd64-mini-memstick.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
FreeBSD/arm SD card images
These can be written to an SD card and used to boot the supported
arm system. The SD card image contains the full FreeBSD
installation, and can be installed onto SD cards as small as
512Mb.
For convenience for those without console access to the system, a
freebsd user with a password of freebsd is available by default
for ssh(1) access. Additionally, the root user password is set to
root, which it is strongly recommended to change the password for
both users after gaining access to the system.
To write the FreeBSD/arm image to an SD card, use the dd(1)
utility, replacing KERNEL with the appropriate kernel
configuration name for the system.
# dd if=FreeBSD-11.1-RELEASE-arm-armv6-KERNEL.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
FreeBSD 11.1-RELEASE can also be purchased on CD-ROM or DVD from several
vendors. One of the vendors that will be offering FreeBSD 11.1-based
products is:
* FreeBSD Mall, Inc. https://www.freebsdmall.com
Pre-installed virtual machine images are also available for the amd64
(x86_64), i386 (x86_32), and AArch64 (arm64) architectures in QCOW2, VHD,
and VMDK disk image formats, as well as raw (unformatted) images.
FreeBSD 11.1-RELEASE amd64 is also available on these cloud hosting
platforms:
* Amazon(R) EC2(TM):
AMIs are available in the following regions:
ap-south-1 region: ami-8a760ee5
eu-west-2 region: ami-f2425396
eu-west-1 region: ami-5302ec2a
ap-northeast-2 region: ami-f575ab9b
ap-northeast-1 region: ami-0a50b66c
sa-east-1 region: ami-9ad8acf6
ca-central-1 region: ami-622e9106
ap-southeast-1 region: ami-6d75e50e
ap-southeast-2 region: ami-bda2bede
eu-central-1 region: ami-7588251a
us-east-1 region: ami-70504266
us-east-2 region: ami-0d725268
us-west-1 region: ami-8b0128eb
us-west-2 region: ami-dda7bea4
AMIs will also available in the Amazon(R) Marketplace once they have
completed third-party specific validation at:
https://aws.amazon.com/marketplace/pp/B01LWSWRED/
* Google(R) Compute Engine(TM):
Instances can be deployed using the gcloud utility:
% gcloud compute instances create INSTANCE \
--image freebsd-11-1-release-amd64 \
--image-project=freebsd-org-cloud-dev
% gcloud compute ssh INSTANCE
Replace INSTANCE with the name of the Google Compute Engine instance.
* Hashicorp/Atlas(R) Vagrant(TM):
Instances can be deployed using the vagrant utility:
% vagrant init freebsd/FreeBSD-11.1-RELEASE
% vagrant up
* Microsoft(R) Azure(TM):
FreeBSD virtual machine images will be available once they have
completed third-party specific validation at:
https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.FreeBSD111?tab=Overview
Download
FreeBSD 11.1-RELEASE may be downloaded via https from the following site:
* https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.1/
FreeBSD 11.1-RELEASE virtual machine images may be downloaded from:
* https://download.freebsd.org/ftp/releases/VM-IMAGES/11.1-RELEASE/
For instructions on installing FreeBSD or updating an existing machine to
11.1-RELEASE please see:
* https://www.FreeBSD.org/releases/11.1R/installation.html
Support
Based on the new FreeBSD support model, the FreeBSD 11 release series
will be supported until at least September 30, 2021. This point release,
FreeBSD 11.1-RELEASE, will be supported until at least three months after
FreeBSD 11.2-RELEASE. Additional support information can be found at:
* https://www.FreeBSD.org/security/
Acknowledgments
Many companies donated equipment, network access, or man-hours to support
the release engineering activities for FreeBSD 11.1 including The
FreeBSD Foundation, Yahoo!, NetApp, Internet Systems Consortium, ByteMark
Hosting, Sentex Communications, New York Internet, Juniper Networks,
NLNet Labs, iXsystems, and Yandex.
The release engineering team for 11.1-RELEASE includes:
Glen Barber <gjb@FreeBSD.org> Release Engineering Lead,
11.1-RELEASE Release Engineer
Konstantin Belousov <kib@FreeBSD.org> Release Engineering
Bryan Drewery <bdrewery@FreeBSD.org> Release Engineering, Package
Building
Marc Fonvieille <blackend@FreeBSD.org> Release Engineering, Documentation
Rodney Grimes <rgrimes@FreeBSD.org> Release Engineering Emeritus
Xin Li <delphij@FreeBSD.org> Release Engineering, Security
Officer
Remko Lodder <remko@FreeBSD.org> Security Team Liaison
Hiroki Sato <hrs@FreeBSD.org> Release Engineering, Documentation
Gleb Smirnoff <glebius@FreeBSD.org> Release Engineering, Security
Officer Deputy
Marius Strobl <marius@FreeBSD.org> Release Engineering Deputy Lead
Robert Watson <rwatson@FreeBSD.org> Release Engineering
Trademark
FreeBSD is a registered trademark of The FreeBSD Foundation.
ISO Image Checksums
amd64 (x86_64):
SHA512 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso) = aa5891b9ab0bd2a1c13fdffd3ab80998f3d17bc54afeae0c183cf286d746f9b5eb8e1bd6b1a5598aeb36419fd1ca0becfa02d3f9854f382b1d7ad0cc2423f47f
SHA512 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso.xz) = d267e66a434c40ed409862ecdbe1610f3ced7a11cfc6f3b4ac59bd849d169169982ab8b028681c6daf30f6cf0815aec3b3c89fdfb1c442bef193ece1143dc605
SHA512 (FreeBSD-11.1-RELEASE-amd64-disc1.iso) = cd35b6b406724416c436ae5eb73943d8248e267aee608c0539a969ae79e0201e6590a9ad7550162fecfb21d577ff40edafbf934ab45fda61c8f3d2c30c1f1e05
SHA512 (FreeBSD-11.1-RELEASE-amd64-disc1.iso.xz) = 68fd11b8ea4c109b658078b667114a4ac2abe5c9c82ae402ac42df5de35d8a2950935947fc08394b5760346afba8e043ad077322bca00d714b2b569371193496
SHA512 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso) = a6aa4363270c14620a291baf4db377785dbccfa9c92c1c1d5f01453400259f63de4ba0b033ec6f415056fc7e563d99cb327c869c95f68a1871baf86bfe7e7024
SHA512 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso.xz) = 2c6c60839441f95f2f849aedf0c672366f33e35f2b81be0c6ca0b35c3fd7abd339f6faf1ef3e933322ff1d2879f005dc8d9378fb2b46c357e3d01f499442c0cc
SHA512 (FreeBSD-11.1-RELEASE-amd64-memstick.img) = f42b04c4db7b783bfb5758e5f32ebba2db2bd2d8f57e1153dd29ea71f3d758e9995c89017e2c230291b7a93d4d7b434a5c3d6a9e685431170707c146de2b4284
SHA512 (FreeBSD-11.1-RELEASE-amd64-memstick.img.xz) = 5435027ea310fb72f521b4580e9c20b89f917f2eb611f97f55db94ddce251ad3949500f0ad3aa2e8734a3f61766d7276ff2a9874533d737f7f64618013cf2f2d
SHA512 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img) = d88a76291a4674c54c610756dd45d4eb8bfbfedfb3b036be79d1e70832f93d5a9b96252b4d2f7aac7b701ee79e7faabe06b3caa8883bd5d7f8cd2aaa9930427b
SHA512 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img.xz) = dbe066cb726b375eebca397aff12d18d6e48ad6c84b776253aabc2bbdff8fb9742e17fb68356581b0b20709002fdf9c3c77eccfd9c0c745e8f93a830264148a5
SHA256 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso) = ab1539894e74aef77c1c4729fbd2362fc3bd30b71f24db68e1b0307723b72752
SHA256 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso.xz) = 1f83538d95435d1475216a97fc6e5158cc7fe2e7d74c6182bc77c90b6ae6c40c
SHA256 (FreeBSD-11.1-RELEASE-amd64-disc1.iso) = ff4c749ea0aaaceedb2432ba3e0fd0c1b64f5a72141b1ec06b9ced52b5de0dbf
SHA256 (FreeBSD-11.1-RELEASE-amd64-disc1.iso.xz) = cd6cd655f79e9cbf61cb9a5d324dfe451f0dae33ea556232d9101d96ee9f258d
SHA256 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso) = 49e8f32e0a097a1ab411cb85f1adf6d78ba931ff557a07cd1e84af62a47c2d6f
SHA256 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso.xz) = 1b953e083722d4b285307cb853313abe40eb137df9220a4dc537164179d38881
SHA256 (FreeBSD-11.1-RELEASE-amd64-memstick.img) = d4c58df629c7db6bf2ee2d43ae7f7b9e1c8b98fca0b89dd1afa1bed21891ecc2
SHA256 (FreeBSD-11.1-RELEASE-amd64-memstick.img.xz) = d113591c7a7b7df2bc136c477c11fbadf4e9c87133ba5a5f27ed99f7b925b8f5
SHA256 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img) = 67abef93e1c0ac88cda57cf6e1ef9b32ecec56b3b4de132dd252285fea391462
SHA256 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img.xz) = 519e53941325cf5a2959b1526702adcdd8b0a65e98d8ce00dfb23d55427056cb
i386 (x86):
SHA512 (FreeBSD-11.1-RELEASE-i386-bootonly.iso) = 44a9d31942c7dadb4db658a2e0945d99435db40953a3e3d9d79256f450cbd908b2051e923665502525435179da12c147a357759659eaa90ca2503e47645457cf
SHA512 (FreeBSD-11.1-RELEASE-i386-bootonly.iso.xz) = ce93658f24a29870f80b93831020192132ea19e024af84d9b22aa9fb457424f8f915215ec2ce5e0592af98ce1214f0eea154a67596081822637e937efc64553c
SHA512 (FreeBSD-11.1-RELEASE-i386-disc1.iso) = bf7839ff0a2db9821f65e59946c4e647f52a88c899b8a1066c8ddbbc3c23accd1f569a4f90add717af9a5467644a530e1a8c5b18dd1b722a623f1d013e766348
SHA512 (FreeBSD-11.1-RELEASE-i386-disc1.iso.xz) = 26c71fbdccb55ac5289da8169e203a75a640e5bda386431ee428b297fc4843ff6bea04efb026f9dc5e7e4066e7b59d830e928d0e3dc7be089892b6f7a7eaa746
SHA512 (FreeBSD-11.1-RELEASE-i386-dvd1.iso) = 082ebce2665b2da58e12e56c5fa7cc0cd92934fdf99b38132a0ba6ff540a8a0ab6c3c03971312946d5c23aff8f2b0855582a3a0c9beb6e4db3472433113cb06f
SHA512 (FreeBSD-11.1-RELEASE-i386-dvd1.iso.xz) = 0d3cfe5490860f2f41393e84fc598d0f1ac8f6195ebfaed01775822f36f18e093f2f2c8f98939b8c4f42f371f89d190c7a503dc225267ee1f4970deafe1f65b8
