==========================================================================
Ubuntu Security Notice USN-5164-1
November 30, 2021
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the Option USB High Speed Mobile device driver in
the Linux kernel did not properly handle error conditions. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-37159)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1031-dell300x 4.15.0-1031.36
linux-image-4.15.0-1084-oracle 4.15.0-1084.92
linux-image-4.15.0-1099-raspi2 4.15.0-1099.106
linux-image-4.15.0-1103-kvm 4.15.0-1103.105
linux-image-4.15.0-1112-gcp 4.15.0-1112.126
linux-image-4.15.0-1116-aws 4.15.0-1116.123
linux-image-4.15.0-1116-snapdragon 4.15.0-1116.125
linux-image-4.15.0-1127-azure 4.15.0-1127.140
linux-image-4.15.0-163-generic 4.15.0-163.171
linux-image-4.15.0-163-generic-lpae 4.15.0-163.171
linux-image-4.15.0-163-lowlatency 4.15.0-163.171
linux-image-aws-lts-18.04 4.15.0.1116.119
linux-image-azure-lts-18.04 4.15.0.1127.100
linux-image-dell300x 4.15.0.1031.33
linux-image-gcp-lts-18.04 4.15.0.1112.131
linux-image-generic 4.15.0.163.152
linux-image-generic-lpae 4.15.0.163.152
linux-image-kvm 4.15.0.1103.99
linux-image-lowlatency 4.15.0.163.152
linux-image-oracle-lts-18.04 4.15.0.1084.94
linux-image-raspi2 4.15.0.1099.97
linux-image-snapdragon 4.15.0.1116.119
linux-image-virtual 4.15.0.163.152
Ubuntu 16.04 ESM:
linux-image-4.15.0-1084-oracle 4.15.0-1084.92~16.04.1
linux-image-4.15.0-1116-aws 4.15.0-1116.123~16.04.1
linux-image-4.15.0-1127-azure 4.15.0-1127.140~16.04.1
linux-image-4.15.0-163-generic 4.15.0-163.171~16.04.1
linux-image-4.15.0-163-lowlatency 4.15.0-163.171~16.04.1
linux-image-aws-hwe 4.15.0.1116.106
linux-image-azure 4.15.0.1127.118
linux-image-generic-hwe-16.04 4.15.0.163.156
linux-image-lowlatency-hwe-16.04 4.15.0.163.156
linux-image-oem 4.15.0.163.156
linux-image-oracle 4.15.0.1084.72
linux-image-virtual-hwe-16.04 4.15.0.163.156
Ubuntu 14.04 ESM:
linux-image-4.15.0-1127-azure 4.15.0-1127.140~14.04.1
linux-image-azure 4.15.0.1127.100
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5164-1
CVE-2021-37159, CVE-2021-3744, CVE-2021-3764
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-163.171
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1116.123
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1127.140
https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1031.36
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1112.126
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1103.105
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1084.92
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1099.106
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1116.125
Tuesday, November 30, 2021
[USN-5165-1] Linux kernel (OEM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5165-1
November 30, 2021
linux-oem-5.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.14: Linux kernel for OEM systems
Details:
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)
It was discovered that the AMD Radeon GPU driver in the Linux kernel did
not properly validate writes in the debugfs file system. A privileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42327)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
It was discovered that the KVM implementation for POWER8 processors in the
Linux kernel did not properly keep track if a wakeup event could be
resolved by a guest. An attacker in a guest VM could possibly use this to
cause a denial of service (host OS crash). (CVE-2021-43056)
It was discovered that the TIPC Protocol implementation in the Linux kernel
did not properly validate MSG_CRYPTO messages in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-43267)
It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.14.0-1008-oem 5.14.0-1008.8
linux-image-oem-20.04d 5.14.0.1008.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5165-1
CVE-2021-3760, CVE-2021-3772, CVE-2021-42327, CVE-2021-42739,
CVE-2021-43056, CVE-2021-43267, CVE-2021-43389
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1008.8
Ubuntu Security Notice USN-5165-1
November 30, 2021
linux-oem-5.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.14: Linux kernel for OEM systems
Details:
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)
It was discovered that the AMD Radeon GPU driver in the Linux kernel did
