==========================================================================
Ubuntu Security Notice USN-4349-1
April 30, 2020
edk2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in edk2.
Software Description:
- edk2: UEFI firmware for 64-bit x86 virtual machines
Details:
A buffer overflow was discovered in the network stack. An unprivileged user
could potentially enable escalation of privilege and/or denial of service.
This issue was already fixed in a previous release for 18.04 LTS and 19.10.
(CVE-2018-12178)
A buffer overflow was discovered in BlockIo service. An unauthenticated user
could potentially enable escalation of privilege, information disclosure and/or
denial of service. This issue was already fixed in a previous release for 18.04
LTS and 19.10. (CVE-2018-12180)
A stack overflow was discovered in bmp. An unprivileged user
could potentially enable denial of service or elevation of privilege via
local access. This issue was already fixed in a previous release for 18.04
LTS and 19.10. (CVE-2018-12181)
It was discovered that memory was not cleared before free that could lead
to potential password leak. (CVE-2019-14558)
A memory leak was discovered in ArpOnFrameRcvdDpc. An attacker could
possibly use this issue to cause a denial of service or other unspecified
impact. (CVE-2019-14559)
An integer overflow was discovered in MdeModulePkg/PiDxeS3BootScriptLib.
An attacker could possibly use this issue to cause a denial of service or
other unspecified impact. (CVE-2019-14563)
It was discovered that the affected version doesn't properly check whether an
unsigned EFI file should be allowed or not. An attacker could possibly load
unsafe content by bypassing the verification. (CVE-2019-14575)
It was discovered that original configuration runtime memory is freed, but it
is still exposed to the OS runtime. (CVE-2019-14586)
A double-unmap was discovered in TRB creation. An attacker could use it to
cause a denial of service or other unspecified impact. (CVE-2019-14587)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
ovmf 0~20190606.20d2e5a1-2ubuntu1.1
qemu-efi-aarch64 0~20190606.20d2e5a1-2ubuntu1.1
qemu-efi-arm 0~20190606.20d2e5a1-2ubuntu1.1
Ubuntu 18.04 LTS:
ovmf 0~20180205.c0d9813c-2ubuntu0.2
qemu-efi-aarch64 0~20180205.c0d9813c-2ubuntu0.2
qemu-efi-arm 0~20180205.c0d9813c-2ubuntu0.2
Ubuntu 16.04 LTS:
ovmf 0~20160408.ffea0a2c-2ubuntu0.1
qemu-efi 0~20160408.ffea0a2c-2ubuntu0.1
After a standard system update you need to restart the virtual machines that
use the affected firmware to make all the necessary changes.
References:
https://usn.ubuntu.com/4349-1
CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2019-14558,
CVE-2019-14559, CVE-2019-14563, CVE-2019-14575, CVE-2019-14586,
CVE-2019-14587
Package Information:
https://launchpad.net/ubuntu/+source/edk2/0~20190606.20d2e5a1-2ubuntu1.1
https://launchpad.net/ubuntu/+source/edk2/0~20180205.c0d9813c-2ubuntu0.2
https://launchpad.net/ubuntu/+source/edk2/0~20160408.ffea0a2c-2ubuntu0.1
Thursday, April 30, 2020
REMINDER: Fedora 30 EOL on 2020-05-26
Per the Fedora Release Lifecycle[1], Fedora 30 will reach end-of-life four weeks after the release of Fedora 32. This is Tuesday 26 May 2020. After this date, no more updates will be available for Fedora 30.
It is Fedora's policy to close all bug reports from releases that are no longer maintained. On 26 May, all open Fedora 30 bugs will be closed as EOL.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
[CentOS-announce] CEBA-2020:1982 CentOS 6 tzdata BugFix Update
CentOS Errata and Bugfix Advisory 2020:1982
Upstream details at : https://access.redhat.com/errata/RHBA-2020:1982
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
40bd5ea9365a4b62cf62983819ffbfc0b3cf796bb73c84738476457e3dc9ca8c tzdata-2020a-1.el6.noarch.rpm
35cc464cff218e7bd57f1f0583ec6f5f6228348d5dfa8cf319f2965b86685499 tzdata-java-2020a-1.el6.noarch.rpm
x86_64:
40bd5ea9365a4b62cf62983819ffbfc0b3cf796bb73c84738476457e3dc9ca8c tzdata-2020a-1.el6.noarch.rpm
35cc464cff218e7bd57f1f0583ec6f5f6228348d5dfa8cf319f2965b86685499 tzdata-java-2020a-1.el6.noarch.rpm
Source:
4e839c9ed8072332b875d17f7d54305a938996f3304808adafb0f455627adf13 tzdata-2020a-1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHBA-2020:1982
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
40bd5ea9365a4b62cf62983819ffbfc0b3cf796bb73c84738476457e3dc9ca8c tzdata-2020a-1.el6.noarch.rpm
35cc464cff218e7bd57f1f0583ec6f5f6228348d5dfa8cf319f2965b86685499 tzdata-java-2020a-1.el6.noarch.rpm
x86_64:
40bd5ea9365a4b62cf62983819ffbfc0b3cf796bb73c84738476457e3dc9ca8c tzdata-2020a-1.el6.noarch.rpm
35cc464cff218e7bd57f1f0583ec6f5f6228348d5dfa8cf319f2965b86685499 tzdata-java-2020a-1.el6.noarch.rpm
Source:
4e839c9ed8072332b875d17f7d54305a938996f3304808adafb0f455627adf13 tzdata-2020a-1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1962 Important CentOS 6 python-twisted-web Security Update
CentOS Errata and Security Advisory 2020:1962 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1962
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
e5325be26650ca5a0802a3b95cb74026f32994e65aa2bd47c8d2ee33f639012d python-twisted-web-8.2.0-6.el6_10.i686.rpm
x86_64:
d9ae88251c4f8c24ce973b48536a2a12fe5cc447f2fdf868255072bf0f444014 python-twisted-web-8.2.0-6.el6_10.x86_64.rpm
Source:
79f6182719d97f904c01fc56312ed76942e6a487e4d255854d8d8a4bcd07ec86 python-twisted-web-8.2.0-6.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1962
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
e5325be26650ca5a0802a3b95cb74026f32994e65aa2bd47c8d2ee33f639012d python-twisted-web-8.2.0-6.el6_10.i686.rpm
x86_64:
d9ae88251c4f8c24ce973b48536a2a12fe5cc447f2fdf868255072bf0f444014 python-twisted-web-8.2.0-6.el6_10.x86_64.rpm
Source:
79f6182719d97f904c01fc56312ed76942e6a487e4d255854d8d8a4bcd07ec86 python-twisted-web-8.2.0-6.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1489 Important CentOS 7 thunderbird Security Update
CentOS Errata and Security Advisory 2020:1489 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1489
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c1f729bd646d786b455ced02fdef3ba707209d19abbe2e9248afe1d5a9d619e4 thunderbird-68.7.0-1.el7.centos.x86_64.rpm
Source:
089d5be107c79b4090a94a85a7eb10266faa859fe4a4cac0ef4dbd418f1946f8 thunderbird-68.7.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1489
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c1f729bd646d786b455ced02fdef3ba707209d19abbe2e9248afe1d5a9d619e4 thunderbird-68.7.0-1.el7.centos.x86_64.rpm
Source:
089d5be107c79b4090a94a85a7eb10266faa859fe4a4cac0ef4dbd418f1946f8 thunderbird-68.7.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1561 Important CentOS 7 python-twisted-web Security Update
CentOS Errata and Security Advisory 2020:1561 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1561
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c934c963bfda9541fb295807dd5b3491516e30ddca030f9994b16aaf5abf586a python-twisted-web-12.1.0-7.el7_8.x86_64.rpm
Source:
1fc7a67cae437978a930e1430f7fd6723180dfe327b2c173719b352e471804ab python-twisted-web-12.1.0-7.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1561
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c934c963bfda9541fb295807dd5b3491516e30ddca030f9994b16aaf5abf586a python-twisted-web-12.1.0-7.el7_8.x86_64.rpm
Source:
1fc7a67cae437978a930e1430f7fd6723180dfe327b2c173719b352e471804ab python-twisted-web-12.1.0-7.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1511 Important CentOS 7 git Security Update
CentOS Errata and Security Advisory 2020:1511 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1511
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
b051121e45e0afb64ee88bcc0ac8571ff447ddce874c3d1a3fdf0f32c16967bf emacs-git-1.8.3.1-22.el7_8.noarch.rpm
c6dd608f4399755307cbebe7a60524042017d162d3d58c7a9cbdf313917a09f7 emacs-git-el-1.8.3.1-22.el7_8.noarch.rpm
15f56ffd76f82179e50c87cdd6be86df7b86092748048012af41bd50848a4a34 git-1.8.3.1-22.el7_8.x86_64.rpm
f3fc0ec55423631c0fa8458a3008ed09380b9c5deee9b3e930c32213376d6227 git-all-1.8.3.1-22.el7_8.noarch.rpm
e442411450eb36b331314e705343178cfd4d00d3b65d86ceeb47b2b2a7695f8a git-bzr-1.8.3.1-22.el7_8.noarch.rpm
0c17dfb9729fc289765911713f403406c570032f053e439c510b1e0b08291732 git-cvs-1.8.3.1-22.el7_8.noarch.rpm
b3d2535112b577451f3bd143e7f7bdf309b44a9d569f6391da00c0ef2ba9a37b git-daemon-1.8.3.1-22.el7_8.x86_64.rpm
d49c9b174bd2b055533cbe4f0d552dff471663a2cb2e1d8d49c505083e326109 git-email-1.8.3.1-22.el7_8.noarch.rpm
298ad8b5602c5d19fe31a1ce894f086a3791109c72e8639696d1f86764844948 git-gnome-keyring-1.8.3.1-22.el7_8.x86_64.rpm
7d3e2c231fd82b2391c02dcc67fbfbecb2611fff1ff71d8ee4afcfc754c77581 git-gui-1.8.3.1-22.el7_8.noarch.rpm
e2564d303ab9591bf676e2b648962b129494d6cde44fc07cbf35876f7bae6cbc git-hg-1.8.3.1-22.el7_8.noarch.rpm
937e2b3ae022aa61e8f940621deada7b91acab68b8a5d8cf110ab7db2627b168 git-instaweb-1.8.3.1-22.el7_8.noarch.rpm
06e30621b84c138fb4526ab8db767cfbd2a0e27347d31dff51de282b2e28c0f7 gitk-1.8.3.1-22.el7_8.noarch.rpm
002b73881adce7c1097c6eacae3126bbc5a8291bcae3287bfd5c6ebd54d3df8a git-p4-1.8.3.1-22.el7_8.noarch.rpm
06e66cad08604adc984297c26d16efdcdcf5eb24681f34617e602fcdf7d73f42 git-svn-1.8.3.1-22.el7_8.x86_64.rpm
017ae64401d8a4f4feafa909d3272c0c7b56f3985c433ce57983d646bd395e24 gitweb-1.8.3.1-22.el7_8.noarch.rpm
d0f32f152e8d5c3f34d79a3eeda56968f86bf1b1cc988434d38f2850aed31cc7 perl-Git-1.8.3.1-22.el7_8.noarch.rpm
5c84268f2a7aa825566a1384008c11015782982fc09c403544758a6334021196 perl-Git-SVN-1.8.3.1-22.el7_8.noarch.rpm
Source:
a422d7a3c2620fbcde288f89eb7a7ef0f85d16355766e5914648ce75372f3cb9 git-1.8.3.1-22.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1511
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
b051121e45e0afb64ee88bcc0ac8571ff447ddce874c3d1a3fdf0f32c16967bf emacs-git-1.8.3.1-22.el7_8.noarch.rpm
c6dd608f4399755307cbebe7a60524042017d162d3d58c7a9cbdf313917a09f7 emacs-git-el-1.8.3.1-22.el7_8.noarch.rpm
15f56ffd76f82179e50c87cdd6be86df7b86092748048012af41bd50848a4a34 git-1.8.3.1-22.el7_8.x86_64.rpm
f3fc0ec55423631c0fa8458a3008ed09380b9c5deee9b3e930c32213376d6227 git-all-1.8.3.1-22.el7_8.noarch.rpm
e442411450eb36b331314e705343178cfd4d00d3b65d86ceeb47b2b2a7695f8a git-bzr-1.8.3.1-22.el7_8.noarch.rpm
0c17dfb9729fc289765911713f403406c570032f053e439c510b1e0b08291732 git-cvs-1.8.3.1-22.el7_8.noarch.rpm
b3d2535112b577451f3bd143e7f7bdf309b44a9d569f6391da00c0ef2ba9a37b git-daemon-1.8.3.1-22.el7_8.x86_64.rpm
d49c9b174bd2b055533cbe4f0d552dff471663a2cb2e1d8d49c505083e326109 git-email-1.8.3.1-22.el7_8.noarch.rpm
298ad8b5602c5d19fe31a1ce894f086a3791109c72e8639696d1f86764844948 git-gnome-keyring-1.8.3.1-22.el7_8.x86_64.rpm
7d3e2c231fd82b2391c02dcc67fbfbecb2611fff1ff71d8ee4afcfc754c77581 git-gui-1.8.3.1-22.el7_8.noarch.rpm
e2564d303ab9591bf676e2b648962b129494d6cde44fc07cbf35876f7bae6cbc git-hg-1.8.3.1-22.el7_8.noarch.rpm
937e2b3ae022aa61e8f940621deada7b91acab68b8a5d8cf110ab7db2627b168 git-instaweb-1.8.3.1-22.el7_8.noarch.rpm
06e30621b84c138fb4526ab8db767cfbd2a0e27347d31dff51de282b2e28c0f7 gitk-1.8.3.1-22.el7_8.noarch.rpm
002b73881adce7c1097c6eacae3126bbc5a8291bcae3287bfd5c6ebd54d3df8a git-p4-1.8.3.1-22.el7_8.noarch.rpm
06e66cad08604adc984297c26d16efdcdcf5eb24681f34617e602fcdf7d73f42 git-svn-1.8.3.1-22.el7_8.x86_64.rpm
017ae64401d8a4f4feafa909d3272c0c7b56f3985c433ce57983d646bd395e24 gitweb-1.8.3.1-22.el7_8.noarch.rpm
d0f32f152e8d5c3f34d79a3eeda56968f86bf1b1cc988434d38f2850aed31cc7 perl-Git-1.8.3.1-22.el7_8.noarch.rpm
5c84268f2a7aa825566a1384008c11015782982fc09c403544758a6334021196 perl-Git-SVN-1.8.3.1-22.el7_8.noarch.rpm
Source:
a422d7a3c2620fbcde288f89eb7a7ef0f85d16355766e5914648ce75372f3cb9 git-1.8.3.1-22.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1507 Important CentOS 7 java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2020:1507 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1507
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
fabe67fc9df555934da2d72279096fd3c24b3e2ff47850f5896505890f38a0a4 java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
03c15876c6039d9417ee91cd8c126e85728890c0197caf2eabe8ead3f490ede3 java-1.7.0-openjdk-accessibility-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
7575efaca8e9a5cf4f0a1e2248ccae845d3e59aaf7ae927486d923a3546dd141 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
2cbb801428afc2eb0a923e443936b9a998896d3b6b34a69344eafd09c4d900af java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
91d7ddde31bd7f6dee89c8e4c710bf889e2f6e0dadb253de44f76a18c71fbd65 java-1.7.0-openjdk-headless-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
4116eb9fadf6555249e648b54b721e40488fd224f7f2c3c1ff3a97124b66a2fe java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.2.el7_8.noarch.rpm
7b6b6a78638df33409453224096ef0e0201774bc67bdd1d5016f52b034f97e19 java-1.7.0-openjdk-src-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
Source:
13bcf8e890d357b8d0963724df486217403817c19c2ac0c424513440296a4b99 java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1507
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
fabe67fc9df555934da2d72279096fd3c24b3e2ff47850f5896505890f38a0a4 java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
03c15876c6039d9417ee91cd8c126e85728890c0197caf2eabe8ead3f490ede3 java-1.7.0-openjdk-accessibility-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
7575efaca8e9a5cf4f0a1e2248ccae845d3e59aaf7ae927486d923a3546dd141 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
2cbb801428afc2eb0a923e443936b9a998896d3b6b34a69344eafd09c4d900af java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
91d7ddde31bd7f6dee89c8e4c710bf889e2f6e0dadb253de44f76a18c71fbd65 java-1.7.0-openjdk-headless-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
4116eb9fadf6555249e648b54b721e40488fd224f7f2c3c1ff3a97124b66a2fe java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.2.el7_8.noarch.rpm
7b6b6a78638df33409453224096ef0e0201774bc67bdd1d5016f52b034f97e19 java-1.7.0-openjdk-src-1.7.0.261-2.6.22.2.el7_8.x86_64.rpm
Source:
13bcf8e890d357b8d0963724df486217403817c19c2ac0c424513440296a4b99 java-1.7.0-openjdk-1.7.0.261-2.6.22.2.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1512 Important CentOS 7 java-1.8.0-openjdk Security Update
CentOS Errata and Security Advisory 2020:1512 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1512
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
ec734e220ac9e35c12a75bfd57bc8edac97facd2df5a1d03ce683d802b4c9fdd java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm
f86917a54210c13a63bce8bb807947cdbc7cacc994acdd4c47b7d54e4b891104 java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm
45ee7e0f2042f58c6053003c233b795f0ad2c8ca26c2035d9332728c85f7341c java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm
dcac59f243f853c1da4e105b7c29f1eeb7ce15b9f271a6b36409660fd933be60 java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm
a9f65a8ea5f82e7465326d90fc08da7bba5e0a22da7a13503afbb430bb9e2634 java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm
2e644a6a5b06af473181b288624993d4a0d2e821068d437e38da73cfcb5520ad java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm
bfe0e5a6ea3a1bc7dfdb62dbd19ba20a3eb4e531c416dd75ec01594ecd71b5d2 java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm
ecfa046985366a978f782b0e252d1b0b8027e231d3a1e89a72e6ad44e2d3d430 java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm
ddb19ff50033bc8f749c6974221b072059a020fdd393639f3c97d7b12fb17679 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm
b21dace04c6c4fb78b7b3109d628f8719909d8bac028d312bfd124d393cbdfb7 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
3d2dd4a1793923c8e0ccbf5a99a67d90fafa11076a69860dc3b88897867762eb java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm
06bb8b6b228e02cfa5c7686b98df704b16779b6fcda71a801d5acb409024228c java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
4dd4b147197c43a217f0a1e10ac10ce53346f5419e24476355e6f5dbdbaa63ba java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm
6f8df4b9604f4ec97936c1dbd04b99ede0e209670aac6e34cc4714888a470d29 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Source:
0482dd5996a91af5de3b7cbad8c1c22db6c3c1c4087e06a125bc13bb8bb824f7 java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1512
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
ec734e220ac9e35c12a75bfd57bc8edac97facd2df5a1d03ce683d802b4c9fdd java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm
f86917a54210c13a63bce8bb807947cdbc7cacc994acdd4c47b7d54e4b891104 java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm
45ee7e0f2042f58c6053003c233b795f0ad2c8ca26c2035d9332728c85f7341c java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm
dcac59f243f853c1da4e105b7c29f1eeb7ce15b9f271a6b36409660fd933be60 java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm
a9f65a8ea5f82e7465326d90fc08da7bba5e0a22da7a13503afbb430bb9e2634 java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm
2e644a6a5b06af473181b288624993d4a0d2e821068d437e38da73cfcb5520ad java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm
bfe0e5a6ea3a1bc7dfdb62dbd19ba20a3eb4e531c416dd75ec01594ecd71b5d2 java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm
ecfa046985366a978f782b0e252d1b0b8027e231d3a1e89a72e6ad44e2d3d430 java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm
ddb19ff50033bc8f749c6974221b072059a020fdd393639f3c97d7b12fb17679 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm
b21dace04c6c4fb78b7b3109d628f8719909d8bac028d312bfd124d393cbdfb7 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
3d2dd4a1793923c8e0ccbf5a99a67d90fafa11076a69860dc3b88897867762eb java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm
06bb8b6b228e02cfa5c7686b98df704b16779b6fcda71a801d5acb409024228c java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
4dd4b147197c43a217f0a1e10ac10ce53346f5419e24476355e6f5dbdbaa63ba java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm
6f8df4b9604f4ec97936c1dbd04b99ede0e209670aac6e34cc4714888a470d29 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Source:
0482dd5996a91af5de3b7cbad8c1c22db6c3c1c4087e06a125bc13bb8bb824f7 java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1509 Important CentOS 7 java-11-openjdk Security Update
CentOS Errata and Security Advisory 2020:1509 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1509
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
feeefc6681aaa3bf69fdb9374e1dc13ed6e964b6545502f0bd14eaf7ce53f06d java-11-openjdk-11.0.7.10-4.el7_8.i686.rpm
7c4c37c0ea48f84107b282a1575f63a84f6f9cfbbc50708f77309afb46629be2 java-11-openjdk-11.0.7.10-4.el7_8.x86_64.rpm
5b7b7ad1f6a47aaaf64e78b1c3eaa439bc3d1fa487d4cf6d645f3e5f7f82aa1d java-11-openjdk-demo-11.0.7.10-4.el7_8.i686.rpm
0df0679e7cf1b5f15fda6bdd7d47f52bb042dd934055d93db063eba057f71d72 java-11-openjdk-demo-11.0.7.10-4.el7_8.x86_64.rpm
9ce3611a75397516fd6eac15d6b7e740ed3a497fdd49c77d03593701ad6f5bed java-11-openjdk-devel-11.0.7.10-4.el7_8.i686.rpm
7c16d75034f8b5af29f29368f9d6b6f0f96d206124bcede20b987cae23a8fc2b java-11-openjdk-devel-11.0.7.10-4.el7_8.x86_64.rpm
ad579f5f54185a849e2c2f49818206dabd254d5b4a9f6a56eaaf828f8035d7ed java-11-openjdk-headless-11.0.7.10-4.el7_8.i686.rpm
d59a5715f41d0cc42740ea8bbf254fee0729fe95f7783887470ac54e0028a645 java-11-openjdk-headless-11.0.7.10-4.el7_8.x86_64.rpm
b8b135c555c96cb85f1b78394507e880cb3a0623d07f378b5ac2aee7ea0ceb2b java-11-openjdk-javadoc-11.0.7.10-4.el7_8.i686.rpm
f8c301dd37d12af525a3f9515c8f316be1b0b45a896aff4aadbd54695c0202f3 java-11-openjdk-javadoc-11.0.7.10-4.el7_8.x86_64.rpm
b65eaa6b5bbfc4d7f1c740a8b26fbe50a5a5fe48fd4d4cf6c418ad3245af136d java-11-openjdk-javadoc-zip-11.0.7.10-4.el7_8.i686.rpm
e540cd84f0994771b455a98ad485737a20f0e818edbb3dc3c091e2679986872f java-11-openjdk-javadoc-zip-11.0.7.10-4.el7_8.x86_64.rpm
12b56a59045d9e0c7877d2cde5d82ff665bd0b98fc0fc87afca228ccd37f8be6 java-11-openjdk-jmods-11.0.7.10-4.el7_8.i686.rpm
f7b5a8b2b137469210929ce36c6e37f56a328316f1424f3d4d004ec707e0f2ad java-11-openjdk-jmods-11.0.7.10-4.el7_8.x86_64.rpm
bd5baed650742e2df7417aaf0faf09a3e1faa3d08ec1eab2b9ef618ffbb5b177 java-11-openjdk-src-11.0.7.10-4.el7_8.i686.rpm
d0934f29f7538e5e971ebcc6b0f43f707af2699c32ac38f43aa18cdcb773cdfb java-11-openjdk-src-11.0.7.10-4.el7_8.x86_64.rpm
Source:
987ea04496423b636a57918b0a1c49edb1ee626eff745721ea99c0877e64dc67 java-11-openjdk-11.0.7.10-4.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1509
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
feeefc6681aaa3bf69fdb9374e1dc13ed6e964b6545502f0bd14eaf7ce53f06d java-11-openjdk-11.0.7.10-4.el7_8.i686.rpm
7c4c37c0ea48f84107b282a1575f63a84f6f9cfbbc50708f77309afb46629be2 java-11-openjdk-11.0.7.10-4.el7_8.x86_64.rpm
5b7b7ad1f6a47aaaf64e78b1c3eaa439bc3d1fa487d4cf6d645f3e5f7f82aa1d java-11-openjdk-demo-11.0.7.10-4.el7_8.i686.rpm
0df0679e7cf1b5f15fda6bdd7d47f52bb042dd934055d93db063eba057f71d72 java-11-openjdk-demo-11.0.7.10-4.el7_8.x86_64.rpm
9ce3611a75397516fd6eac15d6b7e740ed3a497fdd49c77d03593701ad6f5bed java-11-openjdk-devel-11.0.7.10-4.el7_8.i686.rpm
7c16d75034f8b5af29f29368f9d6b6f0f96d206124bcede20b987cae23a8fc2b java-11-openjdk-devel-11.0.7.10-4.el7_8.x86_64.rpm
ad579f5f54185a849e2c2f49818206dabd254d5b4a9f6a56eaaf828f8035d7ed java-11-openjdk-headless-11.0.7.10-4.el7_8.i686.rpm
d59a5715f41d0cc42740ea8bbf254fee0729fe95f7783887470ac54e0028a645 java-11-openjdk-headless-11.0.7.10-4.el7_8.x86_64.rpm
b8b135c555c96cb85f1b78394507e880cb3a0623d07f378b5ac2aee7ea0ceb2b java-11-openjdk-javadoc-11.0.7.10-4.el7_8.i686.rpm
f8c301dd37d12af525a3f9515c8f316be1b0b45a896aff4aadbd54695c0202f3 java-11-openjdk-javadoc-11.0.7.10-4.el7_8.x86_64.rpm
b65eaa6b5bbfc4d7f1c740a8b26fbe50a5a5fe48fd4d4cf6c418ad3245af136d java-11-openjdk-javadoc-zip-11.0.7.10-4.el7_8.i686.rpm
e540cd84f0994771b455a98ad485737a20f0e818edbb3dc3c091e2679986872f java-11-openjdk-javadoc-zip-11.0.7.10-4.el7_8.x86_64.rpm
12b56a59045d9e0c7877d2cde5d82ff665bd0b98fc0fc87afca228ccd37f8be6 java-11-openjdk-jmods-11.0.7.10-4.el7_8.i686.rpm
f7b5a8b2b137469210929ce36c6e37f56a328316f1424f3d4d004ec707e0f2ad java-11-openjdk-jmods-11.0.7.10-4.el7_8.x86_64.rpm
bd5baed650742e2df7417aaf0faf09a3e1faa3d08ec1eab2b9ef618ffbb5b177 java-11-openjdk-src-11.0.7.10-4.el7_8.i686.rpm
d0934f29f7538e5e971ebcc6b0f43f707af2699c32ac38f43aa18cdcb773cdfb java-11-openjdk-src-11.0.7.10-4.el7_8.x86_64.rpm
Source:
987ea04496423b636a57918b0a1c49edb1ee626eff745721ea99c0877e64dc67 java-11-openjdk-11.0.7.10-4.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2020:1982 CentOS 7 tzdata BugFix Update
CentOS Errata and Bugfix Advisory 2020:1982
Upstream details at : https://access.redhat.com/errata/RHBA-2020:1982
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
bc5c790c0a346bb20abbbd866e0c1cf664cec9c3e4d4e21dbfe32b32616257ba tzdata-2020a-1.el7.noarch.rpm
df284a4379294602228b360243cb0fc0498371278b702354b9de2cc38ffbc09f tzdata-java-2020a-1.el7.noarch.rpm
Source:
d348bae19f293c56bb60b0f65b3d3dcf4523128a36ee356f0c7231da1219d2f4 tzdata-2020a-1.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHBA-2020:1982
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
bc5c790c0a346bb20abbbd866e0c1cf664cec9c3e4d4e21dbfe32b32616257ba tzdata-2020a-1.el7.noarch.rpm
df284a4379294602228b360243cb0fc0498371278b702354b9de2cc38ffbc09f tzdata-java-2020a-1.el7.noarch.rpm
Source:
d348bae19f293c56bb60b0f65b3d3dcf4523128a36ee356f0c7231da1219d2f4 tzdata-2020a-1.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Flock to Fedora --> Nest with Fedora!