SHA512 (FreeBSD-11.1-RELEASE-i386-memstick.img) = 4402c09dec1799670fd8393c9732c416a3f70d10dac8db725531232258cb4ecd209fe234107b82b5c41045fd8bec7220192049056cd88858a8d69a61a048dc52
SHA512 (FreeBSD-11.1-RELEASE-i386-memstick.img.xz) = 050cfac52db078f3e6ce42e04a1b9c4f45a4f7d3d0831e34e4cfad8dfb3a2cc3735e2b1e74663efe39b331dacde7278bc5ef6a89bce566afb9f0dd52c1701932
SHA512 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img) = fd41b778870deafb1819595918b4bcde03addb1ff2dec526825332afd85d5b4ec4cfbb107c40f4f17ca203f2d3d14fb550f97e0eb6085511ea0b42ae26b18a7f
SHA512 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img.xz) = f231cd32c1b63b243659ea24a037d38026356e834c9df98aaeac14ca7dd74f652fa76a89a6f731a89b8cb73ab82234c91095dd4018591ba3aca099178e35e9dc
SHA256 (FreeBSD-11.1-RELEASE-i386-bootonly.iso) = 3986e61b373cbbfa80087630ac200a921a9c4c0c7c0c8e376eee5839d638c74c
SHA256 (FreeBSD-11.1-RELEASE-i386-bootonly.iso.xz) = 65d86b13f62bd0191aef9a34069a1900cb00218d4e670036cad648b191617573
SHA256 (FreeBSD-11.1-RELEASE-i386-disc1.iso) = e53ae5fc58fd2e28643ba4c64e2c49505cf9d84d22396e3633ee9670782aab57
SHA256 (FreeBSD-11.1-RELEASE-i386-disc1.iso.xz) = c11612a546eaf2fd7d3ea9516992ccd6dfff049da8e06723da5848865fe45d95
SHA256 (FreeBSD-11.1-RELEASE-i386-dvd1.iso) = c251633216b943414d16c7e4930f80a417604aeed3d4f88ca15d31fb4c5eaf86
SHA256 (FreeBSD-11.1-RELEASE-i386-dvd1.iso.xz) = f108216f75612b43f7a80ff21d20aee0cb038a011116ee1b66a53d4ed73716a6
SHA256 (FreeBSD-11.1-RELEASE-i386-memstick.img) = 8a3dd07aa98d777e429be03cb2c213b5e8745fe8976a52c0868ac8e536014d89
SHA256 (FreeBSD-11.1-RELEASE-i386-memstick.img.xz) = c3d88e1d32be923b86da4b2f335830b710f9c9a9e85448935997649665e70750
SHA256 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img) = e95e8555505479acc0b85bd19a5076e48408dfe943eedda7d093f075aec27902
SHA256 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img.xz) = e8f2cdf1c14845aa55f609f492b7d098fe11777901a3a2e27930520fdfe697ed
powerpc:
SHA512 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso) = c9f392d06750141a8b3f2defd0948e683faa81ffe2337d8bfa67e6baf42a016935b5202584cc28745c8856612fc0838bb94266e799e9fa7a13db75c5c6404183
SHA512 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso.xz) = baa942c5bd22474029f7509819830cd532947155c2f0c99c5e6420fc3f8439cf9b8ac23587ddf01ff4428837db020187df5326e6c0ae7565db6a88400420b2c8
SHA512 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso) = af14f9876fb72c1d77013aae85501d60837872250f1c901befe20539f31a99bd7fa02f5d150e38c2cdd1b3e023a7a75c8bd16175c85efee7e5fe83a5fee15c3f
SHA512 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso.xz) = 6f82212e77a635bae1a2fd4c4cac0481fbce5734da253b7690bd6bc9655bfab66f4c89da1f5fdf222798a011fc05e9832a0567f107a8cd044f2f69c0ff8edd30
SHA512 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso) = b1cf88ec31c3216e6d8a419289ea1e25772df8af452515852bfafffec1990045e6bdb29927e47e33ed999e70d30a9d00b2c3329006d168a75af54e0c785a9b14
SHA512 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso.xz) = 78672130d8b275bc6788106ff8979a2ffe5142d6b7950809f257568f2c99ad13b95d49d5e3842e1866e0ba0d23dd4737c932a84464e84128fa70cb63efc61962
SHA512 (FreeBSD-11.1-RELEASE-powerpc-memstick.img) = 4ddd8e9387dcff1bb65a8a18934d746b93205bcf49988624ec3fab0a8a26b0565ebdfc012b5d3910dfc6f8ff83f57a3e227ca368d9a85e37ed87aef11852802d
SHA512 (FreeBSD-11.1-RELEASE-powerpc-memstick.img.xz) = f7106d02f8c922c17257be4badf96f377380627b85ac9f1c8b3862c9ea17e0111d647b00313aa0c151cc2a37146743f536510401d12b7c36dfa46ab3421ae3a8
SHA512 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img) = d703f23f11d83d1d0e2dcafa1758df44f2dae00e6b8a13e1383a4c7a8276535abfd7e6d945d60e46425863d14673dba076b6051efb824aa4efd4ca8a1f2e3cfa
SHA512 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img.xz) = a0d900b3115988c5331565d4d2e6e48a75c0dca0845a08ee426d5b679ca8bb66f246d8a123cf152f8cbb50640dc4e4a94c3646600878e432c9fe88d09ea6a089
SHA256 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso) = 096d0498c0552bbbde30287b757bd4b9e91fa99f9bc5208b3500d83a05680c16
SHA256 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso.xz) = 298231f31d5dc346f3df22a95d6f09d337bf32629fcae8d583af5670c8d62087
SHA256 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso) = cac1989dfb8456fcc091168d42ba07a6f6c1f4c9ebe43c93888e96fe9ce3ec0e
SHA256 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso.xz) = fbcdc8ab194f204aaee5de9b4cd741ae4e3d6673cf960408c2ba723af02022ee
SHA256 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso) = 61d501f67217705c1875af05b2b59bb594993e6c37209cd53b78ed8aee91443b
SHA256 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso.xz) = a531f8fdd6b669abe2d1e809a60eabe2d4250354e431879552827c6546e746c5
SHA256 (FreeBSD-11.1-RELEASE-powerpc-memstick.img) = 01bd77bea01088e025a7021c0f103625af07c70489c63e49e0ad76e8a0e0e3d8
SHA256 (FreeBSD-11.1-RELEASE-powerpc-memstick.img.xz) = c89651f5fdf03654269850007b9bec518c36ec0c5d2c59f901b8a9e16e175179
SHA256 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img) = cea3405ed4adcdaf49a48f407415b898d88c6c46bd26fb2c461ad2090876f353
SHA256 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img.xz) = 7715bc142f13a1e3e98212f60005e55bb488c3add53d3af1c98a8207a1e4863a
powerpc64:
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso) = b42084942b270a6ff83d3581a54f2e773250647954abf8e01f871704fa5e798f81fa69ef5fe657402274b18e5abb508b560e16bbc77e71fcdc51d439de94df18
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = 3b4fbce3ed6544b9c8cf691f57b03104881424a59eb614ebe187df68bf6ab4b5bfa20becb1d82c91cc1aabb36af5bac02b64b7ca99d58778ea5b0a0cb571b0aa
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso) = 6a83956f2fcb4e304939ad5d8720e77929a503b44bf9b14268c9d569b4962422cf5f5480b7fc3c164164adf85219cb5f2b2c23dc8f33ec433c49626f17c6fb01
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 282588b1b12e3bc086297c5ee2642939eb1ea2bd82f030def0f596925905744b27414d9f7d95c34946dbb557fb8e3d6eec9c840ae43f0d2305e0718ce70ef62f
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso) = 8b22c024391e07683bf9694481f36c6a3307615f913ac76d80307815f62f95e761d084b5acd8d35f91bdb751ba3530450893d62a0ce7f694c0d651247cc7f623
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz) = 702cf923cd4bf1b5915b0ed8db831ec5827ed85f18270ed36cb063ae1c63abe6a0603f79b4a06c95376d8d8fc8a88772ce11c65e1935cf736bf0f54926bd8d48
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img) = 99dc11dc1559921a25cf3845254f0824eede6adf923f0c96bf996c0c49a66d0638d9d88e4d7f6e1ee22b69e78db78c544ae485fc5bb605534984bce7bd96a0dd
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img.xz) = 62eefcfdf8590e0df940c1e16bdd809f2297d92869a5280f30806a3a8f15d1bdde322b5bd33313f9a27ae764a144c85cc23d48c42dcb8aa4bd60cccdcbde3b17
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img) = 68a95ad190b58c8a02d2b327f713812e845df2d6b5af1486e4cd3c59ea50f3cac91ceca16f1bc11fec2f8b22e2dabb839179d3750b14e52f2b5416afa981460b
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = a164608cd9bb8e9de01ac7533e19774d5fc2f0ccf544f1ca6223242124f2b23a7dc98efe2abe344f1df7ec7570edb29f6082df12848efc12fcbc3b2d9ee1dd7c
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso) = e5686a66f2cd2ac11d71e5aa191fc5c2eb84c52fc22f3f1d1874e41dcc8f9634
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = 4cb9a5a1f19d1df89e48c5fa8dbc2f728b68c2ee843d387a055654ec43214e00
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso) = 9d9d547a5836e6a80d512e7be232795f7e784057903a787bab22cccf3808ccb1
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 069847372258993b087acb5e83ebfe89501eb7a61d68dd0d6b7204cd1ae26f54
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso) = d2c5562f69827e0874d9516121cdc984ef511a435a594f9eaecdef55966b266c
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz) = 40bcedef1dd952d411b5d59a052789a6b34507f031fdda2e1bd11d04ed62db7d
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img) = 2467a40de6102a539420e6bbf4be470be650cd8dd1956585b26a306977688f67
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img.xz) = 334ee611b07b51835a7245479bda0c9d98dee6fb5ee5063ac4869480d52ac49e
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img) = d3b531e2e2be9d6a782344f8fdc176007ef27a265ac458e986987c6612f784ac
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = 8ffb19bd1303fa9adfa2b0eaa64fe1eb3405b836dd9d7106cfa8896dc4a1c83a
sparc64:
SHA512 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso) = de59c9614c2a432e4c820df905a7446bf57f4390b56679d71d3e53080bc794c430e79a3ec2f22abe9e5cb215efea971d5a4a1ca19cec1b3ad0420f83b831bf8c
SHA512 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso.xz) = ea9d49c5437d6bb37d886f39017b373bd902cb69b93873520b20c8955b6b7e6cc3076d41d615baa142208da0e44953669467820804e98736a66e8302127bdf0f
SHA512 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso) = a37960372a1ffde8f7822d0b86224079e7798943b6b4421debed3ee1d0e7f70f878b2d06ffaecf714cb8600cc747863c927a799b4efd3946801edfe7eff279d8