not properly validate writes in the debugfs file system. A privileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42327)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
It was discovered that the KVM implementation for POWER8 processors in the
Linux kernel did not properly keep track if a wakeup event could be
resolved by a guest. An attacker in a guest VM could possibly use this to
cause a denial of service (host OS crash). (CVE-2021-43056)
It was discovered that the TIPC Protocol implementation in the Linux kernel
did not properly validate MSG_CRYPTO messages in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-43267)
It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.14.0-1008-oem 5.14.0-1008.8
linux-image-oem-20.04d 5.14.0.1008.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5165-1
CVE-2021-3760, CVE-2021-3772, CVE-2021-42327, CVE-2021-42739,
CVE-2021-43056, CVE-2021-43267, CVE-2021-43389
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1008.8
[USN-5163-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5163-1
November 30, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gke,
linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm,
linux-oracle, linux-oracle-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the Option USB High Speed Mobile device driver in
the Linux kernel did not properly handle error conditions. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-37159)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1027-gkeop 5.4.0-1027.28
linux-image-5.4.0-1050-kvm 5.4.0-1050.52
linux-image-5.4.0-1056-gke 5.4.0-1056.59
linux-image-5.4.0-1058-gcp 5.4.0-1058.62
linux-image-5.4.0-1058-oracle 5.4.0-1058.62
linux-image-5.4.0-1060-aws 5.4.0-1060.63
linux-image-5.4.0-1064-azure 5.4.0-1064.67
linux-image-5.4.0-91-generic 5.4.0-91.102
linux-image-5.4.0-91-generic-lpae 5.4.0-91.102
linux-image-5.4.0-91-lowlatency 5.4.0-91.102
linux-image-aws-lts-20.04 5.4.0.1060.63
linux-image-azure-lts-20.04 5.4.0.1064.62
linux-image-gcp-lts-20.04 5.4.0.1058.68
linux-image-generic 5.4.0.91.95
linux-image-generic-lpae 5.4.0.91.95
linux-image-gke 5.4.0.1056.66
linux-image-gke-5.4 5.4.0.1056.66
linux-image-gkeop 5.4.0.1027.30
linux-image-gkeop-5.4 5.4.0.1027.30
linux-image-kvm 5.4.0.1050.49
linux-image-lowlatency 5.4.0.91.95
linux-image-oem 5.4.0.91.95
linux-image-oem-osp1 5.4.0.91.95
linux-image-oracle-lts-20.04 5.4.0.1058.58
linux-image-virtual 5.4.0.91.95
Ubuntu 18.04 LTS:
linux-image-5.4.0-1027-gkeop 5.4.0-1027.28~18.04.1
linux-image-5.4.0-1056-gke 5.4.0-1056.59~18.04.1
linux-image-5.4.0-1058-oracle 5.4.0-1058.62~18.04.1
linux-image-5.4.0-1060-aws 5.4.0-1060.63~18.04.1
linux-image-5.4.0-91-generic 5.4.0-91.102~18.04.1
linux-image-5.4.0-91-generic-lpae 5.4.0-91.102~18.04.1
linux-image-5.4.0-91-lowlatency 5.4.0-91.102~18.04.1
linux-image-aws 5.4.0.1060.43
linux-image-generic-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-generic-lpae-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-gke-5.4 5.4.0.1056.59~18.04.21
linux-image-gkeop-5.4 5.4.0.1027.28~18.04.28
linux-image-lowlatency-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-oem 5.4.0.91.102~18.04.81
linux-image-oem-osp1 5.4.0.91.102~18.04.81
linux-image-oracle 5.4.0.1058.62~18.04.38
linux-image-snapdragon-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-virtual-hwe-18.04 5.4.0.91.102~18.04.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5163-1
CVE-2021-3655, CVE-2021-37159, CVE-2021-3744, CVE-2021-3764
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-91.102
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1060.63
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1064.67
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1058.62
https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1056.59
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1027.28
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1050.52
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1058.62
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1060.63~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1056.59~18.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1027.28~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-91.102~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1058.62~18.04.1