Hey folks,
I know everyone has been wondering about if Flock to Fedora will be happening this year. The answer is yes, though we are going virtual with an alternate version: Nest with Fedora!
How and what we do is open to community input. Check out this blog post on the Community Blog, which includes some inspiration:
I welcome you to open issues here with ideas or add comments to others:
Cheers!
*Apologies if you receive this multiple times, I am sending to multiple lists for coverage.*
--
Marie Nordin
Fedora Community Action and Impact Coordinator
She/Her/Hers
T: +1.973.800.4967
IRC: riecatnor
F33 system wide change, java-11-openjdk as system jdk
Hello fellow java package maintainers!
We are planning to bump the JDK from java-1.8.0-openjdk to java-11-openjdk for F33. Please see
https://fedoraproject.org/wiki/Changes/Java11
Short Story:
* if you have some java package, be aware that we are bumping JDK in rawhide
* Ensure your package builds and runs fine with JDK11 (see the
https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/)
* there is special tooling ready for this, before mass rebuild is launched
** See https://fedoraproject.org/wiki/Changes/Java11#copr_preliminary_rebuild
* If you do not want Fedora rotten with JDK8 for ever, continue reading
Long Story:
We ran a preliminary mass rebuild of javastack in copr repo
https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/ (select "all" instead of "25" at the
bottom), on packages requiring java,javac, java-devel, maven-local, ant, ivy & comp for build. You
can see, the result was quite dramatic:
1225 total; attempted to rebuild
483 failed; from those 191 are trivial failures (but if you fix it, there is no guarantee real
troubles are not hidden behind that)
186 succeeded
556 orphans or dead or otherwise tragic so the build did not even start
I would kindly ask you to search yourself in this list: https://jvanek.fedorapeople.org/java11/people
If you are here, please check status of your package in https://jvanek.fedorapeople.org/java11/init
(pain text of https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds).
* If your package is "succeeded", congratulations nothing to do, and just keep en eye on JDK bump
* If there is "failed" but contains "- -" then it is probably orphan. If you wish to resurrect it,
please ensure it runs against JDK11 (see lower)
* If there is "failed" but failed in "seconds", then those packages failed so quickly, that the
build was in initial phases. That usually mean that you build with source/target lower then 1.6
JDK11 supports 1.6 and up. We recommend to bump the source/target to 1.8, to allow existence of
compact 1.8 packages alongside main javastack. See
https://fedoraproject.org/wiki/Changes/Java11#Wrong_source.2Ftarget_version. Don't forget to
upstream the patch, or maybe it is enough to update to more fresh upstream release which supports
JDK11? it may happen, that after the fix, your build will fail in more terrible way (see below)
* If there is "failed", and its none of above, then your package simply failed. Very often the
scary error may be fixed by bump to latest upstream version. JDK 11 is out for several years.
Please, try to fix the package. Don't hesitate to ask on devel@fedoraproject.org or
java-devel@fedoraproject.org or directly to me jvanek@redhat.com. If you fix the fail, feel free to
share your fix, it may help others.
We are trying to gather the most common issues at
https://fedoraproject.org/wiki/Changes/Java11#common_issues_packagers_can_face_and_gathered_solutions .
Feel free to enhance the page, or write us your case (possibly both with solution and without) so
we can add it here.
Debugging Your failures.
The copr repo we maintain, contains builds of java-11-openjdk as system JDK, javapackages-tools
honoring that, and java-1.8.0-openjdk as non system JDK. Also it contains successfully rebuilt
packages. You can directly use this copr repo in several ways.
* first glance on error. On https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/ find your
build (select "all" instead of "25" at the bottom),
** Click its number, select chroot (currently fedora-32-x86_64 ) and check the logs. Main log is
build.log.gz.
* anything you push to rawhide, will automatically rebuild here in f32 chroot (we have a JDK in
rawhide broken a bit currently)
** It is the best approach. If you can fix your package in rawhide directly, without breaking the
rawhide too much, go for it
** If yo need to experiment, I have a mock config for you (generated from copr-cli mock-config
jvanek/java11 fedora-32-x86_64) which you can copy to your /etc/mock and use -
https://jvanek.fedorapeople.org/java11/jvanek-java11-fedora-32-x86_64.cfg . Eg:
sudo cp downloaded-fedora-32-x86_64.cfg /etc/mock/jvanek-java11-fedora-32-x86_64.cfg
# change spec, bump sources, apply patches
fedpkg srpm
mock -r jvanek-java11-fedora-32-x86_64 *.src.rpm
Or any other packaging workflow you use, and you can use against the copr repo.
Thank you very much for your help, there are 500 failures, and 1000 java packagers, but only 2
active members of java sig. Without your help, the JDK bump will be very hard.
Thank You!
On behalf of Fedora java group
J.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
We are planning to bump the JDK from java-1.8.0-openjdk to java-11-openjdk for F33. Please see
https://fedoraproject.org/wiki/Changes/Java11
Short Story:
* if you have some java package, be aware that we are bumping JDK in rawhide
* Ensure your package builds and runs fine with JDK11 (see the
https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/)
* there is special tooling ready for this, before mass rebuild is launched
** See https://fedoraproject.org/wiki/Changes/Java11#copr_preliminary_rebuild
* If you do not want Fedora rotten with JDK8 for ever, continue reading
Long Story:
We ran a preliminary mass rebuild of javastack in copr repo
https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/ (select "all" instead of "25" at the
bottom), on packages requiring java,javac, java-devel, maven-local, ant, ivy & comp for build. You
can see, the result was quite dramatic:
1225 total; attempted to rebuild
483 failed; from those 191 are trivial failures (but if you fix it, there is no guarantee real
troubles are not hidden behind that)
186 succeeded
556 orphans or dead or otherwise tragic so the build did not even start
I would kindly ask you to search yourself in this list: https://jvanek.fedorapeople.org/java11/people
If you are here, please check status of your package in https://jvanek.fedorapeople.org/java11/init
(pain text of https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds).
* If your package is "succeeded", congratulations nothing to do, and just keep en eye on JDK bump
* If there is "failed" but contains "- -" then it is probably orphan. If you wish to resurrect it,
please ensure it runs against JDK11 (see lower)
* If there is "failed" but failed in "seconds", then those packages failed so quickly, that the
build was in initial phases. That usually mean that you build with source/target lower then 1.6
JDK11 supports 1.6 and up. We recommend to bump the source/target to 1.8, to allow existence of
compact 1.8 packages alongside main javastack. See
https://fedoraproject.org/wiki/Changes/Java11#Wrong_source.2Ftarget_version. Don't forget to
upstream the patch, or maybe it is enough to update to more fresh upstream release which supports
JDK11? it may happen, that after the fix, your build will fail in more terrible way (see below)
* If there is "failed", and its none of above, then your package simply failed. Very often the
scary error may be fixed by bump to latest upstream version. JDK 11 is out for several years.
Please, try to fix the package. Don't hesitate to ask on devel@fedoraproject.org or
java-devel@fedoraproject.org or directly to me jvanek@redhat.com. If you fix the fail, feel free to
share your fix, it may help others.
We are trying to gather the most common issues at
https://fedoraproject.org/wiki/Changes/Java11#common_issues_packagers_can_face_and_gathered_solutions .
Feel free to enhance the page, or write us your case (possibly both with solution and without) so
we can add it here.
Debugging Your failures.
The copr repo we maintain, contains builds of java-11-openjdk as system JDK, javapackages-tools
honoring that, and java-1.8.0-openjdk as non system JDK. Also it contains successfully rebuilt
packages. You can directly use this copr repo in several ways.
* first glance on error. On https://copr.fedorainfracloud.org/coprs/jvanek/java11/builds/ find your
build (select "all" instead of "25" at the bottom),
** Click its number, select chroot (currently fedora-32-x86_64 ) and check the logs. Main log is
build.log.gz.
* anything you push to rawhide, will automatically rebuild here in f32 chroot (we have a JDK in
rawhide broken a bit currently)
** It is the best approach. If you can fix your package in rawhide directly, without breaking the
rawhide too much, go for it
** If yo need to experiment, I have a mock config for you (generated from copr-cli mock-config
jvanek/java11 fedora-32-x86_64) which you can copy to your /etc/mock and use -
https://jvanek.fedorapeople.org/java11/jvanek-java11-fedora-32-x86_64.cfg . Eg:
sudo cp downloaded-fedora-32-x86_64.cfg /etc/mock/jvanek-java11-fedora-32-x86_64.cfg
# change spec, bump sources, apply patches
fedpkg srpm
mock -r jvanek-java11-fedora-32-x86_64 *.src.rpm
Or any other packaging workflow you use, and you can use against the copr repo.
Thank you very much for your help, there are 500 failures, and 1000 java packagers, but only 2
active members of java sig. Without your help, the JDK bump will be very hard.
Thank You!
On behalf of Fedora java group
J.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
[USN-4333-2] Python vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4333-2
April 30, 2020
python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.8: Interactive high-level object-oriented language (version 3.8)
Details:
USN-4333-1 fixed vulnerabilities in Python. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Python incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-18348)
It was discovered that Python incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8492)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
python3.8 3.8.2-1ubuntu1.1
python3.8-minimal 3.8.2-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4333-2
https://usn.ubuntu.com/4333-1
CVE-2019-18348, CVE-2020-8492
Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.2-1ubuntu1.1
Ubuntu Security Notice USN-4333-2
April 30, 2020
python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.8: Interactive high-level object-oriented language (version 3.8)
Details:
USN-4333-1 fixed vulnerabilities in Python. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Python incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-18348)
It was discovered that Python incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8492)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
python3.8 3.8.2-1ubuntu1.1
python3.8-minimal 3.8.2-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4333-2
https://usn.ubuntu.com/4333-1
CVE-2019-18348, CVE-2020-8492
Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.2-1ubuntu1.1
Taskotron is EOL today
As previously announced [1], Taskotron [2] will be shut down today. See the announcement and its discussion for more details and some background info.