SHA512 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso.xz) = 03a3e62ae16ef82604d0685b1dfdbdbb55305ff79ef321654802d5a3bb224a844a9df16f69bdde56eab93194cf92824216d1fde94cd4c52d6e9b15777fec9b27
SHA512 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso) = 9083db8e16155cb5599a613b63bf2507fd0625028a94689b0d13dd09645dc5f7f182c609ec3c5a9d2bc9a04831f11aabcd5b1dba1bc3b94ad3c6135b3885ffa9
SHA512 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso.xz) = 0bd8318a710f2df1f8321dc5516c6a1259911c5317880114adfdc9358ca54953eba80b1f4a1f75b445d654f93115300079cff004050d21f2201d3b717f375c1f
SHA256 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso) = e76165d20f2215c05f63201d88289cc91d5af654a2b1ad940f9f634e56d9992c
SHA256 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso.xz) = 793a0b4b5c0a759a647964a48479b24baf31e2a88330042474cb479cb46a3780
SHA256 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso) = 8d8fdb03ef10405ea222addf35d5273a4a1c034b563193c183a55dbf14fa15c8
SHA256 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso.xz) = 9599ca5b7c002eac5b0849a044c893bc161d9d7f681eae415e49ec3520485775
SHA256 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso) = 3f1af43e4159963257b8fc83a97ca421fbc4ffc8641e31dfe25d832a06a7c7e6
SHA256 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso.xz) = a97263c62e98c77c2e96af44b45da536817e56b97d89a2fda702b992fe33794a
aarch64:
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img) = 8643121512cd0c559042f9a80a239a44eda5a5817755203d54ed963b06e1afc20a623a82c62cb5fdccee42aa6fe79a33dff765f44deaaeef1b368aecbb76c859
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img.xz) = efb22179e89482eb7bf1cf7a9e53ea882c47ef599f45b7b5fbb153d99667de1b5fef2da109559e9224db06d9913c456d29ccc8f14c51eeafb9a3bc2c9b1623ca
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img) = 5eb5d3e2e5586524bdc1a54f8234da854aeb870ca52f99d645cff98f72f894b4a6252a04eb8430cfe03e03ecff2f478f8cd43bca91e95204e569300fe70286d3
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = 6b157359aee8537320a3b0fc68b7a4a5cc80c29821f8252b7fab2ecdfe5b4a78e37d39bba7aae9e79e0be14e1c76168cb05c800ded6d1a9560d7c04cc8cdcac3
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img) = c8f60b7376b8ba48379d658da3cfce07552461ff11b92717f8b6e652591e8684
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img.xz) = 883d4523c1b035f268587f1b7613dd6e616e6f48d4a5beff7e87e526a4a6fbb2
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img) = 61d2a29631b5ed4661a93dc2fb377eeab5651bf893ba468c6e0c211c99baa3f8
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = 2ffe85b6ba20ede3736204fc6959d87925c4b31f42f15684ba8766b6481493f0
armv6 BANANAPI:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-BANANAPI.img.xz) = e61c8c7bd4ba16590d3afc1805a2a08bff86c12f5561eaf1be0236bc510d6ee3315a94d3cedf7034182fb9b88d5beaae764cb94f20bcbf5ebaf56b9ed9a0a3e7
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-BANANAPI.img.xz) = d85540e9f6af6d5bd12b2c1f95b67cba1997cbf5e27ee4b520ff99ef8489bd86
armv6 BEAGLEBONE:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-BEAGLEBONE.img.xz) = 9ebe1aad5675657c5b22e445c397826b3f7cca837c02de10f6115e30a2d1b9d3a1d7411c93aeb1791c196bcc34ce3704320d53535e3e819a524197efb0e192b0
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-BEAGLEBONE.img.xz) = 66fb05143c93f6b4290c79aac41623a097140be6fd8e95639dfcecfc7486b2a6
armv6 CUBIEBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD.img.xz) = 0e0bf9fc8541feb224bbe0b80270985cf65141007047bbe4825ad81641d4fa10af79ec1ab7f6b4a9eb173566099e755f1d2662420ce90dd0a273dbc65e957a4f
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD.img.xz) = c2ada7cba57126d55523ca47aba15b58a612ead90435870f65ef4239f916645c
armv6 CUBIEBOARD2:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD2.img.xz) = 4dc1abeb8e779797fef5f034f427461f33d0fcbae86f94ddacb6bc2766e141aa250f9240e6903c99bfe9d1e64cba2dd6566ad760ff061314e8404f87e39f40fb
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD2.img.xz) = 8ca59f6d5ad6608866f99a51b69dc029588058e0f1ee951ce7074fc37d65fe84
armv6 CUBOX-HUMMINGBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBOX-HUMMINGBOARD.img.xz) = 7634db1a425a92e3cbeef699a516633e2acc3af84a65927d1759d5ea157be0a5c812736a1af76aa3afd73ec044a0dab6758750469efd9675123ad448bcf30c3f
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBOX-HUMMINGBOARD.img.xz) = b2de919a118dd0c9dc70a123245af5ec5cb1b80f7ff774d9437ddafc90bea7e4
armv6 GUMSTIX:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-GUMSTIX.img.xz) = 5a9244419d4b8188ea0dd7eec8d79443465ecc62eb4d6964f8231ccd0455ebbc744da0919fd57979d0d45bb011ea9699b96be15a5bc443feb6f3b718fb968bbf
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-GUMSTIX.img.xz) = 6dcd75e4b223fd6a641138885d381ac77e93b3fe4de00f170b488a7187a1d45b
armv6 RPI-B:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-RPI-B.img.xz) = 6afc1640e0c857bca73bfccbf7d21cb88cea76fcc082825a3cfe82bd45dbcc989fe6b54af76dfaac7c3cc794b55e74147290caa114dd7effd62e5699ed9ef5eb
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-RPI-B.img.xz) = e222992064d6db616dc3112d58429b8e31a627140901c57cbd1a302730d5714b
armv6 RPI2:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-RPI2.img.xz) = c7c74243c31569e90ec22f71f8d5780c647b53409752182483f6570b8a4b42b5fd456a57223a2d3e6502c8351ebfcdd9500884737457920e932c0fb134f1dffc
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-RPI2.img.xz) = 7376a533f8368d4841e3d81476ada4b0684870a03818e3dd30aea8ab2504626e
armv6 PANDABOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-PANDABOARD.img.xz) = c8c7ffeaaf8d60882a16dee828078266b1a522a56ae77ac2c4539393958542dcc77b5240a8463922929c07690b8dc9824cb6174abaaf7a8d1f27730f2aa2b4c0
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-PANDABOARD.img.xz) = d72e3c6e529b2b46f12f08367b9c23b48f0ee006594d8c6c3beefcc8197502c7
armv6 WANDBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-WANDBOARD.img.xz) = f074f75054e575f7b6a3d1b8e8912dec7f0ef1842dbab4d4456a8a9b67ee4c5d18f408ee9a809b3ec5a223ff21a23f83380927343de5951a115c1ce469e37f3d
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-WANDBOARD.img.xz) = 6a4239b9f87ac8b0d4c767cf2bfa38405fad198c5b8a4044e1151855d0fe18a6
Virtual Machine Disk Image Checksums
amd64 (x86_64):
SHA512 (FreeBSD-11.1-RELEASE-amd64.qcow2.xz) = 88e0d88058d2748732706f88c1d27b51447430968f1acbb645749d3201c9766eba31046784148355b7a0ecbbf87ac159363d3a38a65b19482e0900e2d97fd05a
SHA512 (FreeBSD-11.1-RELEASE-amd64.raw.xz) = c569776334131fdc85cd25a2a0d5aecafdc3e4b2e6e010dffaa2488d934293ce4f091f23481079dd91ad20dfd2dfc3d3487707096c59448f1d8914c5d7d6b582
SHA512 (FreeBSD-11.1-RELEASE-amd64.vhd.xz) = 2c63d0d515e6bb02001847d83c302cf3d1a32ab21062b2b98fa30a1524315e1680c3f5099944b30f7d24e512dcc78bdd922fe7a821ffa5a1b5ea6947f34fc2ca
SHA512 (FreeBSD-11.1-RELEASE-amd64.vmdk.xz) = aeb43f94a8e6dfa663f1bc69f53317a49a073a376bfa707ea5df02b94ae58edb3c127eb4f791803232f19c99a505feab67225a512ea2cc3bed41577e178d0089
SHA256 (FreeBSD-11.1-RELEASE-amd64.qcow2.xz) = 9e9f0fe9c7e3be2dc8b742f416541eedff2f005a0a2dda61a959cb2789ce78a9
SHA256 (FreeBSD-11.1-RELEASE-amd64.raw.xz) = 233c6b269a29c1ce38bb4eb861251d1c74643846c1de937b8e31cc0316632bc0
SHA256 (FreeBSD-11.1-RELEASE-amd64.vhd.xz) = 4e287c0504f0ecb63fc9140901c1bc31baf1fe74a6d2314426afaa73886dae58
SHA256 (FreeBSD-11.1-RELEASE-amd64.vmdk.xz) = 373c606f065c5850e722fcc92a1cbdb3ce72fbdf4162916e4c1281363a13e5b6
i386 (x86):
SHA512 (FreeBSD-11.1-RELEASE-i386.qcow2.xz) = 50a62e269d5e64e31cb8d10d9c5ff52fd3035375ba5a7c9f07f99f94db2d97bc02a9e0498e6e2d6ca7ccba34ceb71c2cf0fec75c88f75b66468de73bfdf996a2
SHA512 (FreeBSD-11.1-RELEASE-i386.raw.xz) = cbe00b009953845c9d968a8a7d4334f173f5d92654b643cec0fa03a979049a520c0e20d52d57b9907e8bc6c3678100fda936e6fed8a77a96d6d46c894b0de706
SHA512 (FreeBSD-11.1-RELEASE-i386.vhd.xz) = 07c276988cc3e4c29ed61508ccefde2948a427d0df0fb4a816982c46b5694d74448fc422b3323c825922405aeadb0a56e7947251e3422b3436b10ec1f19cbb3b
SHA512 (FreeBSD-11.1-RELEASE-i386.vmdk.xz) = 1904b85abf75e9b164ec22f88b72ae4942d6391b7b275c412b9561ca8d76b7f0218d4b950a39846a3d421245a5bf10d062203ea4a745f485a4bc469f9b461411
SHA256 (FreeBSD-11.1-RELEASE-i386.qcow2.xz) = 693e64a76c3097d83500a907ee48daf5d8c08c8e19d96d73516873775f7a6948
SHA256 (FreeBSD-11.1-RELEASE-i386.raw.xz) = 22708a4d63607e16a3714887b32dec12111a04bf9e2a8cb25dc3faa9eed99b49
SHA256 (FreeBSD-11.1-RELEASE-i386.vhd.xz) = 8f614d5771e98f7bd5db4dc2903d6abbcb5c0b1a2a47e778892111774a5e91f2
SHA256 (FreeBSD-11.1-RELEASE-i386.vmdk.xz) = 61fc5ac92a4563d4a1e1d9841440e021b776cedac90f7c65a3cf0e91499bae13
aarch64 (arm64):
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.qcow2.xz) = d633eee589c0d4fdede6973608749bff5014e52ce7ad18086fab70f4315494e14764a6789eeccc02aec868a1d56dcd61aa3085a69dcede927a9a9264883b0cf7
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.raw.xz) = 34d878de3a9040fae18192ad34d6f4dfe2e0bf52c3f06a918368d4c7ca5e4133897fdc09e91e420b9caab0b6c4ee86dd63d68026c7faaf204c7f547bce2ac418
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.vhd.xz) = 37edc26e1dce16a598b2feb0fbd9b1e3f56e0fb05088ab8f6f9ca13816912d40e0a65f0f72e43202c287f2b099941f539cbd10d2c4225695b5097ac217d17537