Ubuntu Security Notice USN-5163-1
November 30, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gke,
linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm,
linux-oracle, linux-oracle-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the Option USB High Speed Mobile device driver in
the Linux kernel did not properly handle error conditions. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-37159)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1027-gkeop 5.4.0-1027.28
linux-image-5.4.0-1050-kvm 5.4.0-1050.52
linux-image-5.4.0-1056-gke 5.4.0-1056.59
linux-image-5.4.0-1058-gcp 5.4.0-1058.62
linux-image-5.4.0-1058-oracle 5.4.0-1058.62
linux-image-5.4.0-1060-aws 5.4.0-1060.63
linux-image-5.4.0-1064-azure 5.4.0-1064.67
linux-image-5.4.0-91-generic 5.4.0-91.102
linux-image-5.4.0-91-generic-lpae 5.4.0-91.102
linux-image-5.4.0-91-lowlatency 5.4.0-91.102
linux-image-aws-lts-20.04 5.4.0.1060.63
linux-image-azure-lts-20.04 5.4.0.1064.62
linux-image-gcp-lts-20.04 5.4.0.1058.68
linux-image-generic 5.4.0.91.95
linux-image-generic-lpae 5.4.0.91.95
linux-image-gke 5.4.0.1056.66
linux-image-gke-5.4 5.4.0.1056.66
linux-image-gkeop 5.4.0.1027.30
linux-image-gkeop-5.4 5.4.0.1027.30
linux-image-kvm 5.4.0.1050.49
linux-image-lowlatency 5.4.0.91.95
linux-image-oem 5.4.0.91.95
linux-image-oem-osp1 5.4.0.91.95
linux-image-oracle-lts-20.04 5.4.0.1058.58
linux-image-virtual 5.4.0.91.95
Ubuntu 18.04 LTS:
linux-image-5.4.0-1027-gkeop 5.4.0-1027.28~18.04.1
linux-image-5.4.0-1056-gke 5.4.0-1056.59~18.04.1
linux-image-5.4.0-1058-oracle 5.4.0-1058.62~18.04.1
linux-image-5.4.0-1060-aws 5.4.0-1060.63~18.04.1
linux-image-5.4.0-91-generic 5.4.0-91.102~18.04.1
linux-image-5.4.0-91-generic-lpae 5.4.0-91.102~18.04.1
linux-image-5.4.0-91-lowlatency 5.4.0-91.102~18.04.1
linux-image-aws 5.4.0.1060.43
linux-image-generic-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-generic-lpae-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-gke-5.4 5.4.0.1056.59~18.04.21
linux-image-gkeop-5.4 5.4.0.1027.28~18.04.28
linux-image-lowlatency-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-oem 5.4.0.91.102~18.04.81
linux-image-oem-osp1 5.4.0.91.102~18.04.81
linux-image-oracle 5.4.0.1058.62~18.04.38
linux-image-snapdragon-hwe-18.04 5.4.0.91.102~18.04.81
linux-image-virtual-hwe-18.04 5.4.0.91.102~18.04.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5163-1
CVE-2021-3655, CVE-2021-37159, CVE-2021-3744, CVE-2021-3764
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-91.102
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1060.63
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1064.67
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1058.62
https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1056.59
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1027.28
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1050.52
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1058.62
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1060.63~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1056.59~18.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1027.28~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-91.102~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1058.62~18.04.1
[USN-5162-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5162-1
November 30, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13,
linux-oracle, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-oem-5.13: Linux kernel for OEM systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
Jann Horn discovered that the SELinux subsystem in the Linux kernel did not
properly handle subjective credentials for tasks in some situations. On
systems where SELinux has been enabled, a local attacker could possibly use
this to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2021-43057)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
linux-image-5.13.0-1006-kvm 5.13.0-1006.6
linux-image-5.13.0-1007-aws 5.13.0-1007.8
linux-image-5.13.0-1007-gcp 5.13.0-1007.8
linux-image-5.13.0-1008-azure 5.13.0-1008.9
linux-image-5.13.0-1010-oracle 5.13.0-1010.12
linux-image-5.13.0-1011-raspi 5.13.0-1011.13
linux-image-5.13.0-1011-raspi-nolpae 5.13.0-1011.13
linux-image-5.13.0-22-generic 5.13.0-22.22
linux-image-5.13.0-22-generic-64k 5.13.0-22.22
linux-image-5.13.0-22-generic-lpae 5.13.0-22.22