As a result, certain tests (beginning with "dist.") will no longer appear for new updates in Bodhi (in Automated Tests tab). Some of those tests (and even new ones) will hopefully come back in the future with the help of Fedora CI [3].
As a result, certain tests (beginning with "dist.") will no longer appear for new updates in Bodhi (in Automated Tests tab). Some of those tests (and even new ones) will hopefully come back in the future with the help of Fedora CI [3].
Thank you to everyone who contributed to Taskotron in the past or found our test reports helpful.
[2] project page: https://pagure.io/taskotron
Wednesday, April 29, 2020
[USN-4341-2] Samba vulnerability
==========================================================================
Ubuntu Security Notice USN-4341-2
April 29, 2020
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Samba could be made to consume resources if it received a specially
crafted LDAP query.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4341-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-2
https://usn.ubuntu.com/4341-1
CVE-2020-10704
Ubuntu Security Notice USN-4341-2
April 29, 2020
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Samba could be made to consume resources if it received a specially
crafted LDAP query.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4341-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-2
https://usn.ubuntu.com/4341-1
CVE-2020-10704
[USN-4348-1] Mailman vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4348-1
April 29, 2020
mailman vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Mailman.
Software Description:
- mailman: Web-based mailing list manager (legacy branch)
Details:
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this to issue execute arbitrary scripts
or HTML. (CVE-2018-0618)
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to display arbitrary text
on a web page. (CVE-2018-13796)
It was discovered that Mailman incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-12137)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mailman 1:2.1.26-1ubuntu0.1
Ubuntu 16.04 LTS:
mailman 1:2.1.20-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4348-1
CVE-2018-0618, CVE-2018-13796, CVE-2020-12137
Package Information:
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.1
https://launchpad.net/ubuntu/+source/mailman/1:2.1.20-1ubuntu0.4
Ubuntu Security Notice USN-4348-1
April 29, 2020
mailman vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Mailman.
Software Description:
- mailman: Web-based mailing list manager (legacy branch)
Details:
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this to issue execute arbitrary scripts
or HTML. (CVE-2018-0618)
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to display arbitrary text
on a web page. (CVE-2018-13796)
It was discovered that Mailman incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-12137)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mailman 1:2.1.26-1ubuntu0.1
Ubuntu 16.04 LTS:
mailman 1:2.1.20-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4348-1
CVE-2018-0618, CVE-2018-13796, CVE-2020-12137
Package Information:
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.1
https://launchpad.net/ubuntu/+source/mailman/1:2.1.20-1ubuntu0.4
[USN-4341-3] Samba regression
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6pmB0ACgkQZWnYVadE
vpM+kg/+PUYEmkKl4XtvZ7gvG1F6IKwY8VaVg5gDGOpV4UhBXwY/qajYmMLVyNoy
p9sABjnpEEZBVKavQle5Nf+w6LPa94CffK4bYdt5oJihGa2No3cKzqLX8LTqO+qV
CZ4mWSvYN3GucHxiKbL1JvneYe7I6WnO9BbAIo+YEeoT7Abc2paUk5u+1iDeukvx
yTt+ZKU+xqjCsPI5eUeE0N42oz8zdiQuZ44mBXQo2/QybYOFvJ+m/9hmFn3CxNB3
dxN3PD9ePZ5qrIILHJA3n9eRe/vuv+pdJpO4/De5KSAJ4lb5D0kKaQRSGdnV3hGa
5HQO9RItni+cn/pcJzBpC87Znsc/W31iT9Cmo3vvEXEUWDgHwkmby/3Dhu6Aety0
5sDNoxYiKSCuuHlFdWghZ7LzY9mO9WNhNsjHl8UMobPVmtuw8rSMIq7OcMMRCVxz
CzHrBgXeWB/Hb1pkHmPhnAWJ30IRsFpnQahpHZS9eOHnypzh+eZlb4PTerq+zHVC
380klvVT0on9LigiPN9zB/48ZPxv47/3KQD0//gFaZnTIJbgp8j34GVuN9hshaqM
CUe9V/Oj06uBHEqzKQuVwSIc+BMOWRUrvTyeM32rf5GJdWXoenUQ9x9jGqLKMMZC
u3npb9c9aDOFyzHJ08F97yW431c/I5y4qQFlkJVPQxF66gbo0kk=
=LcOY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4341-3
April 29, 2020
samba regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
USN-4341-1 introduced a regression in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4341-1 fixed vulnerabilities in Samba. The updated packages for
Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.27
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-3
https://usn.ubuntu.com/4341-1
https://launchpad.net/bugs/1875798
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.27
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6pmB0ACgkQZWnYVadE
vpM+kg/+PUYEmkKl4XtvZ7gvG1F6IKwY8VaVg5gDGOpV4UhBXwY/qajYmMLVyNoy
p9sABjnpEEZBVKavQle5Nf+w6LPa94CffK4bYdt5oJihGa2No3cKzqLX8LTqO+qV
CZ4mWSvYN3GucHxiKbL1JvneYe7I6WnO9BbAIo+YEeoT7Abc2paUk5u+1iDeukvx
yTt+ZKU+xqjCsPI5eUeE0N42oz8zdiQuZ44mBXQo2/QybYOFvJ+m/9hmFn3CxNB3
dxN3PD9ePZ5qrIILHJA3n9eRe/vuv+pdJpO4/De5KSAJ4lb5D0kKaQRSGdnV3hGa
5HQO9RItni+cn/pcJzBpC87Znsc/W31iT9Cmo3vvEXEUWDgHwkmby/3Dhu6Aety0
5sDNoxYiKSCuuHlFdWghZ7LzY9mO9WNhNsjHl8UMobPVmtuw8rSMIq7OcMMRCVxz
CzHrBgXeWB/Hb1pkHmPhnAWJ30IRsFpnQahpHZS9eOHnypzh+eZlb4PTerq+zHVC
380klvVT0on9LigiPN9zB/48ZPxv47/3KQD0//gFaZnTIJbgp8j34GVuN9hshaqM
CUe9V/Oj06uBHEqzKQuVwSIc+BMOWRUrvTyeM32rf5GJdWXoenUQ9x9jGqLKMMZC
u3npb9c9aDOFyzHJ08F97yW431c/I5y4qQFlkJVPQxF66gbo0kk=
=LcOY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4341-3
April 29, 2020
samba regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
USN-4341-1 introduced a regression in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4341-1 fixed vulnerabilities in Samba. The updated packages for
Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.27
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-3
https://usn.ubuntu.com/4341-1
https://launchpad.net/bugs/1875798
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.27
[USN-4347-1] WebKitGTK vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6pl/MACgkQZWnYVadE
vpNdjg/7BcpIEwGM7gFSaDNCd4aVVIXeCebiy43rZ0t64Op1dXYRT4S5b/1MTRur
xemvhTJqigKBXPlmqEB8w/rlqSKyBj+aNzAU/Lzb7//uKoaVqk63EJA9Sdr1gr0O
45ouSp2vtpuFaXrcHZHNJbuxgR5F86G3/bU0p00zhbwQhGOWwXVZwmhhSQDL4GTh
h2qlHq5NAP0IjX6VCcmgBRacC7fVgghi6yI5PbuaIu6CMYZJEqsPtX963eqNAjJ4
Os66WA6JH9dczllyiam122hw54mU9YtPpFhdYXGPexvM8C2F1ELPTRGS/XCi1Nvb
WODlpbshRXvJS+g8SETFp9YwHz71qfrCaVl0UMFbQAVRJN+RVWeiMHEmxSKnwfnw
JIBuQBuRB9nlhzVHnPjH08d53/djOL9fBLlgroKlYOOBmWYzE5ffnuqsATk4fX4e
+rHjf6eWA9BOyEooNQgG9ujLX46dZbrYSfUdJ68as1ijyK6olImVyyjhW776R0ba
w04M967Bwd4mnZ7rQ0F33mQLF0kM63abUXg3MwoLYHqWMJW5pHaQpQS+bpmW8V3M
F97iv9TECd+D5i6vyZWh8xcbucZGRA2liRnbxqZl77ZEdBOtocc7KsEaEATB6b1s
H+dbTrsiBrF7B68EfKQZHuxc0TawuTnUDbKqdfaESOcPZO+/9kg=
=5L8e
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4347-1
April 29, 2020
webkit2gtk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.20.04.1
Ubuntu 19.10:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.19.10.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/4347-1
CVE-2020-3899
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.18.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6pl/MACgkQZWnYVadE
vpNdjg/7BcpIEwGM7gFSaDNCd4aVVIXeCebiy43rZ0t64Op1dXYRT4S5b/1MTRur
xemvhTJqigKBXPlmqEB8w/rlqSKyBj+aNzAU/Lzb7//uKoaVqk63EJA9Sdr1gr0O
45ouSp2vtpuFaXrcHZHNJbuxgR5F86G3/bU0p00zhbwQhGOWwXVZwmhhSQDL4GTh
h2qlHq5NAP0IjX6VCcmgBRacC7fVgghi6yI5PbuaIu6CMYZJEqsPtX963eqNAjJ4
Os66WA6JH9dczllyiam122hw54mU9YtPpFhdYXGPexvM8C2F1ELPTRGS/XCi1Nvb
WODlpbshRXvJS+g8SETFp9YwHz71qfrCaVl0UMFbQAVRJN+RVWeiMHEmxSKnwfnw
JIBuQBuRB9nlhzVHnPjH08d53/djOL9fBLlgroKlYOOBmWYzE5ffnuqsATk4fX4e
+rHjf6eWA9BOyEooNQgG9ujLX46dZbrYSfUdJ68as1ijyK6olImVyyjhW776R0ba
w04M967Bwd4mnZ7rQ0F33mQLF0kM63abUXg3MwoLYHqWMJW5pHaQpQS+bpmW8V3M
F97iv9TECd+D5i6vyZWh8xcbucZGRA2liRnbxqZl77ZEdBOtocc7KsEaEATB6b1s
H+dbTrsiBrF7B68EfKQZHuxc0TawuTnUDbKqdfaESOcPZO+/9kg=
=5L8e
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4347-1
April 29, 2020
webkit2gtk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.20.04.1
Ubuntu 19.10:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.19.10.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.28.2-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.28.2-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/4347-1
CVE-2020-3899
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.2-0ubuntu0.18.04.1
Tuesday, April 28, 2020
[USN-4346-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4346-1
April 29, 2020
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the QLogic Fibre Channel driver in the Linux kernel
did not properly check for error, leading to a NULL pointer dereference. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-16233)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1070-kvm 4.4.0-1070.77
linux-image-4.4.0-1106-aws 4.4.0-1106.117
linux-image-4.4.0-1132-raspi2 4.4.0-1132.141
linux-image-4.4.0-1136-snapdragon 4.4.0-1136.144
linux-image-4.4.0-178-generic 4.4.0-178.208
linux-image-4.4.0-178-generic-lpae 4.4.0-178.208
linux-image-4.4.0-178-lowlatency 4.4.0-178.208
linux-image-4.4.0-178-powerpc-e500mc 4.4.0-178.208
linux-image-4.4.0-178-powerpc-smp 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-emb 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-smp 4.4.0-178.208
linux-image-aws 4.4.0.1106.110
linux-image-generic 4.4.0.178.186
linux-image-generic-lpae 4.4.0.178.186
linux-image-kvm 4.4.0.1070.70
linux-image-lowlatency 4.4.0.178.186
linux-image-powerpc-e500mc 4.4.0.178.186
linux-image-powerpc-smp 4.4.0.178.186
linux-image-powerpc64-emb 4.4.0.178.186
linux-image-powerpc64-smp 4.4.0.178.186
linux-image-raspi2 4.4.0.1132.132
linux-image-snapdragon 4.4.0.1136.128
linux-image-virtual 4.4.0.178.186
Ubuntu 14.04 ESM:
linux-image-4.4.0-1066-aws 4.4.0-1066.70
linux-image-4.4.0-178-generic 4.4.0-178.208~14.04.1
linux-image-4.4.0-178-lowlatency 4.4.0-178.208~14.04.1
linux-image-aws 4.4.0.1066.67
linux-image-generic-lts-xenial 4.4.0.178.157
linux-image-lowlatency-lts-xenial 4.4.0.178.157
linux-image-virtual-lts-xenial 4.4.0.178.157
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4346-1
CVE-2019-16233, CVE-2019-16234, CVE-2019-19768, CVE-2020-8648,
CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144
Ubuntu Security Notice USN-4346-1
April 29, 2020
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the QLogic Fibre Channel driver in the Linux kernel
did not properly check for error, leading to a NULL pointer dereference. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-16233)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1070-kvm 4.4.0-1070.77
linux-image-4.4.0-1106-aws 4.4.0-1106.117
linux-image-4.4.0-1132-raspi2 4.4.0-1132.141
linux-image-4.4.0-1136-snapdragon 4.4.0-1136.144
linux-image-4.4.0-178-generic 4.4.0-178.208
linux-image-4.4.0-178-generic-lpae 4.4.0-178.208
linux-image-4.4.0-178-lowlatency 4.4.0-178.208
linux-image-4.4.0-178-powerpc-e500mc 4.4.0-178.208
linux-image-4.4.0-178-powerpc-smp 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-emb 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-smp 4.4.0-178.208
linux-image-aws 4.4.0.1106.110
linux-image-generic 4.4.0.178.186
linux-image-generic-lpae 4.4.0.178.186
linux-image-kvm 4.4.0.1070.70
linux-image-lowlatency 4.4.0.178.186
linux-image-powerpc-e500mc 4.4.0.178.186
linux-image-powerpc-smp 4.4.0.178.186
linux-image-powerpc64-emb 4.4.0.178.186
linux-image-powerpc64-smp 4.4.0.178.186
linux-image-raspi2 4.4.0.1132.132
linux-image-snapdragon 4.4.0.1136.128
linux-image-virtual 4.4.0.178.186
Ubuntu 14.04 ESM:
linux-image-4.4.0-1066-aws 4.4.0-1066.70
linux-image-4.4.0-178-generic 4.4.0-178.208~14.04.1
linux-image-4.4.0-178-lowlatency 4.4.0-178.208~14.04.1
linux-image-aws 4.4.0.1066.67
linux-image-generic-lts-xenial 4.4.0.178.157
linux-image-lowlatency-lts-xenial 4.4.0.178.157
linux-image-virtual-lts-xenial 4.4.0.178.157
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4346-1
CVE-2019-16233, CVE-2019-16234, CVE-2019-19768, CVE-2020-8648,
CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144
[USN-4345-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4345-1
April 28, 2020
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp,
linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oem: Linux kernel for OEM processors
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the OV51x USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11608)
It was discovered that the STV06XX USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11609)
It was discovered that the Xirlink C-It USB Camera device driver in the
Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-11668)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42
linux-image-4.15.0-1058-gke 4.15.0-1058.61
linux-image-4.15.0-1059-kvm 4.15.0-1059.60
linux-image-4.15.0-1061-raspi2 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70
linux-image-4.15.0-1077-snapdragon 4.15.0-1077.84
linux-image-4.15.0-1080-oem 4.15.0-1080.90
linux-image-4.15.0-99-generic 4.15.0-99.100
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100
linux-image-4.15.0-99-lowlatency 4.15.0-99.100
linux-image-aws-lts-18.04 4.15.0.1066.69
linux-image-generic 4.15.0.99.89
linux-image-generic-lpae 4.15.0.99.89
linux-image-gke 4.15.0.1058.62
linux-image-gke-4.15 4.15.0.1058.62
linux-image-kvm 4.15.0.1059.59
linux-image-lowlatency 4.15.0.99.89