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.vmdk.xz) = e1cc7ca416d0bea78da9588634afd62797344f0fcf2d409825e1f1b7a5b01a954a3c87c213fc1bfdcacd249da0a511ead1f9555b241c20178d3566c04945c7b5
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.qcow2.xz) = e4dccf7ed908c73ba6a8f68ad15dbbb548c5a3dacde35c39b24ba47044111d51
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.raw.xz) = 46e69462cf394578b9526a7ff88c3925eab740286546e91db8bb23732146d287
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.vhd.xz) = fe2ee8e0c0434be2cdaf038d2463062fa68f9a82dd5b97e066c0c9d6e915d7c3
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.vmdk.xz) = 5d735a2d35672d617ff13cf200612bd106a26e54032e67bbd0a68fd6c97749f2
Love FreeBSD? Support this and future releases with a donation to The
FreeBSD Foundation! https://www.FreeBSDFoundation.org/donate/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAll35XAACgkQAxRYpUeP
4pMS9RAAgOLUOUejYQ2NcDBYGh3wXtgVBXlopTVJ9OhUrSKplOqGWJZs0Csz3t1/
TGqXQVPu1magdKdqPN1Xlqdr4Kx6OYQRQJcbH4iHUts3fy24ahvx3x9BhZ63yJuf
Idk0RexHR3/p3CeM3VJvq23YfNiBNrSfMU8BG4T+KZ9Lu4VhRDFzVRw7snznU/Z7
KfZL+/OYpciJy8L/30UjF2NCpWMaxEW7pcOMiI6qpbaXBx5U8CmLElj9BFFuBLYQ
W+LdbZxMYxxyE9UsvDm4xWT2aoxqZUgncHlgtJJIDz/pGgWGwIEej4OsnmMdKy4c
rAgIrxXMRFS5FCdK05753w2adNG82QcwpI7wAVU1Y8AYszM9wO4oi75xtmdUCFxf
D0X58Zj6kJ677qgaasjvuo6V0+zfCv7GKYm2UuhA0Xc/OcRyjeCmQIw54UVYv/E2
jRwXqzCF/8SuSdY5gs7rO75rV/VpiK6GwMhDUq1OJUDzO8eJ9YPfaI+gpfKIRPuZ
wHsoqpM0wkfDHTvzr+uE2QHtklS/avbGKReMFk4xc12gkjJ/FDUrQUG3FFFBg1S/
5htwZDu0kNzE8YECdWZQK60U1o3hx7ELfcupWAcphPtdt0wQ5f5OjF8r7YaTFO1R
YhF22XrubO5CxZnkAzcrpD1EVyrFcl5XMMJvz3wHlIJX5ZjC7Tc=
=04+h
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA256
FreeBSD 11.1-RELEASE Announcement
The FreeBSD Release Engineering Team is pleased to announce the
availability of FreeBSD 11.1-RELEASE. This is the second release of the
stable/11 branch.
Some of the highlights:
* Clang, LLVM, LLD, LLDB, and libc++ have been updated to version
4.0.0.
* Many third-party (contributed) software updates, such as the Elf Tool
Chain, ACPICA, libarchive(3), ntpd(8), unbound(8), and more.
* Support for blacklistd(8) has been added to OpenSSH.
* The zfsbootcfg(8) utility has been added, providing one-time
boot.config(5)-style options for zfsboot(8).
* The efivar(8) utility has been added, providing an interface to
manage UEFI variables.
* Support for Microsoft(R) Hyper-V(TM) Generation 2 virtual machines
has been added.
* The ena(4) driver has been added, providing support for "next
generation" Enhanced Networking on the Amazon(R) EC2(TM) platform.
* The NFS client now supports the Amazon(R) Elastic File System(TM)
(EFS).
* The EFI loader can now access remote files via TFTP in addition to
NFS as a runtime configuration option.
* ZFS now stores compressed data in cache, improving cache hit rates
and performance.
* Several updates to provide build reproducibility.
For a complete list of new features and known problems, please see the
online release notes and errata list, available at:
* https://www.FreeBSD.org/releases/11.1R/relnotes.html
* https://www.FreeBSD.org/releases/11.1R/errata.html
For more information about FreeBSD release engineering activities, please
see:
* https://www.FreeBSD.org/releng/
Availability
FreeBSD 11.1-RELEASE is now available for the amd64, i386, powerpc,
powerpc64, sparc64, armv6, and aarch64 architectures.
FreeBSD 11.1-RELEASE can be installed from bootable ISO images or over
the network. Some architectures also support installing from a USB memory
stick. The required files can be downloaded as described in the section
below.
SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card
images are included at the bottom of this message.
PGP-signed checksums for the release images are also available at:
* https://www.FreeBSD.org/releases/11.1R/signatures.html
A PGP-signed version of this announcement is available at:
* https://www.FreeBSD.org/releases/11.1R/announce.asc
Note for those upgrading from 11.1-RC2 in VirtualBox(TM):
If system panics were experienced when upgrading from 11.1-RC1 to
11.1-RC2, and the emulators/virtualbox-ose-additions{,-nox11} port was
built locally as a resolution, the port will either need to be rebuilt
when upgrading from 11.1-RC2 to 11.1-RELEASE, or reinstall the package
from the pkg(8) mirrors using either:
# pkg install -f virtualbox-ose-additions
or:
# pkg install -f virtualbox-ose-additions-nox11
To ensure the system does not panic after rebooting into the updated
kernel, it is recommended to disable the vboxguest service in rc.conf(5)
prior to rebooting the system if possible, or use pkg(8) to forcefully
reinstall the package.
Systems being upgraded from 11.1-RC1 and earlier and 11.1-RC3 to
11.1-RELEASE should be unaffected.
The purpose of the images provided as part of the release are as follows:
dvd1
This contains everything necessary to install the base FreeBSD
operating system, the documentation, debugging distribution sets,
and a small set of pre-built packages aimed at getting a
graphical workstation up and running. It also supports booting
into a "livefs" based rescue mode. This should be all you need if
you can burn and use DVD-sized media.
disc1
This contains the base FreeBSD operating system. It also supports
booting into a "livefs" based rescue mode. There are no pre-built
packages.
bootonly
This supports booting a machine using the CDROM drive but does
not contain the installation distribution sets for installing
FreeBSD from the CD itself. You would need to perform a network
based install (e.g., from an HTTP or FTP server) after booting
from the CD.
memstick
This can be written to an USB memory stick (flash drive) and used
to do an install on machines capable of booting off USB drives.
It also supports booting into a "livefs" based rescue mode. There
are no pre-built packages.
As one example of how to use the memstick image, assuming the USB
drive appears as /dev/da0 on your machine something like this
should work:
# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
mini-memstick
This can be written to an USB memory stick (flash drive) and used
to boot a machine, but does not contain the installation
distribution sets on the medium itself, similar to the bootonly
image. It also supports booting into a "livefs" based rescue
mode. There are no pre-built packages.
As one example of how to use the mini-memstick image, assuming
the USB drive appears as /dev/da0 on your machine something like
this should work:
# dd if=FreeBSD-11.1-RELEASE-amd64-mini-memstick.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
FreeBSD/arm SD card images
These can be written to an SD card and used to boot the supported
arm system. The SD card image contains the full FreeBSD
installation, and can be installed onto SD cards as small as
512Mb.
For convenience for those without console access to the system, a
freebsd user with a password of freebsd is available by default
for ssh(1) access. Additionally, the root user password is set to
root, which it is strongly recommended to change the password for
both users after gaining access to the system.
To write the FreeBSD/arm image to an SD card, use the dd(1)
utility, replacing KERNEL with the appropriate kernel
configuration name for the system.
# dd if=FreeBSD-11.1-RELEASE-arm-armv6-KERNEL.img \
of=/dev/da0 bs=1m conv=sync
Be careful to make sure you get the target (of=) correct.
FreeBSD 11.1-RELEASE can also be purchased on CD-ROM or DVD from several
vendors. One of the vendors that will be offering FreeBSD 11.1-based
products is:
* FreeBSD Mall, Inc. https://www.freebsdmall.com
Pre-installed virtual machine images are also available for the amd64
(x86_64), i386 (x86_32), and AArch64 (arm64) architectures in QCOW2, VHD,
and VMDK disk image formats, as well as raw (unformatted) images.
FreeBSD 11.1-RELEASE amd64 is also available on these cloud hosting
platforms:
* Amazon(R) EC2(TM):
AMIs are available in the following regions:
ap-south-1 region: ami-8a760ee5
eu-west-2 region: ami-f2425396
eu-west-1 region: ami-5302ec2a
ap-northeast-2 region: ami-f575ab9b
ap-northeast-1 region: ami-0a50b66c
sa-east-1 region: ami-9ad8acf6
ca-central-1 region: ami-622e9106
ap-southeast-1 region: ami-6d75e50e
ap-southeast-2 region: ami-bda2bede
eu-central-1 region: ami-7588251a
us-east-1 region: ami-70504266
us-east-2 region: ami-0d725268
us-west-1 region: ami-8b0128eb
us-west-2 region: ami-dda7bea4
AMIs will also available in the Amazon(R) Marketplace once they have
completed third-party specific validation at:
https://aws.amazon.com/marketplace/pp/B01LWSWRED/
* Google(R) Compute Engine(TM):
Instances can be deployed using the gcloud utility:
% gcloud compute instances create INSTANCE \
--image freebsd-11-1-release-amd64 \
--image-project=freebsd-org-cloud-dev
% gcloud compute ssh INSTANCE
Replace INSTANCE with the name of the Google Compute Engine instance.