linux-image-oem 4.15.0.1080.84
linux-image-oracle-lts-18.04 4.15.0.1038.47
linux-image-powerpc-e500mc 4.15.0.99.89
linux-image-powerpc-smp 4.15.0.99.89
linux-image-powerpc64-emb 4.15.0.99.89
linux-image-powerpc64-smp 4.15.0.99.89
linux-image-raspi2 4.15.0.1061.59
linux-image-snapdragon 4.15.0.1077.80
linux-image-virtual 4.15.0.99.89
Ubuntu 16.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42~16.04.1
linux-image-4.15.0-1061-gcp 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70~16.04.1
linux-image-4.15.0-1082-azure 4.15.0-1082.92~16.04.1
linux-image-4.15.0-99-generic 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-lowlatency 4.15.0-99.100~16.04.1
linux-image-aws-hwe 4.15.0.1066.66
linux-image-azure 4.15.0.1082.81
linux-image-azure-edge 4.15.0.1082.81
linux-image-gcp 4.15.0.1061.75
linux-image-generic-hwe-16.04 4.15.0.99.106
linux-image-generic-lpae-hwe-16.04 4.15.0.99.106
linux-image-gke 4.15.0.1061.75
linux-image-lowlatency-hwe-16.04 4.15.0.99.106
linux-image-oem 4.15.0.99.106
linux-image-oracle 4.15.0.1038.31
linux-image-virtual-hwe-16.04 4.15.0.99.106
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4345-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11608,
CVE-2020-11609, CVE-2020-11668, CVE-2020-11884, CVE-2020-8648,
CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-99.100
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1066.70
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1058.61
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1059.60
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1080.90
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1077.84
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1066.70~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1082.92~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-99.100~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42~16.04.1
Ubuntu Security Notice USN-4345-1
April 28, 2020
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp,
linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oem: Linux kernel for OEM processors
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the OV51x USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11608)
It was discovered that the STV06XX USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11609)
It was discovered that the Xirlink C-It USB Camera device driver in the
Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-11668)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42
linux-image-4.15.0-1058-gke 4.15.0-1058.61
linux-image-4.15.0-1059-kvm 4.15.0-1059.60
linux-image-4.15.0-1061-raspi2 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70
linux-image-4.15.0-1077-snapdragon 4.15.0-1077.84
linux-image-4.15.0-1080-oem 4.15.0-1080.90
linux-image-4.15.0-99-generic 4.15.0-99.100
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100
linux-image-4.15.0-99-lowlatency 4.15.0-99.100
linux-image-aws-lts-18.04 4.15.0.1066.69
linux-image-generic 4.15.0.99.89
linux-image-generic-lpae 4.15.0.99.89
linux-image-gke 4.15.0.1058.62
linux-image-gke-4.15 4.15.0.1058.62
linux-image-kvm 4.15.0.1059.59
linux-image-lowlatency 4.15.0.99.89
linux-image-oem 4.15.0.1080.84
linux-image-oracle-lts-18.04 4.15.0.1038.47
linux-image-powerpc-e500mc 4.15.0.99.89
linux-image-powerpc-smp 4.15.0.99.89
linux-image-powerpc64-emb 4.15.0.99.89
linux-image-powerpc64-smp 4.15.0.99.89
linux-image-raspi2 4.15.0.1061.59
linux-image-snapdragon 4.15.0.1077.80
linux-image-virtual 4.15.0.99.89
Ubuntu 16.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42~16.04.1
linux-image-4.15.0-1061-gcp 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70~16.04.1
linux-image-4.15.0-1082-azure 4.15.0-1082.92~16.04.1
linux-image-4.15.0-99-generic 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-lowlatency 4.15.0-99.100~16.04.1
linux-image-aws-hwe 4.15.0.1066.66
linux-image-azure 4.15.0.1082.81
linux-image-azure-edge 4.15.0.1082.81
linux-image-gcp 4.15.0.1061.75
linux-image-generic-hwe-16.04 4.15.0.99.106
linux-image-generic-lpae-hwe-16.04 4.15.0.99.106
linux-image-gke 4.15.0.1061.75
linux-image-lowlatency-hwe-16.04 4.15.0.99.106
linux-image-oem 4.15.0.99.106
linux-image-oracle 4.15.0.1038.31
linux-image-virtual-hwe-16.04 4.15.0.99.106
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4345-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11608,
CVE-2020-11609, CVE-2020-11668, CVE-2020-11884, CVE-2020-8648,
CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-99.100
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1066.70
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1058.61
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1059.60
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1080.90
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1077.84
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1066.70~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1082.92~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-99.100~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42~16.04.1
[USN-4344-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4344-1
April 28, 2020
linux-gke-5.0, linux-oem-osp11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
- linux-oem-osp1: Linux kernel for OEM processors
Details:
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did
not properly deallocate memory in certain situations. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19051)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.0.0-1035-gke 5.0.0-1035.36
linux-image-5.0.0-1050-oem-osp1 5.0.0-1050.55
linux-image-gke-5.0 5.0.0.1035.23
linux-image-oem-osp1 5.0.0.1050.53
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4344-1
CVE-2019-16234, CVE-2019-19051, CVE-2019-19768, CVE-2020-10942,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1035.36
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1050.55
Ubuntu Security Notice USN-4344-1
April 28, 2020
linux-gke-5.0, linux-oem-osp11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
- linux-oem-osp1: Linux kernel for OEM processors
Details:
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did
not properly deallocate memory in certain situations. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19051)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.0.0-1035-gke 5.0.0-1035.36
linux-image-5.0.0-1050-oem-osp1 5.0.0-1050.55
linux-image-gke-5.0 5.0.0.1035.23
linux-image-oem-osp1 5.0.0.1050.53
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4344-1
CVE-2019-16234, CVE-2019-19051, CVE-2019-19768, CVE-2020-10942,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1035.36
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1050.55
[USN-4343-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-4343-1
April 28, 2020
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Systems running on s390x architecture could be made to crash or run
programs as an administrator under certain conditions.
Software Description:
- linux: Linux kernel
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-28-generic 5.4.0-28.32
linux-image-5.4.0-28-generic-lpae 5.4.0-28.32
linux-image-5.4.0-28-lowlatency 5.4.0-28.32
linux-image-generic 5.4.0.28.33
linux-image-generic-lpae 5.4.0.28.33
linux-image-lowlatency 5.4.0.28.33
linux-image-oem 5.4.0.28.33
linux-image-oem-osp1 5.4.0.28.33
linux-image-virtual 5.4.0.28.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4343-1
CVE-2020-11884
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-28.32
Ubuntu Security Notice USN-4343-1
April 28, 2020
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Systems running on s390x architecture could be made to crash or run
programs as an administrator under certain conditions.
Software Description:
- linux: Linux kernel
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-28-generic 5.4.0-28.32
linux-image-5.4.0-28-generic-lpae 5.4.0-28.32
linux-image-5.4.0-28-lowlatency 5.4.0-28.32
linux-image-generic 5.4.0.28.33
linux-image-generic-lpae 5.4.0.28.33
linux-image-lowlatency 5.4.0.28.33
linux-image-oem 5.4.0.28.33
linux-image-oem-osp1 5.4.0.28.33
linux-image-virtual 5.4.0.28.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4343-1
CVE-2020-11884
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-28.32
[USN-4342-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4342-1
April 28, 2020
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe,
linux-kvm, linux-raspi2, linux-raspi2-5.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-raspi2-5.3: Linux kernel for Raspberry Pi 2
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
linux-image-5.3.0-1016-kvm 5.3.0-1016.17
linux-image-5.3.0-1017-aws 5.3.0-1017.18
linux-image-5.3.0-1018-gcp 5.3.0-1018.19
linux-image-5.3.0-1020-azure 5.3.0-1020.21
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25
linux-image-5.3.0-51-generic 5.3.0-51.44
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44
linux-image-5.3.0-51-lowlatency 5.3.0-51.44
linux-image-5.3.0-51-snapdragon 5.3.0-51.44
linux-image-aws 5.3.0.1017.19
linux-image-azure 5.3.0.1020.39
linux-image-gcp 5.3.0.1018.19
linux-image-generic 5.3.0.51.42
linux-image-generic-lpae 5.3.0.51.42
linux-image-gke 5.3.0.1018.19
linux-image-kvm 5.3.0.1016.18
linux-image-lowlatency 5.3.0.51.42
linux-image-raspi2 5.3.0.1023.20
linux-image-snapdragon 5.3.0.51.42
linux-image-virtual 5.3.0.51.42
Ubuntu 18.04 LTS:
linux-image-5.3.0-1018-gke 5.3.0-1018.19~18.04.1
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25~18.04.1
linux-image-5.3.0-51-generic 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-lowlatency 5.3.0-51.44~18.04.2
linux-image-generic-hwe-18.04 5.3.0.51.104
linux-image-generic-lpae-hwe-18.04 5.3.0.51.104
linux-image-gke-5.3 5.3.0.1018.8
linux-image-lowlatency-hwe-18.04 5.3.0.51.104
linux-image-raspi2-hwe-18.04 5.3.0.1023.12
linux-image-snapdragon-hwe-18.04 5.3.0.51.104
linux-image-virtual-hwe-18.04 5.3.0.51.104
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4342-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11884,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-51.44
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1017.18
https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1020.21
https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1018.19
https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1016.17
https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1023.25
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1018.19~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-51.44~18.04.2
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1023.25~18.04.1
Ubuntu Security Notice USN-4342-1
April 28, 2020
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe,
linux-kvm, linux-raspi2, linux-raspi2-5.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-raspi2-5.3: Linux kernel for Raspberry Pi 2
Details:
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)
It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)
It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)
Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)
Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
linux-image-5.3.0-1016-kvm 5.3.0-1016.17
linux-image-5.3.0-1017-aws 5.3.0-1017.18
linux-image-5.3.0-1018-gcp 5.3.0-1018.19
linux-image-5.3.0-1020-azure 5.3.0-1020.21
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25
linux-image-5.3.0-51-generic 5.3.0-51.44
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44
linux-image-5.3.0-51-lowlatency 5.3.0-51.44
linux-image-5.3.0-51-snapdragon 5.3.0-51.44
linux-image-aws 5.3.0.1017.19
linux-image-azure 5.3.0.1020.39
linux-image-gcp 5.3.0.1018.19
linux-image-generic 5.3.0.51.42
linux-image-generic-lpae 5.3.0.51.42
linux-image-gke 5.3.0.1018.19
linux-image-kvm 5.3.0.1016.18
linux-image-lowlatency 5.3.0.51.42
linux-image-raspi2 5.3.0.1023.20
linux-image-snapdragon 5.3.0.51.42
linux-image-virtual 5.3.0.51.42
Ubuntu 18.04 LTS:
linux-image-5.3.0-1018-gke 5.3.0-1018.19~18.04.1
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25~18.04.1
linux-image-5.3.0-51-generic 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-lowlatency 5.3.0-51.44~18.04.2
linux-image-generic-hwe-18.04 5.3.0.51.104
linux-image-generic-lpae-hwe-18.04 5.3.0.51.104
linux-image-gke-5.3 5.3.0.1018.8
linux-image-lowlatency-hwe-18.04 5.3.0.51.104
linux-image-raspi2-hwe-18.04 5.3.0.1023.12
linux-image-snapdragon-hwe-18.04 5.3.0.51.104
linux-image-virtual-hwe-18.04 5.3.0.51.104
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4342-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11884,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-51.44
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1017.18
https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1020.21
https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1018.19
https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1016.17
https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1023.25
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1018.19~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-51.44~18.04.2
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1023.25~18.04.1
Fedora 33 System-Wide Change proposal: Boost 1.73 upgrade
== Summary ==
This change brings Boost 1.73 to Fedora. This will mean Fedora ships with a recent upstream Boost release.
== Owner ==
* Name: [[User:jwakely| Jonathan Wakely]]
* Email: jwakely@redhat.com
== Detailed Description ==
The aim is to synchronize Fedora with the most recent Boost release. Because ABI stability is one of explicit Boost non-goals, this entails rebuilding of all dependent packages. This has also always entailed yours truly assisting maintainers of client packages in decoding cryptic boost-ese seen in output from g++. Such care is to be expected this time around as well.
The equivalent changes for previous releases were [[Changes/F30Boost169|Fedora 30 Change]], [[Changes/F29Boost167|Fedora 29 Change]], [[Changes/F28Boost166|Fedora 28 Change]], [[Changes/F27Boost164|Fedora 27 Change]], [[Changes/F26Boost163|Fedora 26 Change]], [[Changes/F25Boost161|Fedora 25 Change]], [[Changes/F24Boost160|Fedora 24 Change]], [[Changes/F23Boost159|Fedora 23 Change]] and [[Changes/F22Boost158|Fedora 22 Change]].
== Benefit to Fedora ==
Fedora 32 includes Boost 1.69 which is the same version as F31 and F30, and is several releases behind the latest upstream release (Boost 1.73 is due for release late April 2020).
Fedora will stay relevant, as far as Boost clients are concerned. Boost 1.73 brings four new components:
* [https://www.boost.org/libs/outcome/ Boost.Outcome], A set of tools for reporting and handling function failures in contexts where <i>directly</i> using C++ exception handling is unsuitable, from Niall Douglas.
* [https://www.boost.org/libs/histogram/ Boost.Histogram], Fast and extensible multi-dimensional histograms with convenient interface for C++14, from Hans Dembinski.
* [https://www.boost.org/libs/variant2/ Boost.Variant2], A never-valueless, strong guarantee implementation of std::variant, from Peter Dimov.
* [https://www.boost.org/libs/nowide/ Boost.Nowide], Standard library functions with UTF-8 API on Windows, from Artyom Beilis.
* [https://www.boost.org/libs/static_string/ Boost.StaticString], A dynamically resizable string of characters with compile-time fixed capacity and contiguous embedded storage, from Vinnie Falco and Krystian Stasiowski.
== Scope ==
* Proposal owners:
** Build will be done with Boost.Build v2 (which is the upstream-sanctioned way of building Boost)
** Request a "f33-boost" [https://docs.pagure.org/releng/sop_adding_side_build_targets.html build system tag] ([http://lists.fedoraproject.org/pipermail/devel/2011-November/159908.html discussion]): TODO
** Build boost into that tag (take a look at the [http://koji.fedoraproject.org/koji/buildinfo?buildID=606493 build #606493] for inspiration)
** Post a request for rebuilds to fedora-devel
** Work on rebuilding dependent packages in the tag.
** When most is done, re-tag all the packages to rawhide
** Watch fedora-devel and assist in rebuilding broken Boost clients (by fixing the client, or Boost).
* Other developers:
** Those who depend on Boost DSOs will have to rebuild their packages. Feature owners will alleviate some of this work as indicated above, and will assist those whose packages fail to build in debugging them.
** The existing `boost-nowide` package will need to be retired, as it is now included in the upstream Boost release.
* Release engineering: [https://pagure.io/releng/issue/9421 #9421] (a check of an impact with Release Engineering is needed)
* Policies and guidelines:
** Apart from scope, this is business as usual, so no new policies, no new guidelines.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
* The `boost-jam` package has been replaced by `boost-b2`. The separate `boost-nowide` package will be replace by a subpackage of `boost`.
* No manual configuration or data migration needed.
* Some impact on other packages needing code changes to rebuild. Historically this hasn't been too much of a problem and could always be resolved before deadline.
== How To Test ==
* No special hardware is needed.
* Integration testing simply consists of installing Boost packages (`dnf install boost`) on Fedora and checking that it does not break other packages (see below for a way to obtain a list of boost clients).
== User Experience ==
* Expected to remain largely the same.
* Developers building third-party software on Fedora may need to rebuild against the new Boost packages, and may need to adjust their code if the new Boost release is not source-compatible.
* Developers using `bjam` to build their own software will need to switch to using the new name for the tool, `b2`
== Dependencies ==
Packages that must be rebuilt:
<code>$ dnf repoquery -s --releasever=rawhide --whatrequires libboost\* --disablerepo=* --enablerepo=fedora | sort -u</code>
All clients:
<code>$ dnf repoquery --releasever=rawhide --archlist=src --whatrequires boost-devel --disablerepo='*' --enablerepo=fedora-source</code>
== Contingency Plan ==
* Contingency mechanism: Worst case scenario is to abandon the update and simply ship F33 with Boost 1.69, which is already in rawhide. It would also be possible to ship an older release (1.70.0, 1.71.0 or 1.72.0) which would still be newer than in current Fedora releases.
* Contingency deadline: We will know whether the change can be made once the rebuilds in the side tag are done, which will be July 2020, ideally before the mass rebuild.
* Blocks release? No
* Blocks product? None
== Documentation ==
* https://www.boost.org/users/history/version_1_73_0.html (Beta1 released on 12 April 2020, final release expected soon)
* https://www.boost.org/users/history/version_1_72_0.html (released on 11 December 2019)
* https://www.boost.org/users/history/version_1_71_0.html (released on 19 August 2019)
* https://www.boost.org/users/history/version_1_70_0.html (released on 12 April 2019)
* https://www.boost.org/development/index.html
== Release Notes ==
Boost has been upgraded to version 1.73. Apart from a number of bug fixes and improvements to existing libraries. Compared to Fedora 32, this brings:
* New header-only components: [https://www.boost.org/libs/outcome/ Boost.Outcome], [https://www.boost.org/libs/histogram/ Boost.Histogram], [https://www.boost.org/libs/variant2/ Boost.Variant2], [https://www.boost.org/libs/nowide/ Boost.Nowide] and [https://www.boost.org/libs/static_string/ Boost.StaticString].
* The `bjam` tool in the `boost-jam` package has been replaced by `b2` in the `boost-b2` package.
This change brings Boost 1.73 to Fedora. This will mean Fedora ships with a recent upstream Boost release.
== Owner ==
* Name: [[User:jwakely| Jonathan Wakely]]
* Email: jwakely@redhat.com
== Detailed Description ==
The aim is to synchronize Fedora with the most recent Boost release. Because ABI stability is one of explicit Boost non-goals, this entails rebuilding of all dependent packages. This has also always entailed yours truly assisting maintainers of client packages in decoding cryptic boost-ese seen in output from g++. Such care is to be expected this time around as well.
The equivalent changes for previous releases were [[Changes/F30Boost169|Fedora 30 Change]], [[Changes/F29Boost167|Fedora 29 Change]], [[Changes/F28Boost166|Fedora 28 Change]], [[Changes/F27Boost164|Fedora 27 Change]], [[Changes/F26Boost163|Fedora 26 Change]], [[Changes/F25Boost161|Fedora 25 Change]], [[Changes/F24Boost160|Fedora 24 Change]], [[Changes/F23Boost159|Fedora 23 Change]] and [[Changes/F22Boost158|Fedora 22 Change]].
== Benefit to Fedora ==
Fedora 32 includes Boost 1.69 which is the same version as F31 and F30, and is several releases behind the latest upstream release (Boost 1.73 is due for release late April 2020).
Fedora will stay relevant, as far as Boost clients are concerned. Boost 1.73 brings four new components:
* [https://www.boost.org/libs/outcome/ Boost.Outcome], A set of tools for reporting and handling function failures in contexts where <i>directly</i> using C++ exception handling is unsuitable, from Niall Douglas.
* [https://www.boost.org/libs/histogram/ Boost.Histogram], Fast and extensible multi-dimensional histograms with convenient interface for C++14, from Hans Dembinski.
* [https://www.boost.org/libs/variant2/ Boost.Variant2], A never-valueless, strong guarantee implementation of std::variant, from Peter Dimov.
* [https://www.boost.org/libs/nowide/ Boost.Nowide], Standard library functions with UTF-8 API on Windows, from Artyom Beilis.
* [https://www.boost.org/libs/static_string/ Boost.StaticString], A dynamically resizable string of characters with compile-time fixed capacity and contiguous embedded storage, from Vinnie Falco and Krystian Stasiowski.
== Scope ==
* Proposal owners:
** Build will be done with Boost.Build v2 (which is the upstream-sanctioned way of building Boost)
** Request a "f33-boost" [https://docs.pagure.org/releng/sop_adding_side_build_targets.html build system tag] ([http://lists.fedoraproject.org/pipermail/devel/2011-November/159908.html discussion]): TODO
** Build boost into that tag (take a look at the [http://koji.fedoraproject.org/koji/buildinfo?buildID=606493 build #606493] for inspiration)
** Post a request for rebuilds to fedora-devel
** Work on rebuilding dependent packages in the tag.
** When most is done, re-tag all the packages to rawhide
** Watch fedora-devel and assist in rebuilding broken Boost clients (by fixing the client, or Boost).
* Other developers:
** Those who depend on Boost DSOs will have to rebuild their packages. Feature owners will alleviate some of this work as indicated above, and will assist those whose packages fail to build in debugging them.
** The existing `boost-nowide` package will need to be retired, as it is now included in the upstream Boost release.
* Release engineering: [https://pagure.io/releng/issue/9421 #9421] (a check of an impact with Release Engineering is needed)
* Policies and guidelines:
** Apart from scope, this is business as usual, so no new policies, no new guidelines.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
* The `boost-jam` package has been replaced by `boost-b2`. The separate `boost-nowide` package will be replace by a subpackage of `boost`.
* No manual configuration or data migration needed.
* Some impact on other packages needing code changes to rebuild. Historically this hasn't been too much of a problem and could always be resolved before deadline.
== How To Test ==
* No special hardware is needed.
* Integration testing simply consists of installing Boost packages (`dnf install boost`) on Fedora and checking that it does not break other packages (see below for a way to obtain a list of boost clients).
== User Experience ==
* Expected to remain largely the same.
* Developers building third-party software on Fedora may need to rebuild against the new Boost packages, and may need to adjust their code if the new Boost release is not source-compatible.
* Developers using `bjam` to build their own software will need to switch to using the new name for the tool, `b2`
== Dependencies ==
Packages that must be rebuilt:
<code>$ dnf repoquery -s --releasever=rawhide --whatrequires libboost\* --disablerepo=* --enablerepo=fedora | sort -u</code>
All clients:
<code>$ dnf repoquery --releasever=rawhide --archlist=src --whatrequires boost-devel --disablerepo='*' --enablerepo=fedora-source</code>
== Contingency Plan ==
* Contingency mechanism: Worst case scenario is to abandon the update and simply ship F33 with Boost 1.69, which is already in rawhide. It would also be possible to ship an older release (1.70.0, 1.71.0 or 1.72.0) which would still be newer than in current Fedora releases.
* Contingency deadline: We will know whether the change can be made once the rebuilds in the side tag are done, which will be July 2020, ideally before the mass rebuild.