* Hashicorp/Atlas(R) Vagrant(TM):
Instances can be deployed using the vagrant utility:
% vagrant init freebsd/FreeBSD-11.1-RELEASE
% vagrant up
* Microsoft(R) Azure(TM):
FreeBSD virtual machine images will be available once they have
completed third-party specific validation at:
https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.FreeBSD111?tab=Overview
Download
FreeBSD 11.1-RELEASE may be downloaded via https from the following site:
* https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.1/
FreeBSD 11.1-RELEASE virtual machine images may be downloaded from:
* https://download.freebsd.org/ftp/releases/VM-IMAGES/11.1-RELEASE/
For instructions on installing FreeBSD or updating an existing machine to
11.1-RELEASE please see:
* https://www.FreeBSD.org/releases/11.1R/installation.html
Support
Based on the new FreeBSD support model, the FreeBSD 11 release series
will be supported until at least September 30, 2021. This point release,
FreeBSD 11.1-RELEASE, will be supported until at least three months after
FreeBSD 11.2-RELEASE. Additional support information can be found at:
* https://www.FreeBSD.org/security/
Acknowledgments
Many companies donated equipment, network access, or man-hours to support
the release engineering activities for FreeBSD 11.1 including The
FreeBSD Foundation, Yahoo!, NetApp, Internet Systems Consortium, ByteMark
Hosting, Sentex Communications, New York Internet, Juniper Networks,
NLNet Labs, iXsystems, and Yandex.
The release engineering team for 11.1-RELEASE includes:
Glen Barber <gjb@FreeBSD.org> Release Engineering Lead,
11.1-RELEASE Release Engineer
Konstantin Belousov <kib@FreeBSD.org> Release Engineering
Bryan Drewery <bdrewery@FreeBSD.org> Release Engineering, Package
Building
Marc Fonvieille <blackend@FreeBSD.org> Release Engineering, Documentation
Rodney Grimes <rgrimes@FreeBSD.org> Release Engineering Emeritus
Xin Li <delphij@FreeBSD.org> Release Engineering, Security
Officer
Remko Lodder <remko@FreeBSD.org> Security Team Liaison
Hiroki Sato <hrs@FreeBSD.org> Release Engineering, Documentation
Gleb Smirnoff <glebius@FreeBSD.org> Release Engineering, Security
Officer Deputy
Marius Strobl <marius@FreeBSD.org> Release Engineering Deputy Lead
Robert Watson <rwatson@FreeBSD.org> Release Engineering
Trademark
FreeBSD is a registered trademark of The FreeBSD Foundation.
ISO Image Checksums
amd64 (x86_64):
SHA512 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso) = aa5891b9ab0bd2a1c13fdffd3ab80998f3d17bc54afeae0c183cf286d746f9b5eb8e1bd6b1a5598aeb36419fd1ca0becfa02d3f9854f382b1d7ad0cc2423f47f
SHA512 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso.xz) = d267e66a434c40ed409862ecdbe1610f3ced7a11cfc6f3b4ac59bd849d169169982ab8b028681c6daf30f6cf0815aec3b3c89fdfb1c442bef193ece1143dc605
SHA512 (FreeBSD-11.1-RELEASE-amd64-disc1.iso) = cd35b6b406724416c436ae5eb73943d8248e267aee608c0539a969ae79e0201e6590a9ad7550162fecfb21d577ff40edafbf934ab45fda61c8f3d2c30c1f1e05
SHA512 (FreeBSD-11.1-RELEASE-amd64-disc1.iso.xz) = 68fd11b8ea4c109b658078b667114a4ac2abe5c9c82ae402ac42df5de35d8a2950935947fc08394b5760346afba8e043ad077322bca00d714b2b569371193496
SHA512 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso) = a6aa4363270c14620a291baf4db377785dbccfa9c92c1c1d5f01453400259f63de4ba0b033ec6f415056fc7e563d99cb327c869c95f68a1871baf86bfe7e7024
SHA512 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso.xz) = 2c6c60839441f95f2f849aedf0c672366f33e35f2b81be0c6ca0b35c3fd7abd339f6faf1ef3e933322ff1d2879f005dc8d9378fb2b46c357e3d01f499442c0cc
SHA512 (FreeBSD-11.1-RELEASE-amd64-memstick.img) = f42b04c4db7b783bfb5758e5f32ebba2db2bd2d8f57e1153dd29ea71f3d758e9995c89017e2c230291b7a93d4d7b434a5c3d6a9e685431170707c146de2b4284
SHA512 (FreeBSD-11.1-RELEASE-amd64-memstick.img.xz) = 5435027ea310fb72f521b4580e9c20b89f917f2eb611f97f55db94ddce251ad3949500f0ad3aa2e8734a3f61766d7276ff2a9874533d737f7f64618013cf2f2d
SHA512 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img) = d88a76291a4674c54c610756dd45d4eb8bfbfedfb3b036be79d1e70832f93d5a9b96252b4d2f7aac7b701ee79e7faabe06b3caa8883bd5d7f8cd2aaa9930427b
SHA512 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img.xz) = dbe066cb726b375eebca397aff12d18d6e48ad6c84b776253aabc2bbdff8fb9742e17fb68356581b0b20709002fdf9c3c77eccfd9c0c745e8f93a830264148a5
SHA256 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso) = ab1539894e74aef77c1c4729fbd2362fc3bd30b71f24db68e1b0307723b72752
SHA256 (FreeBSD-11.1-RELEASE-amd64-bootonly.iso.xz) = 1f83538d95435d1475216a97fc6e5158cc7fe2e7d74c6182bc77c90b6ae6c40c
SHA256 (FreeBSD-11.1-RELEASE-amd64-disc1.iso) = ff4c749ea0aaaceedb2432ba3e0fd0c1b64f5a72141b1ec06b9ced52b5de0dbf
SHA256 (FreeBSD-11.1-RELEASE-amd64-disc1.iso.xz) = cd6cd655f79e9cbf61cb9a5d324dfe451f0dae33ea556232d9101d96ee9f258d
SHA256 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso) = 49e8f32e0a097a1ab411cb85f1adf6d78ba931ff557a07cd1e84af62a47c2d6f
SHA256 (FreeBSD-11.1-RELEASE-amd64-dvd1.iso.xz) = 1b953e083722d4b285307cb853313abe40eb137df9220a4dc537164179d38881
SHA256 (FreeBSD-11.1-RELEASE-amd64-memstick.img) = d4c58df629c7db6bf2ee2d43ae7f7b9e1c8b98fca0b89dd1afa1bed21891ecc2
SHA256 (FreeBSD-11.1-RELEASE-amd64-memstick.img.xz) = d113591c7a7b7df2bc136c477c11fbadf4e9c87133ba5a5f27ed99f7b925b8f5
SHA256 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img) = 67abef93e1c0ac88cda57cf6e1ef9b32ecec56b3b4de132dd252285fea391462
SHA256 (FreeBSD-11.1-RELEASE-amd64-mini-memstick.img.xz) = 519e53941325cf5a2959b1526702adcdd8b0a65e98d8ce00dfb23d55427056cb
i386 (x86):
SHA512 (FreeBSD-11.1-RELEASE-i386-bootonly.iso) = 44a9d31942c7dadb4db658a2e0945d99435db40953a3e3d9d79256f450cbd908b2051e923665502525435179da12c147a357759659eaa90ca2503e47645457cf
SHA512 (FreeBSD-11.1-RELEASE-i386-bootonly.iso.xz) = ce93658f24a29870f80b93831020192132ea19e024af84d9b22aa9fb457424f8f915215ec2ce5e0592af98ce1214f0eea154a67596081822637e937efc64553c
SHA512 (FreeBSD-11.1-RELEASE-i386-disc1.iso) = bf7839ff0a2db9821f65e59946c4e647f52a88c899b8a1066c8ddbbc3c23accd1f569a4f90add717af9a5467644a530e1a8c5b18dd1b722a623f1d013e766348
SHA512 (FreeBSD-11.1-RELEASE-i386-disc1.iso.xz) = 26c71fbdccb55ac5289da8169e203a75a640e5bda386431ee428b297fc4843ff6bea04efb026f9dc5e7e4066e7b59d830e928d0e3dc7be089892b6f7a7eaa746
SHA512 (FreeBSD-11.1-RELEASE-i386-dvd1.iso) = 082ebce2665b2da58e12e56c5fa7cc0cd92934fdf99b38132a0ba6ff540a8a0ab6c3c03971312946d5c23aff8f2b0855582a3a0c9beb6e4db3472433113cb06f
SHA512 (FreeBSD-11.1-RELEASE-i386-dvd1.iso.xz) = 0d3cfe5490860f2f41393e84fc598d0f1ac8f6195ebfaed01775822f36f18e093f2f2c8f98939b8c4f42f371f89d190c7a503dc225267ee1f4970deafe1f65b8
SHA512 (FreeBSD-11.1-RELEASE-i386-memstick.img) = 4402c09dec1799670fd8393c9732c416a3f70d10dac8db725531232258cb4ecd209fe234107b82b5c41045fd8bec7220192049056cd88858a8d69a61a048dc52
SHA512 (FreeBSD-11.1-RELEASE-i386-memstick.img.xz) = 050cfac52db078f3e6ce42e04a1b9c4f45a4f7d3d0831e34e4cfad8dfb3a2cc3735e2b1e74663efe39b331dacde7278bc5ef6a89bce566afb9f0dd52c1701932
SHA512 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img) = fd41b778870deafb1819595918b4bcde03addb1ff2dec526825332afd85d5b4ec4cfbb107c40f4f17ca203f2d3d14fb550f97e0eb6085511ea0b42ae26b18a7f
SHA512 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img.xz) = f231cd32c1b63b243659ea24a037d38026356e834c9df98aaeac14ca7dd74f652fa76a89a6f731a89b8cb73ab82234c91095dd4018591ba3aca099178e35e9dc
SHA256 (FreeBSD-11.1-RELEASE-i386-bootonly.iso) = 3986e61b373cbbfa80087630ac200a921a9c4c0c7c0c8e376eee5839d638c74c
SHA256 (FreeBSD-11.1-RELEASE-i386-bootonly.iso.xz) = 65d86b13f62bd0191aef9a34069a1900cb00218d4e670036cad648b191617573
SHA256 (FreeBSD-11.1-RELEASE-i386-disc1.iso) = e53ae5fc58fd2e28643ba4c64e2c49505cf9d84d22396e3633ee9670782aab57
SHA256 (FreeBSD-11.1-RELEASE-i386-disc1.iso.xz) = c11612a546eaf2fd7d3ea9516992ccd6dfff049da8e06723da5848865fe45d95
SHA256 (FreeBSD-11.1-RELEASE-i386-dvd1.iso) = c251633216b943414d16c7e4930f80a417604aeed3d4f88ca15d31fb4c5eaf86
SHA256 (FreeBSD-11.1-RELEASE-i386-dvd1.iso.xz) = f108216f75612b43f7a80ff21d20aee0cb038a011116ee1b66a53d4ed73716a6