* Blocks release? No
* Blocks product? None
== Documentation ==
* https://www.boost.org/users/history/version_1_73_0.html (Beta1 released on 12 April 2020, final release expected soon)
* https://www.boost.org/users/history/version_1_72_0.html (released on 11 December 2019)
* https://www.boost.org/users/history/version_1_71_0.html (released on 19 August 2019)
* https://www.boost.org/users/history/version_1_70_0.html (released on 12 April 2019)
* https://www.boost.org/development/index.html
== Release Notes ==
Boost has been upgraded to version 1.73. Apart from a number of bug fixes and improvements to existing libraries. Compared to Fedora 32, this brings:
* New header-only components: [https://www.boost.org/libs/outcome/ Boost.Outcome], [https://www.boost.org/libs/histogram/ Boost.Histogram], [https://www.boost.org/libs/variant2/ Boost.Variant2], [https://www.boost.org/libs/nowide/ Boost.Nowide] and [https://www.boost.org/libs/static_string/ Boost.StaticString].
* The `bjam` tool in the `boost-jam` package has been replaced by `b2` in the `boost-b2` package.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
[USN-4341-1] Samba vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6odisACgkQZWnYVadE
vpPwUQ/8DpqeDswlLGXwTEAOY8qozDcJ17gPbLHIvzeW0auNFLt/UEdw46HlgFha
4cliVIklOmmcuS+jfCqZYWM/sFNIo3yR7MlF3bSZihwUA9ukvQQU0HVXZJ9M5xX2
r59PyFlOpg1zPGhUXlelSXkFNogHt0jBq/F/a9mwaNHTHrkcGIyYneSdE+MU50D5
8VPs/dv1M9e9XPai5M5uAf/mRIvzvPtBjEeKVV917bY3LfNyjEv72D2/T3siZIYt
SEfwTk8BbA43oDsT0ei4LGEx6BbdRTEq7xj8uCFMryueEGcR/v1IRPhA2CdcZyWf
umHj4XBiXZ41fCktEYgRc6v5/uebT2MmeIUaALA4WxZ9iHPuKxNBaReZ5OkBCpq3
L6A5Soqx6LwIXKrTX4l03ozGrWfbQUI7y6DPXq6g72MtfWl19nPENAX5wFsSSlmb
fbMv7QZ3z5rsE3XPB+I1TIaFbK/RMvZpp5Asx0lboiekvTmNu1EEYmlqXbQ0Tl2k
WHEcXQ7j5XrWtcTAaLsPh23iIioj872zl1IifU825MzKbGEEJWC5Oov67fuLaJII
T29rHCzrsUqRhrKrQVfTfgDDdi5WuRRGoKUVbxMJJqSjGiXol3Ddc924nyQpjPC1
WOl3vPR5elYVlrtwgVd3QZJeoD8E+EIEVocruTzOVD0hyNVDHVs=
=6H0x
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4341-1
April 28, 2020
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Andrei Popa discovered that Samba incorrectly handled certain LDAP queries.
A remote attacker could use this issue to cause Samba to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700)
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.1
Ubuntu 19.10:
samba 2:4.10.7+dfsg-0ubuntu2.5
Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.16
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.26
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-1
CVE-2020-10700, CVE-2020-10704
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.1
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.5
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.16
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.26
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6odisACgkQZWnYVadE
vpPwUQ/8DpqeDswlLGXwTEAOY8qozDcJ17gPbLHIvzeW0auNFLt/UEdw46HlgFha
4cliVIklOmmcuS+jfCqZYWM/sFNIo3yR7MlF3bSZihwUA9ukvQQU0HVXZJ9M5xX2
r59PyFlOpg1zPGhUXlelSXkFNogHt0jBq/F/a9mwaNHTHrkcGIyYneSdE+MU50D5
8VPs/dv1M9e9XPai5M5uAf/mRIvzvPtBjEeKVV917bY3LfNyjEv72D2/T3siZIYt
SEfwTk8BbA43oDsT0ei4LGEx6BbdRTEq7xj8uCFMryueEGcR/v1IRPhA2CdcZyWf
umHj4XBiXZ41fCktEYgRc6v5/uebT2MmeIUaALA4WxZ9iHPuKxNBaReZ5OkBCpq3
L6A5Soqx6LwIXKrTX4l03ozGrWfbQUI7y6DPXq6g72MtfWl19nPENAX5wFsSSlmb
fbMv7QZ3z5rsE3XPB+I1TIaFbK/RMvZpp5Asx0lboiekvTmNu1EEYmlqXbQ0Tl2k
WHEcXQ7j5XrWtcTAaLsPh23iIioj872zl1IifU825MzKbGEEJWC5Oov67fuLaJII
T29rHCzrsUqRhrKrQVfTfgDDdi5WuRRGoKUVbxMJJqSjGiXol3Ddc924nyQpjPC1
WOl3vPR5elYVlrtwgVd3QZJeoD8E+EIEVocruTzOVD0hyNVDHVs=
=6H0x
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4341-1
April 28, 2020
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Andrei Popa discovered that Samba incorrectly handled certain LDAP queries.
A remote attacker could use this issue to cause Samba to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700)
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.1
Ubuntu 19.10:
samba 2:4.10.7+dfsg-0ubuntu2.5
Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.16
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.26
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-1
CVE-2020-10700, CVE-2020-10704
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.1
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.5
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.16
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.26
Fedora 32 is available now!
It's here! We're proud to announce the release of Fedora 32.
Thanks to the hard work of thousands of Fedora community
members and contributors, we're celebrating yet another
on-time release!
Read the official announcement at:
* https://fedoramagazine.org/announcing-fedora-32/
or just go ahead and grab it from:
* https://getfedora.org/
--
Matthew Miller
<mattdm@fedoraproject.org>
Fedora Project Leader
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Thanks to the hard work of thousands of Fedora community
members and contributors, we're celebrating yet another
on-time release!
Read the official announcement at:
* https://fedoramagazine.org/announcing-fedora-32/
or just go ahead and grab it from:
* https://getfedora.org/
--
Matthew Miller
<mattdm@fedoraproject.org>
Fedora Project Leader
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
[USN-4338-2] re2c vulnerability
==========================================================================
Ubuntu Security Notice USN-4338-2
April 28, 2020
re2c vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
re2c could be made to execute arbitrary code if it received
a specially crafted file.
Software Description:
- re2c: tool for generating fast C-based recognizers
Details:
USN-4338-1 fixed vulnerabilities in re2c. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
Agostino Sarubbo discovered that re2c incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
re2c 1.3-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4338-2
https://usn.ubuntu.com/4338-1
CVE-2020-11958
Package Information:
https://launchpad.net/ubuntu/+source/re2c/1.3-1ubuntu0.1
Ubuntu Security Notice USN-4338-2
April 28, 2020
re2c vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
re2c could be made to execute arbitrary code if it received
a specially crafted file.
Software Description:
- re2c: tool for generating fast C-based recognizers
Details:
USN-4338-1 fixed vulnerabilities in re2c. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
Agostino Sarubbo discovered that re2c incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
re2c 1.3-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4338-2
https://usn.ubuntu.com/4338-1
CVE-2020-11958
Package Information:
https://launchpad.net/ubuntu/+source/re2c/1.3-1ubuntu0.1
Monday, April 27, 2020
[CentOS-announce] CESA-2020:1524 Important CentOS 6 kernel Security Update
CentOS Errata and Security Advisory 2020:1524 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1524
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5268175844c8492223e909fda00ca2a037ee43288051fb0d7958b83c31f12d98 kernel-2.6.32-754.29.1.el6.i686.rpm
a2c805f14b44ba5540b5cc31e03a9b3d87d23dad2e6e8c3f0d586b6fc2219493 kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm
4c55742bc5df08df548dc9406601eb2e2c2276bc4a0c388b9d5f97c23a32ca47 kernel-debug-2.6.32-754.29.1.el6.i686.rpm
f75ce5da0ab5efc98d06d027cabfc76825590ad38dd1aee8ff9a216155022b1b kernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm
e32f084c07563ae0aa69950e559e5a9991aeead45cedf565fd82627ed3b03b00 kernel-devel-2.6.32-754.29.1.el6.i686.rpm
cf74b64e3a1b1f7361861a1ce2632f9d3b7aeb53ffdc9f6a87e29486a77c0e81 kernel-doc-2.6.32-754.29.1.el6.noarch.rpm
9ea533904e19ff22791a0e0a1f2582aa003eda0037a36594951f5268d399756a kernel-firmware-2.6.32-754.29.1.el6.noarch.rpm
24e0bc472e542d9c83ef07f629c19e24ee07ce10840dcf98b304e9801cd611e3 kernel-headers-2.6.32-754.29.1.el6.i686.rpm
7b77fb5cc06df3508b41deb26e393601a7bd6e983691dd85028529d66940bf0e perf-2.6.32-754.29.1.el6.i686.rpm
bc2946abe6afdbd44602deb3f4821ad73f47016140d2b7cae60297af4d8601f5 python-perf-2.6.32-754.29.1.el6.i686.rpm
x86_64:
c0f88076bcf5611ced4b75e457ebe4410d21b348936275fb69b8fe9d9c08ba87 kernel-2.6.32-754.29.1.el6.x86_64.rpm
a2c805f14b44ba5540b5cc31e03a9b3d87d23dad2e6e8c3f0d586b6fc2219493 kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm
54be11c4156aabb2de893e328119b953888cf0bc6d409922dfcf7c31e4a18105 kernel-debug-2.6.32-754.29.1.el6.x86_64.rpm
f75ce5da0ab5efc98d06d027cabfc76825590ad38dd1aee8ff9a216155022b1b kernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm
aa915ad4719e09dfcfb7ca3db49a9aaab859aafa94d82cd257e2f45b106918dc kernel-debug-devel-2.6.32-754.29.1.el6.x86_64.rpm
4ace047426e0f26bea364459476ef5a7da4fc635b5a4e032793626d6a1f75182 kernel-devel-2.6.32-754.29.1.el6.x86_64.rpm
cf74b64e3a1b1f7361861a1ce2632f9d3b7aeb53ffdc9f6a87e29486a77c0e81 kernel-doc-2.6.32-754.29.1.el6.noarch.rpm
9ea533904e19ff22791a0e0a1f2582aa003eda0037a36594951f5268d399756a kernel-firmware-2.6.32-754.29.1.el6.noarch.rpm
1cae864571206c716aa4141c2f8829b9a79ae917ca80cf6cf3e7e18e246334ec kernel-headers-2.6.32-754.29.1.el6.x86_64.rpm
b80ae42dfc4ec93c48a5d7dfa17dd0ebeb6027ea30f67d6dc609e842404c1c92 perf-2.6.32-754.29.1.el6.x86_64.rpm
4b7edd67d6ef549733f914a7adf937d5a5c6b9d0bc253eeb6803765b4156a1bb python-perf-2.6.32-754.29.1.el6.x86_64.rpm
Source:
de4a284febcc3ad9a095127c62e882af39678cbbfeeb0996677f2d2de723dcec kernel-2.6.32-754.29.1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1524
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5268175844c8492223e909fda00ca2a037ee43288051fb0d7958b83c31f12d98 kernel-2.6.32-754.29.1.el6.i686.rpm
a2c805f14b44ba5540b5cc31e03a9b3d87d23dad2e6e8c3f0d586b6fc2219493 kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm
4c55742bc5df08df548dc9406601eb2e2c2276bc4a0c388b9d5f97c23a32ca47 kernel-debug-2.6.32-754.29.1.el6.i686.rpm
f75ce5da0ab5efc98d06d027cabfc76825590ad38dd1aee8ff9a216155022b1b kernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm
e32f084c07563ae0aa69950e559e5a9991aeead45cedf565fd82627ed3b03b00 kernel-devel-2.6.32-754.29.1.el6.i686.rpm
cf74b64e3a1b1f7361861a1ce2632f9d3b7aeb53ffdc9f6a87e29486a77c0e81 kernel-doc-2.6.32-754.29.1.el6.noarch.rpm
9ea533904e19ff22791a0e0a1f2582aa003eda0037a36594951f5268d399756a kernel-firmware-2.6.32-754.29.1.el6.noarch.rpm
24e0bc472e542d9c83ef07f629c19e24ee07ce10840dcf98b304e9801cd611e3 kernel-headers-2.6.32-754.29.1.el6.i686.rpm
7b77fb5cc06df3508b41deb26e393601a7bd6e983691dd85028529d66940bf0e perf-2.6.32-754.29.1.el6.i686.rpm
bc2946abe6afdbd44602deb3f4821ad73f47016140d2b7cae60297af4d8601f5 python-perf-2.6.32-754.29.1.el6.i686.rpm
x86_64:
c0f88076bcf5611ced4b75e457ebe4410d21b348936275fb69b8fe9d9c08ba87 kernel-2.6.32-754.29.1.el6.x86_64.rpm
a2c805f14b44ba5540b5cc31e03a9b3d87d23dad2e6e8c3f0d586b6fc2219493 kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm
54be11c4156aabb2de893e328119b953888cf0bc6d409922dfcf7c31e4a18105 kernel-debug-2.6.32-754.29.1.el6.x86_64.rpm
f75ce5da0ab5efc98d06d027cabfc76825590ad38dd1aee8ff9a216155022b1b kernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm
aa915ad4719e09dfcfb7ca3db49a9aaab859aafa94d82cd257e2f45b106918dc kernel-debug-devel-2.6.32-754.29.1.el6.x86_64.rpm
4ace047426e0f26bea364459476ef5a7da4fc635b5a4e032793626d6a1f75182 kernel-devel-2.6.32-754.29.1.el6.x86_64.rpm
cf74b64e3a1b1f7361861a1ce2632f9d3b7aeb53ffdc9f6a87e29486a77c0e81 kernel-doc-2.6.32-754.29.1.el6.noarch.rpm
9ea533904e19ff22791a0e0a1f2582aa003eda0037a36594951f5268d399756a kernel-firmware-2.6.32-754.29.1.el6.noarch.rpm
1cae864571206c716aa4141c2f8829b9a79ae917ca80cf6cf3e7e18e246334ec kernel-headers-2.6.32-754.29.1.el6.x86_64.rpm
b80ae42dfc4ec93c48a5d7dfa17dd0ebeb6027ea30f67d6dc609e842404c1c92 perf-2.6.32-754.29.1.el6.x86_64.rpm
4b7edd67d6ef549733f914a7adf937d5a5c6b9d0bc253eeb6803765b4156a1bb python-perf-2.6.32-754.29.1.el6.x86_64.rpm
Source:
de4a284febcc3ad9a095127c62e882af39678cbbfeeb0996677f2d2de723dcec kernel-2.6.32-754.29.1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1506 Important CentOS 6 java-1.8.0-openjdk Security Update
CentOS Errata and Security Advisory 2020:1506 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1506
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
63c9188ffdc6721cc1996003a79e8ce4b241e2b377e8f68c42e5f68682ebb16b java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.i686.rpm
7f6d7d536de0c7f415237ad46563b46d16b4b158a1e6a3d4155c26217d67d9d6 java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.i686.rpm
f1880a72310e77d4e01fe1ddd0fed3a2db76768d41de211659704b3511bd89cb java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.i686.rpm
af094b87b04812760a6b394f64da440d36b0c150e4694a1e75a001dd6ff9f806 java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.i686.rpm
5842002b21825bc2386871c71b160dbe8482bf1d8d0b084c5c8ae70aa46e6abd java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.i686.rpm
4e164fed38feb19f5fa0c31a7228fde4defa0ee7c7c622c7d047a6d3459c0876 java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.i686.rpm
76f5e70d78e826491021ff08688cdb244df889bea12e8e22a47d7985dd96a141 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.i686.rpm
93a3a8338c202135f2fa05f9d459db0197595db2786dc5139910b9580b66dcf0 java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.i686.rpm
8bb3fa6c8615fabb2d2d78a5b5250e72c2cae43ee87cf3aea11009d46fdef464 java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm
80dbfefd8615cf91e047fac0c95ef5c08980778789f400521c9da1d97ae5cfe4 java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpm
d25f08cbfa13f5612ed8bc93232adcbca64ada8d4b28547aea42e63b3cce4350 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.i686.rpm
669bb82ec974d2a36c11f7d87201c8f18362f7622a3503c70aa816b17cbb7db0 java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.i686.rpm
x86_64:
9384443db1f0daf03f062dc2743810b066e68cd5987b513ae355f4f78f332ac7 java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.x86_64.rpm
3acdb3c62bcb5a7febc830abdde83751a2d77a58e19f6278da68cf8c52f70d39 java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
003715ebe5253470a4f9ee79253ec527088765aaaec9d4cb7ae12b423263cb9c java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.x86_64.rpm
c72aec45b175b906a374c51502276c366ec050cd45ce37870d7c994639838aaf java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
8277ea0800ef091c2fe6616d4d3533a5c2654a658e9a5a509c93a626ba3fbf5b java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.x86_64.rpm
938d4a76293716489f3d8ca99fbcd646b414030a9afe45d6b5ae3e3762f634a5 java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
fca72a2a7a8bc14b9e6bb9bc978ea334536ea3c352e3a76d41702ca2fb5f9478 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.x86_64.rpm
920bf5d15d46038abc80814a4a295aacada124ce5ac8d0475097dd0d061a036b java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
8bb3fa6c8615fabb2d2d78a5b5250e72c2cae43ee87cf3aea11009d46fdef464 java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm
80dbfefd8615cf91e047fac0c95ef5c08980778789f400521c9da1d97ae5cfe4 java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpm
11b6a40f0090b4a0544613196d39cd7fcd1d2c2b9124ad3d3455ac327bc6fe78 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.x86_64.rpm
76ccb2ace872a54a85c17663d560049f77e01481e544f29500b384fbe4567669 java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
Source:
69963fd22e56dc0d49bc4b83e8c3b08514241e84da076f2dee5e75b5c2c76698 java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1506
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
63c9188ffdc6721cc1996003a79e8ce4b241e2b377e8f68c42e5f68682ebb16b java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.i686.rpm
7f6d7d536de0c7f415237ad46563b46d16b4b158a1e6a3d4155c26217d67d9d6 java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.i686.rpm
f1880a72310e77d4e01fe1ddd0fed3a2db76768d41de211659704b3511bd89cb java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.i686.rpm
af094b87b04812760a6b394f64da440d36b0c150e4694a1e75a001dd6ff9f806 java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.i686.rpm
5842002b21825bc2386871c71b160dbe8482bf1d8d0b084c5c8ae70aa46e6abd java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.i686.rpm
4e164fed38feb19f5fa0c31a7228fde4defa0ee7c7c622c7d047a6d3459c0876 java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.i686.rpm
76f5e70d78e826491021ff08688cdb244df889bea12e8e22a47d7985dd96a141 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.i686.rpm
93a3a8338c202135f2fa05f9d459db0197595db2786dc5139910b9580b66dcf0 java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.i686.rpm
8bb3fa6c8615fabb2d2d78a5b5250e72c2cae43ee87cf3aea11009d46fdef464 java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm
80dbfefd8615cf91e047fac0c95ef5c08980778789f400521c9da1d97ae5cfe4 java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpm
d25f08cbfa13f5612ed8bc93232adcbca64ada8d4b28547aea42e63b3cce4350 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.i686.rpm
669bb82ec974d2a36c11f7d87201c8f18362f7622a3503c70aa816b17cbb7db0 java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.i686.rpm
x86_64:
9384443db1f0daf03f062dc2743810b066e68cd5987b513ae355f4f78f332ac7 java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.x86_64.rpm
3acdb3c62bcb5a7febc830abdde83751a2d77a58e19f6278da68cf8c52f70d39 java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
003715ebe5253470a4f9ee79253ec527088765aaaec9d4cb7ae12b423263cb9c java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.x86_64.rpm
c72aec45b175b906a374c51502276c366ec050cd45ce37870d7c994639838aaf java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
8277ea0800ef091c2fe6616d4d3533a5c2654a658e9a5a509c93a626ba3fbf5b java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.x86_64.rpm
938d4a76293716489f3d8ca99fbcd646b414030a9afe45d6b5ae3e3762f634a5 java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
fca72a2a7a8bc14b9e6bb9bc978ea334536ea3c352e3a76d41702ca2fb5f9478 java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.x86_64.rpm
920bf5d15d46038abc80814a4a295aacada124ce5ac8d0475097dd0d061a036b java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
8bb3fa6c8615fabb2d2d78a5b5250e72c2cae43ee87cf3aea11009d46fdef464 java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm
80dbfefd8615cf91e047fac0c95ef5c08980778789f400521c9da1d97ae5cfe4 java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpm
11b6a40f0090b4a0544613196d39cd7fcd1d2c2b9124ad3d3455ac327bc6fe78 java-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.x86_64.rpm
76ccb2ace872a54a85c17663d560049f77e01481e544f29500b384fbe4567669 java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.x86_64.rpm
Source:
69963fd22e56dc0d49bc4b83e8c3b08514241e84da076f2dee5e75b5c2c76698 java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1508 Important CentOS 6 java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2020:1508 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1508
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
26e47d9aa242a8ff26a922cd6158f57919148a340d3a4a45eac954c6eae93f58 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.i686.rpm
350776ba966fcf4e4d56f7eaf34d49dc095a4cb26328ee474a26d02dd7688232 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.i686.rpm
839da6b4f494a67b660bcf50e75b6c10113aec243207becd76bb15373d551290 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.i686.rpm
99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm
d70ec50fdef1d55ee0e053d28923c54d48700036699f66ebadca036fa996deda java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.i686.rpm
x86_64:
dcaadaedd419044b567051754bda337448c76939fbb6511d2b9c080a4ce419fe java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
d2271d2bd3c586871b777f3fe63b62744b80bb1620a213f0c8b05f4d3c5b07b3 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
043079714593561b7636db4712a2d9e0906ed8bf3ae4abc09b77175c28836db8 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm
aa768ae41a5f835d30b6773ae0f89e3a0e00c053e69615aaec957ae8e250381c java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
Source:
7203176340c185894bab2ab36905072a5fa5e0f03462179066e7665c54a38df1 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1508
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
26e47d9aa242a8ff26a922cd6158f57919148a340d3a4a45eac954c6eae93f58 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.i686.rpm
350776ba966fcf4e4d56f7eaf34d49dc095a4cb26328ee474a26d02dd7688232 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.i686.rpm
839da6b4f494a67b660bcf50e75b6c10113aec243207becd76bb15373d551290 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.i686.rpm
99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm
d70ec50fdef1d55ee0e053d28923c54d48700036699f66ebadca036fa996deda java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.i686.rpm
x86_64:
dcaadaedd419044b567051754bda337448c76939fbb6511d2b9c080a4ce419fe java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
d2271d2bd3c586871b777f3fe63b62744b80bb1620a213f0c8b05f4d3c5b07b3 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
043079714593561b7636db4712a2d9e0906ed8bf3ae4abc09b77175c28836db8 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm
aa768ae41a5f835d30b6773ae0f89e3a0e00c053e69615aaec957ae8e250381c java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm
Source:
7203176340c185894bab2ab36905072a5fa5e0f03462179066e7665c54a38df1 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:1403 Important CentOS 6 qemu-kvm Security Update
CentOS Errata and Security Advisory 2020:1403 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1403
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5db8741c93f89301f169e688c9884f004d41a5a3c9c2c49763c0ed07eaf7a81a qemu-guest-agent-0.12.1.2-2.506.el6_10.7.i686.rpm
x86_64:
a7c2cb8e14febca4dd4a7554fc9ddaf418b1ed17bc4c40f5850057c7d6ef383f qemu-guest-agent-0.12.1.2-2.506.el6_10.7.x86_64.rpm
f52054992a9464c2d8431237e42950d8b971848b98d551e5abf38b6b0b885421 qemu-img-0.12.1.2-2.506.el6_10.7.x86_64.rpm
4b4468cf63693f8b8204ebc2cfc19f94cf72217ba81a13be4f40712fe9e6a2e5 qemu-kvm-0.12.1.2-2.506.el6_10.7.x86_64.rpm
6ba96df1b300f780321fd79e1d4ce9781d7e32192e6612b10fff180f44fd2a0e qemu-kvm-tools-0.12.1.2-2.506.el6_10.7.x86_64.rpm
Source:
d785b426990e027e3687524057cf19b82c2b73fe289251654732467bed9016f9 qemu-kvm-0.12.1.2-2.506.el6_10.7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:1403
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5db8741c93f89301f169e688c9884f004d41a5a3c9c2c49763c0ed07eaf7a81a qemu-guest-agent-0.12.1.2-2.506.el6_10.7.i686.rpm
x86_64:
a7c2cb8e14febca4dd4a7554fc9ddaf418b1ed17bc4c40f5850057c7d6ef383f qemu-guest-agent-0.12.1.2-2.506.el6_10.7.x86_64.rpm
f52054992a9464c2d8431237e42950d8b971848b98d551e5abf38b6b0b885421 qemu-img-0.12.1.2-2.506.el6_10.7.x86_64.rpm
4b4468cf63693f8b8204ebc2cfc19f94cf72217ba81a13be4f40712fe9e6a2e5 qemu-kvm-0.12.1.2-2.506.el6_10.7.x86_64.rpm
6ba96df1b300f780321fd79e1d4ce9781d7e32192e6612b10fff180f44fd2a0e qemu-kvm-tools-0.12.1.2-2.506.el6_10.7.x86_64.rpm
Source:
d785b426990e027e3687524057cf19b82c2b73fe289251654732467bed9016f9 qemu-kvm-0.12.1.2-2.506.el6_10.7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Subscribe to:
Posts (Atom)