SHA256 (FreeBSD-11.1-RELEASE-i386-memstick.img) = 8a3dd07aa98d777e429be03cb2c213b5e8745fe8976a52c0868ac8e536014d89
SHA256 (FreeBSD-11.1-RELEASE-i386-memstick.img.xz) = c3d88e1d32be923b86da4b2f335830b710f9c9a9e85448935997649665e70750
SHA256 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img) = e95e8555505479acc0b85bd19a5076e48408dfe943eedda7d093f075aec27902
SHA256 (FreeBSD-11.1-RELEASE-i386-mini-memstick.img.xz) = e8f2cdf1c14845aa55f609f492b7d098fe11777901a3a2e27930520fdfe697ed
powerpc:
SHA512 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso) = c9f392d06750141a8b3f2defd0948e683faa81ffe2337d8bfa67e6baf42a016935b5202584cc28745c8856612fc0838bb94266e799e9fa7a13db75c5c6404183
SHA512 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso.xz) = baa942c5bd22474029f7509819830cd532947155c2f0c99c5e6420fc3f8439cf9b8ac23587ddf01ff4428837db020187df5326e6c0ae7565db6a88400420b2c8
SHA512 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso) = af14f9876fb72c1d77013aae85501d60837872250f1c901befe20539f31a99bd7fa02f5d150e38c2cdd1b3e023a7a75c8bd16175c85efee7e5fe83a5fee15c3f
SHA512 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso.xz) = 6f82212e77a635bae1a2fd4c4cac0481fbce5734da253b7690bd6bc9655bfab66f4c89da1f5fdf222798a011fc05e9832a0567f107a8cd044f2f69c0ff8edd30
SHA512 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso) = b1cf88ec31c3216e6d8a419289ea1e25772df8af452515852bfafffec1990045e6bdb29927e47e33ed999e70d30a9d00b2c3329006d168a75af54e0c785a9b14
SHA512 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso.xz) = 78672130d8b275bc6788106ff8979a2ffe5142d6b7950809f257568f2c99ad13b95d49d5e3842e1866e0ba0d23dd4737c932a84464e84128fa70cb63efc61962
SHA512 (FreeBSD-11.1-RELEASE-powerpc-memstick.img) = 4ddd8e9387dcff1bb65a8a18934d746b93205bcf49988624ec3fab0a8a26b0565ebdfc012b5d3910dfc6f8ff83f57a3e227ca368d9a85e37ed87aef11852802d
SHA512 (FreeBSD-11.1-RELEASE-powerpc-memstick.img.xz) = f7106d02f8c922c17257be4badf96f377380627b85ac9f1c8b3862c9ea17e0111d647b00313aa0c151cc2a37146743f536510401d12b7c36dfa46ab3421ae3a8
SHA512 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img) = d703f23f11d83d1d0e2dcafa1758df44f2dae00e6b8a13e1383a4c7a8276535abfd7e6d945d60e46425863d14673dba076b6051efb824aa4efd4ca8a1f2e3cfa
SHA512 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img.xz) = a0d900b3115988c5331565d4d2e6e48a75c0dca0845a08ee426d5b679ca8bb66f246d8a123cf152f8cbb50640dc4e4a94c3646600878e432c9fe88d09ea6a089
SHA256 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso) = 096d0498c0552bbbde30287b757bd4b9e91fa99f9bc5208b3500d83a05680c16
SHA256 (FreeBSD-11.1-RELEASE-powerpc-bootonly.iso.xz) = 298231f31d5dc346f3df22a95d6f09d337bf32629fcae8d583af5670c8d62087
SHA256 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso) = cac1989dfb8456fcc091168d42ba07a6f6c1f4c9ebe43c93888e96fe9ce3ec0e
SHA256 (FreeBSD-11.1-RELEASE-powerpc-disc1.iso.xz) = fbcdc8ab194f204aaee5de9b4cd741ae4e3d6673cf960408c2ba723af02022ee
SHA256 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso) = 61d501f67217705c1875af05b2b59bb594993e6c37209cd53b78ed8aee91443b
SHA256 (FreeBSD-11.1-RELEASE-powerpc-dvd1.iso.xz) = a531f8fdd6b669abe2d1e809a60eabe2d4250354e431879552827c6546e746c5
SHA256 (FreeBSD-11.1-RELEASE-powerpc-memstick.img) = 01bd77bea01088e025a7021c0f103625af07c70489c63e49e0ad76e8a0e0e3d8
SHA256 (FreeBSD-11.1-RELEASE-powerpc-memstick.img.xz) = c89651f5fdf03654269850007b9bec518c36ec0c5d2c59f901b8a9e16e175179
SHA256 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img) = cea3405ed4adcdaf49a48f407415b898d88c6c46bd26fb2c461ad2090876f353
SHA256 (FreeBSD-11.1-RELEASE-powerpc-mini-memstick.img.xz) = 7715bc142f13a1e3e98212f60005e55bb488c3add53d3af1c98a8207a1e4863a
powerpc64:
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso) = b42084942b270a6ff83d3581a54f2e773250647954abf8e01f871704fa5e798f81fa69ef5fe657402274b18e5abb508b560e16bbc77e71fcdc51d439de94df18
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = 3b4fbce3ed6544b9c8cf691f57b03104881424a59eb614ebe187df68bf6ab4b5bfa20becb1d82c91cc1aabb36af5bac02b64b7ca99d58778ea5b0a0cb571b0aa
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso) = 6a83956f2fcb4e304939ad5d8720e77929a503b44bf9b14268c9d569b4962422cf5f5480b7fc3c164164adf85219cb5f2b2c23dc8f33ec433c49626f17c6fb01
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 282588b1b12e3bc086297c5ee2642939eb1ea2bd82f030def0f596925905744b27414d9f7d95c34946dbb557fb8e3d6eec9c840ae43f0d2305e0718ce70ef62f
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso) = 8b22c024391e07683bf9694481f36c6a3307615f913ac76d80307815f62f95e761d084b5acd8d35f91bdb751ba3530450893d62a0ce7f694c0d651247cc7f623
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz) = 702cf923cd4bf1b5915b0ed8db831ec5827ed85f18270ed36cb063ae1c63abe6a0603f79b4a06c95376d8d8fc8a88772ce11c65e1935cf736bf0f54926bd8d48
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img) = 99dc11dc1559921a25cf3845254f0824eede6adf923f0c96bf996c0c49a66d0638d9d88e4d7f6e1ee22b69e78db78c544ae485fc5bb605534984bce7bd96a0dd
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img.xz) = 62eefcfdf8590e0df940c1e16bdd809f2297d92869a5280f30806a3a8f15d1bdde322b5bd33313f9a27ae764a144c85cc23d48c42dcb8aa4bd60cccdcbde3b17
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img) = 68a95ad190b58c8a02d2b327f713812e845df2d6b5af1486e4cd3c59ea50f3cac91ceca16f1bc11fec2f8b22e2dabb839179d3750b14e52f2b5416afa981460b
SHA512 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = a164608cd9bb8e9de01ac7533e19774d5fc2f0ccf544f1ca6223242124f2b23a7dc98efe2abe344f1df7ec7570edb29f6082df12848efc12fcbc3b2d9ee1dd7c
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso) = e5686a66f2cd2ac11d71e5aa191fc5c2eb84c52fc22f3f1d1874e41dcc8f9634
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = 4cb9a5a1f19d1df89e48c5fa8dbc2f728b68c2ee843d387a055654ec43214e00
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso) = 9d9d547a5836e6a80d512e7be232795f7e784057903a787bab22cccf3808ccb1
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 069847372258993b087acb5e83ebfe89501eb7a61d68dd0d6b7204cd1ae26f54
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso) = d2c5562f69827e0874d9516121cdc984ef511a435a594f9eaecdef55966b266c
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-dvd1.iso.xz) = 40bcedef1dd952d411b5d59a052789a6b34507f031fdda2e1bd11d04ed62db7d
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img) = 2467a40de6102a539420e6bbf4be470be650cd8dd1956585b26a306977688f67
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-memstick.img.xz) = 334ee611b07b51835a7245479bda0c9d98dee6fb5ee5063ac4869480d52ac49e
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img) = d3b531e2e2be9d6a782344f8fdc176007ef27a265ac458e986987c6612f784ac
SHA256 (FreeBSD-11.1-RELEASE-powerpc-powerpc64-mini-memstick.img.xz) = 8ffb19bd1303fa9adfa2b0eaa64fe1eb3405b836dd9d7106cfa8896dc4a1c83a
sparc64:
SHA512 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso) = de59c9614c2a432e4c820df905a7446bf57f4390b56679d71d3e53080bc794c430e79a3ec2f22abe9e5cb215efea971d5a4a1ca19cec1b3ad0420f83b831bf8c
SHA512 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso.xz) = ea9d49c5437d6bb37d886f39017b373bd902cb69b93873520b20c8955b6b7e6cc3076d41d615baa142208da0e44953669467820804e98736a66e8302127bdf0f
SHA512 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso) = a37960372a1ffde8f7822d0b86224079e7798943b6b4421debed3ee1d0e7f70f878b2d06ffaecf714cb8600cc747863c927a799b4efd3946801edfe7eff279d8
SHA512 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso.xz) = 03a3e62ae16ef82604d0685b1dfdbdbb55305ff79ef321654802d5a3bb224a844a9df16f69bdde56eab93194cf92824216d1fde94cd4c52d6e9b15777fec9b27
SHA512 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso) = 9083db8e16155cb5599a613b63bf2507fd0625028a94689b0d13dd09645dc5f7f182c609ec3c5a9d2bc9a04831f11aabcd5b1dba1bc3b94ad3c6135b3885ffa9
SHA512 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso.xz) = 0bd8318a710f2df1f8321dc5516c6a1259911c5317880114adfdc9358ca54953eba80b1f4a1f75b445d654f93115300079cff004050d21f2201d3b717f375c1f
SHA256 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso) = e76165d20f2215c05f63201d88289cc91d5af654a2b1ad940f9f634e56d9992c
SHA256 (FreeBSD-11.1-RELEASE-sparc64-bootonly.iso.xz) = 793a0b4b5c0a759a647964a48479b24baf31e2a88330042474cb479cb46a3780
SHA256 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso) = 8d8fdb03ef10405ea222addf35d5273a4a1c034b563193c183a55dbf14fa15c8
SHA256 (FreeBSD-11.1-RELEASE-sparc64-disc1.iso.xz) = 9599ca5b7c002eac5b0849a044c893bc161d9d7f681eae415e49ec3520485775
SHA256 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso) = 3f1af43e4159963257b8fc83a97ca421fbc4ffc8641e31dfe25d832a06a7c7e6
SHA256 (FreeBSD-11.1-RELEASE-sparc64-dvd1.iso.xz) = a97263c62e98c77c2e96af44b45da536817e56b97d89a2fda702b992fe33794a
aarch64:
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img) = 8643121512cd0c559042f9a80a239a44eda5a5817755203d54ed963b06e1afc20a623a82c62cb5fdccee42aa6fe79a33dff765f44deaaeef1b368aecbb76c859
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img.xz) = efb22179e89482eb7bf1cf7a9e53ea882c47ef599f45b7b5fbb153d99667de1b5fef2da109559e9224db06d9913c456d29ccc8f14c51eeafb9a3bc2c9b1623ca
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img) = 5eb5d3e2e5586524bdc1a54f8234da854aeb870ca52f99d645cff98f72f894b4a6252a04eb8430cfe03e03ecff2f478f8cd43bca91e95204e569300fe70286d3
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = 6b157359aee8537320a3b0fc68b7a4a5cc80c29821f8252b7fab2ecdfe5b4a78e37d39bba7aae9e79e0be14e1c76168cb05c800ded6d1a9560d7c04cc8cdcac3
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img) = c8f60b7376b8ba48379d658da3cfce07552461ff11b92717f8b6e652591e8684
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-memstick.img.xz) = 883d4523c1b035f268587f1b7613dd6e616e6f48d4a5beff7e87e526a4a6fbb2
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img) = 61d2a29631b5ed4661a93dc2fb377eeab5651bf893ba468c6e0c211c99baa3f8
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = 2ffe85b6ba20ede3736204fc6959d87925c4b31f42f15684ba8766b6481493f0
armv6 BANANAPI:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-BANANAPI.img.xz) = e61c8c7bd4ba16590d3afc1805a2a08bff86c12f5561eaf1be0236bc510d6ee3315a94d3cedf7034182fb9b88d5beaae764cb94f20bcbf5ebaf56b9ed9a0a3e7
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-BANANAPI.img.xz) = d85540e9f6af6d5bd12b2c1f95b67cba1997cbf5e27ee4b520ff99ef8489bd86
armv6 BEAGLEBONE:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-BEAGLEBONE.img.xz) = 9ebe1aad5675657c5b22e445c397826b3f7cca837c02de10f6115e30a2d1b9d3a1d7411c93aeb1791c196bcc34ce3704320d53535e3e819a524197efb0e192b0
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-BEAGLEBONE.img.xz) = 66fb05143c93f6b4290c79aac41623a097140be6fd8e95639dfcecfc7486b2a6
armv6 CUBIEBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD.img.xz) = 0e0bf9fc8541feb224bbe0b80270985cf65141007047bbe4825ad81641d4fa10af79ec1ab7f6b4a9eb173566099e755f1d2662420ce90dd0a273dbc65e957a4f
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD.img.xz) = c2ada7cba57126d55523ca47aba15b58a612ead90435870f65ef4239f916645c
armv6 CUBIEBOARD2:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD2.img.xz) = 4dc1abeb8e779797fef5f034f427461f33d0fcbae86f94ddacb6bc2766e141aa250f9240e6903c99bfe9d1e64cba2dd6566ad760ff061314e8404f87e39f40fb
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBIEBOARD2.img.xz) = 8ca59f6d5ad6608866f99a51b69dc029588058e0f1ee951ce7074fc37d65fe84
armv6 CUBOX-HUMMINGBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-CUBOX-HUMMINGBOARD.img.xz) = 7634db1a425a92e3cbeef699a516633e2acc3af84a65927d1759d5ea157be0a5c812736a1af76aa3afd73ec044a0dab6758750469efd9675123ad448bcf30c3f
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-CUBOX-HUMMINGBOARD.img.xz) = b2de919a118dd0c9dc70a123245af5ec5cb1b80f7ff774d9437ddafc90bea7e4
armv6 GUMSTIX:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-GUMSTIX.img.xz) = 5a9244419d4b8188ea0dd7eec8d79443465ecc62eb4d6964f8231ccd0455ebbc744da0919fd57979d0d45bb011ea9699b96be15a5bc443feb6f3b718fb968bbf
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-GUMSTIX.img.xz) = 6dcd75e4b223fd6a641138885d381ac77e93b3fe4de00f170b488a7187a1d45b
armv6 RPI-B:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-RPI-B.img.xz) = 6afc1640e0c857bca73bfccbf7d21cb88cea76fcc082825a3cfe82bd45dbcc989fe6b54af76dfaac7c3cc794b55e74147290caa114dd7effd62e5699ed9ef5eb
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-RPI-B.img.xz) = e222992064d6db616dc3112d58429b8e31a627140901c57cbd1a302730d5714b
armv6 RPI2:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-RPI2.img.xz) = c7c74243c31569e90ec22f71f8d5780c647b53409752182483f6570b8a4b42b5fd456a57223a2d3e6502c8351ebfcdd9500884737457920e932c0fb134f1dffc
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-RPI2.img.xz) = 7376a533f8368d4841e3d81476ada4b0684870a03818e3dd30aea8ab2504626e
armv6 PANDABOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-PANDABOARD.img.xz) = c8c7ffeaaf8d60882a16dee828078266b1a522a56ae77ac2c4539393958542dcc77b5240a8463922929c07690b8dc9824cb6174abaaf7a8d1f27730f2aa2b4c0
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-PANDABOARD.img.xz) = d72e3c6e529b2b46f12f08367b9c23b48f0ee006594d8c6c3beefcc8197502c7
armv6 WANDBOARD:
SHA512 (FreeBSD-11.1-RELEASE-arm-armv6-WANDBOARD.img.xz) = f074f75054e575f7b6a3d1b8e8912dec7f0ef1842dbab4d4456a8a9b67ee4c5d18f408ee9a809b3ec5a223ff21a23f83380927343de5951a115c1ce469e37f3d
SHA256 (FreeBSD-11.1-RELEASE-arm-armv6-WANDBOARD.img.xz) = 6a4239b9f87ac8b0d4c767cf2bfa38405fad198c5b8a4044e1151855d0fe18a6
Virtual Machine Disk Image Checksums
amd64 (x86_64):
SHA512 (FreeBSD-11.1-RELEASE-amd64.qcow2.xz) = 88e0d88058d2748732706f88c1d27b51447430968f1acbb645749d3201c9766eba31046784148355b7a0ecbbf87ac159363d3a38a65b19482e0900e2d97fd05a
SHA512 (FreeBSD-11.1-RELEASE-amd64.raw.xz) = c569776334131fdc85cd25a2a0d5aecafdc3e4b2e6e010dffaa2488d934293ce4f091f23481079dd91ad20dfd2dfc3d3487707096c59448f1d8914c5d7d6b582
SHA512 (FreeBSD-11.1-RELEASE-amd64.vhd.xz) = 2c63d0d515e6bb02001847d83c302cf3d1a32ab21062b2b98fa30a1524315e1680c3f5099944b30f7d24e512dcc78bdd922fe7a821ffa5a1b5ea6947f34fc2ca
SHA512 (FreeBSD-11.1-RELEASE-amd64.vmdk.xz) = aeb43f94a8e6dfa663f1bc69f53317a49a073a376bfa707ea5df02b94ae58edb3c127eb4f791803232f19c99a505feab67225a512ea2cc3bed41577e178d0089
SHA256 (FreeBSD-11.1-RELEASE-amd64.qcow2.xz) = 9e9f0fe9c7e3be2dc8b742f416541eedff2f005a0a2dda61a959cb2789ce78a9
SHA256 (FreeBSD-11.1-RELEASE-amd64.raw.xz) = 233c6b269a29c1ce38bb4eb861251d1c74643846c1de937b8e31cc0316632bc0
SHA256 (FreeBSD-11.1-RELEASE-amd64.vhd.xz) = 4e287c0504f0ecb63fc9140901c1bc31baf1fe74a6d2314426afaa73886dae58
SHA256 (FreeBSD-11.1-RELEASE-amd64.vmdk.xz) = 373c606f065c5850e722fcc92a1cbdb3ce72fbdf4162916e4c1281363a13e5b6
i386 (x86):
SHA512 (FreeBSD-11.1-RELEASE-i386.qcow2.xz) = 50a62e269d5e64e31cb8d10d9c5ff52fd3035375ba5a7c9f07f99f94db2d97bc02a9e0498e6e2d6ca7ccba34ceb71c2cf0fec75c88f75b66468de73bfdf996a2
SHA512 (FreeBSD-11.1-RELEASE-i386.raw.xz) = cbe00b009953845c9d968a8a7d4334f173f5d92654b643cec0fa03a979049a520c0e20d52d57b9907e8bc6c3678100fda936e6fed8a77a96d6d46c894b0de706
SHA512 (FreeBSD-11.1-RELEASE-i386.vhd.xz) = 07c276988cc3e4c29ed61508ccefde2948a427d0df0fb4a816982c46b5694d74448fc422b3323c825922405aeadb0a56e7947251e3422b3436b10ec1f19cbb3b
SHA512 (FreeBSD-11.1-RELEASE-i386.vmdk.xz) = 1904b85abf75e9b164ec22f88b72ae4942d6391b7b275c412b9561ca8d76b7f0218d4b950a39846a3d421245a5bf10d062203ea4a745f485a4bc469f9b461411
SHA256 (FreeBSD-11.1-RELEASE-i386.qcow2.xz) = 693e64a76c3097d83500a907ee48daf5d8c08c8e19d96d73516873775f7a6948
SHA256 (FreeBSD-11.1-RELEASE-i386.raw.xz) = 22708a4d63607e16a3714887b32dec12111a04bf9e2a8cb25dc3faa9eed99b49
SHA256 (FreeBSD-11.1-RELEASE-i386.vhd.xz) = 8f614d5771e98f7bd5db4dc2903d6abbcb5c0b1a2a47e778892111774a5e91f2
SHA256 (FreeBSD-11.1-RELEASE-i386.vmdk.xz) = 61fc5ac92a4563d4a1e1d9841440e021b776cedac90f7c65a3cf0e91499bae13
aarch64 (arm64):
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.qcow2.xz) = d633eee589c0d4fdede6973608749bff5014e52ce7ad18086fab70f4315494e14764a6789eeccc02aec868a1d56dcd61aa3085a69dcede927a9a9264883b0cf7
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.raw.xz) = 34d878de3a9040fae18192ad34d6f4dfe2e0bf52c3f06a918368d4c7ca5e4133897fdc09e91e420b9caab0b6c4ee86dd63d68026c7faaf204c7f547bce2ac418
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.vhd.xz) = 37edc26e1dce16a598b2feb0fbd9b1e3f56e0fb05088ab8f6f9ca13816912d40e0a65f0f72e43202c287f2b099941f539cbd10d2c4225695b5097ac217d17537
SHA512 (FreeBSD-11.1-RELEASE-arm64-aarch64.vmdk.xz) = e1cc7ca416d0bea78da9588634afd62797344f0fcf2d409825e1f1b7a5b01a954a3c87c213fc1bfdcacd249da0a511ead1f9555b241c20178d3566c04945c7b5
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.qcow2.xz) = e4dccf7ed908c73ba6a8f68ad15dbbb548c5a3dacde35c39b24ba47044111d51
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.raw.xz) = 46e69462cf394578b9526a7ff88c3925eab740286546e91db8bb23732146d287
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.vhd.xz) = fe2ee8e0c0434be2cdaf038d2463062fa68f9a82dd5b97e066c0c9d6e915d7c3
SHA256 (FreeBSD-11.1-RELEASE-arm64-aarch64.vmdk.xz) = 5d735a2d35672d617ff13cf200612bd106a26e54032e67bbd0a68fd6c97749f2
Love FreeBSD? Support this and future releases with a donation to The
FreeBSD Foundation! https://www.FreeBSDFoundation.org/donate/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAll35XAACgkQAxRYpUeP
4pMS9RAAgOLUOUejYQ2NcDBYGh3wXtgVBXlopTVJ9OhUrSKplOqGWJZs0Csz3t1/
TGqXQVPu1magdKdqPN1Xlqdr4Kx6OYQRQJcbH4iHUts3fy24ahvx3x9BhZ63yJuf
Idk0RexHR3/p3CeM3VJvq23YfNiBNrSfMU8BG4T+KZ9Lu4VhRDFzVRw7snznU/Z7
KfZL+/OYpciJy8L/30UjF2NCpWMaxEW7pcOMiI6qpbaXBx5U8CmLElj9BFFuBLYQ
W+LdbZxMYxxyE9UsvDm4xWT2aoxqZUgncHlgtJJIDz/pGgWGwIEej4OsnmMdKy4c
rAgIrxXMRFS5FCdK05753w2adNG82QcwpI7wAVU1Y8AYszM9wO4oi75xtmdUCFxf
D0X58Zj6kJ677qgaasjvuo6V0+zfCv7GKYm2UuhA0Xc/OcRyjeCmQIw54UVYv/E2
jRwXqzCF/8SuSdY5gs7rO75rV/VpiK6GwMhDUq1OJUDzO8eJ9YPfaI+gpfKIRPuZ
wHsoqpM0wkfDHTvzr+uE2QHtklS/avbGKReMFk4xc12gkjJ/FDUrQUG3FFFBg1S/
5htwZDu0kNzE8YECdWZQK60U1o3hx7ELfcupWAcphPtdt0wQ5f5OjF8r7YaTFO1R
YhF22XrubO5CxZnkAzcrpD1EVyrFcl5XMMJvz3wHlIJX5ZjC7Tc=
=04+h
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[USN-3364-3] Linux kernel (AWS, GKE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3364-3
July 25, 2017
linux-aws, linux-gke vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
Details:
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)
Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1022-gke 4.4.0-1022.22
linux-image-4.4.0-1026-aws 4.4.0-1026.35
linux-image-aws 4.4.0.1026.29
linux-image-gke 4.4.0.1022.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3364-3
https://www.ubuntu.com/usn/usn-3364-1
CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346,
CVE-2017-9150, CVE-2017-9605
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1026.35
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1022.22
Ubuntu Security Notice USN-3364-3
July 25, 2017
linux-aws, linux-gke vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
Details:
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)
Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1022-gke 4.4.0-1022.22
linux-image-4.4.0-1026-aws 4.4.0-1026.35
linux-image-aws 4.4.0.1026.29
linux-image-gke 4.4.0.1022.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3364-3
https://www.ubuntu.com/usn/usn-3364-1
CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346,
CVE-2017-9150, CVE-2017-9605
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1026.35
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1022.22
[USN-3365-1] Ruby vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZd4eLAAoJEGVp2FWnRL6Tt4MQAJuDpE0z2Yd1M7TRRHCjomyo
2XrpmzJ5RC9M2HWnW3QpRZwxABwK0ZtiGFviwyKIGcg8E8R5UIpPy3/dTDfwgtAv
q5/tsYUHT+xM2DhQ1C2EEAzp4AZILcOrUhSKTfgWjJPLndkHahEUORR4E++EVJgE
bc2NJDWQxKTPLMaMnfmQm1u7e5tUwUgasUkjWSjHKEhWkJjpKzp0YKezseyuAkHr
XLtqED1l/QJwO4QBS0swhEoLsYorQJUNfp8h9eFnRgN3KMscjSsl2RVF0cv4L0+z
MvuFmDMcAHldRCidh0VrihWN/6Ave+bj4zNVVmDJNBj3xV9Du8l9la+ScghuqHIv
eRpnjI+v2w1lBDGXxNGROsyLPvxAqGJPHvQN8zvbn0NW0UKXzmzPZEp9U8qMww3E
TNHE0pXKBbhO6rJykT2ISRcPyWMBVN9kQwpdNYcdHKjOJPE5ZZKqu7kw45hAK8bY
6y9GxaBx064LjqRaPd0+dA6fSGTvs65e9Hf1PR+of6nBx4aXvpWMFQ3R2pYhtW84
0gVFP4jPQ4ttWNTHZjRCd/hpgGCLsEa0OJ0u7KT0W2r57pGmxvkDuvQqChSH3Cm0
iybH3aCH8N82deGSjwwcjsSSM3UcGGY7DkUwRJ3j5gAcFwgj0vxDpjZjisjgcjCP
TyqbYh4PWskniqTm/zc1
=6uH8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3365-1
July 25, 2017
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.3: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language
- ruby2.0: Object-oriented scripting language
Details:
It was discovered that Ruby DL::dlopen incorrectly handled opening
libraries. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A
remote attacker could possibly use this issue to inject SMTP commands.
(CVE-2015-9096)
Marcin Noga discovered that Ruby incorrectly handled certain arguments in
a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)
It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)
It was discovered that Ruby incorrectly handled the initialization vector
(IV) in GCM mode. An attacker could possibly use this issue to bypass
encryption. (CVE-2016-7798)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libruby2.3 2.3.3-1ubuntu0.1
ruby2.3 2.3.3-1ubuntu0.1
Ubuntu 16.04 LTS:
libruby2.3 2.3.1-2~16.04.2
ruby2.3 2.3.1-2~16.04.2
Ubuntu 14.04 LTS:
libruby1.9.1 1.9.3.484-2ubuntu1.3
libruby2.0 2.0.0.484-1ubuntu2.4
ruby1.9.1 1.9.3.484-2ubuntu1.3
ruby2.0 2.0.0.484-1ubuntu2.4
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3365-1
CVE-2009-5147, CVE-2015-1855, CVE-2015-7551, CVE-2015-9096,
CVE-2016-2337, CVE-2016-2339, CVE-2016-7798
Package Information:
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.3
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.4
Version: GnuPG v2
iQIcBAEBCgAGBQJZd4eLAAoJEGVp2FWnRL6Tt4MQAJuDpE0z2Yd1M7TRRHCjomyo
2XrpmzJ5RC9M2HWnW3QpRZwxABwK0ZtiGFviwyKIGcg8E8R5UIpPy3/dTDfwgtAv
q5/tsYUHT+xM2DhQ1C2EEAzp4AZILcOrUhSKTfgWjJPLndkHahEUORR4E++EVJgE
bc2NJDWQxKTPLMaMnfmQm1u7e5tUwUgasUkjWSjHKEhWkJjpKzp0YKezseyuAkHr
XLtqED1l/QJwO4QBS0swhEoLsYorQJUNfp8h9eFnRgN3KMscjSsl2RVF0cv4L0+z
MvuFmDMcAHldRCidh0VrihWN/6Ave+bj4zNVVmDJNBj3xV9Du8l9la+ScghuqHIv
eRpnjI+v2w1lBDGXxNGROsyLPvxAqGJPHvQN8zvbn0NW0UKXzmzPZEp9U8qMww3E
TNHE0pXKBbhO6rJykT2ISRcPyWMBVN9kQwpdNYcdHKjOJPE5ZZKqu7kw45hAK8bY
6y9GxaBx064LjqRaPd0+dA6fSGTvs65e9Hf1PR+of6nBx4aXvpWMFQ3R2pYhtW84
0gVFP4jPQ4ttWNTHZjRCd/hpgGCLsEa0OJ0u7KT0W2r57pGmxvkDuvQqChSH3Cm0
iybH3aCH8N82deGSjwwcjsSSM3UcGGY7DkUwRJ3j5gAcFwgj0vxDpjZjisjgcjCP
TyqbYh4PWskniqTm/zc1
=6uH8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3365-1
July 25, 2017
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.3: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language
- ruby2.0: Object-oriented scripting language
Details:
It was discovered that Ruby DL::dlopen incorrectly handled opening
libraries. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A
remote attacker could possibly use this issue to inject SMTP commands.
(CVE-2015-9096)
Marcin Noga discovered that Ruby incorrectly handled certain arguments in
a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)
It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)
It was discovered that Ruby incorrectly handled the initialization vector
(IV) in GCM mode. An attacker could possibly use this issue to bypass
encryption. (CVE-2016-7798)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libruby2.3 2.3.3-1ubuntu0.1
ruby2.3 2.3.3-1ubuntu0.1
Ubuntu 16.04 LTS:
libruby2.3 2.3.1-2~16.04.2
ruby2.3 2.3.1-2~16.04.2
Ubuntu 14.04 LTS:
libruby1.9.1 1.9.3.484-2ubuntu1.3
libruby2.0 2.0.0.484-1ubuntu2.4
ruby1.9.1 1.9.3.484-2ubuntu1.3
ruby2.0 2.0.0.484-1ubuntu2.4
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3365-1
CVE-2009-5147, CVE-2015-1855, CVE-2015-7551, CVE-2015-9096,
CVE-2016-2337, CVE-2016-2339, CVE-2016-7798
Package Information:
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.3
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.4
Subscribe to:
Posts (Atom)