linux-image-5.13.0-22-lowlatency 5.13.0-22.22
linux-image-aws 5.13.0.1007.9
linux-image-azure 5.13.0.1008.9
linux-image-gcp 5.13.0.1007.8
linux-image-generic 5.13.0.22.33
linux-image-generic-64k 5.13.0.22.33
linux-image-generic-lpae 5.13.0.22.33
linux-image-gke 5.13.0.1007.8
linux-image-kvm 5.13.0.1006.6
linux-image-lowlatency 5.13.0.22.33
linux-image-oem-20.04 5.13.0.22.33
linux-image-oracle 5.13.0.1010.12
linux-image-raspi 5.13.0.1011.17
linux-image-raspi-nolpae 5.13.0.1011.17
linux-image-virtual 5.13.0.22.33
Ubuntu 20.04 LTS:
linux-image-5.13.0-1020-oem 5.13.0-1020.24
linux-image-oem-20.04c 5.13.0.1020.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5162-1
CVE-2021-3655, CVE-2021-3744, CVE-2021-3764, CVE-2021-42252,
CVE-2021-43057
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.13.0-22.22
https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1007.8
https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1008.9
https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1007.8
https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1006.6
https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1010.12
https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1011.13
https://launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1020.24
Ubuntu Security Notice USN-5162-1
November 30, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13,
linux-oracle, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-oem-5.13: Linux kernel for OEM systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
Jann Horn discovered that the SELinux subsystem in the Linux kernel did not
properly handle subjective credentials for tasks in some situations. On
systems where SELinux has been enabled, a local attacker could possibly use
this to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2021-43057)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
linux-image-5.13.0-1006-kvm 5.13.0-1006.6
linux-image-5.13.0-1007-aws 5.13.0-1007.8
linux-image-5.13.0-1007-gcp 5.13.0-1007.8
linux-image-5.13.0-1008-azure 5.13.0-1008.9
linux-image-5.13.0-1010-oracle 5.13.0-1010.12
linux-image-5.13.0-1011-raspi 5.13.0-1011.13
linux-image-5.13.0-1011-raspi-nolpae 5.13.0-1011.13
linux-image-5.13.0-22-generic 5.13.0-22.22
linux-image-5.13.0-22-generic-64k 5.13.0-22.22
linux-image-5.13.0-22-generic-lpae 5.13.0-22.22
linux-image-5.13.0-22-lowlatency 5.13.0-22.22
linux-image-aws 5.13.0.1007.9
linux-image-azure 5.13.0.1008.9
linux-image-gcp 5.13.0.1007.8
linux-image-generic 5.13.0.22.33
linux-image-generic-64k 5.13.0.22.33
linux-image-generic-lpae 5.13.0.22.33
linux-image-gke 5.13.0.1007.8
linux-image-kvm 5.13.0.1006.6
linux-image-lowlatency 5.13.0.22.33
linux-image-oem-20.04 5.13.0.22.33
linux-image-oracle 5.13.0.1010.12
linux-image-raspi 5.13.0.1011.17
linux-image-raspi-nolpae 5.13.0.1011.17
linux-image-virtual 5.13.0.22.33
Ubuntu 20.04 LTS:
linux-image-5.13.0-1020-oem 5.13.0-1020.24
linux-image-oem-20.04c 5.13.0.1020.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5162-1
CVE-2021-3655, CVE-2021-3744, CVE-2021-3764, CVE-2021-42252,
CVE-2021-43057
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.13.0-22.22
https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1007.8
https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1008.9
https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1007.8
https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1006.6
https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1010.12
https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1011.13
https://launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1020.24
[USN-5161-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5161-1
November 30, 2021
linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11,
linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle,
linux-oracle-5.11, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.11: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.11: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.11: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.11: Linux hardware enablement (HWE) kernel
- linux-oracle-5.11: Linux kernel for Oracle Cloud systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
linux-image-5.11.0-1020-kvm 5.11.0-1020.22
linux-image-5.11.0-1022-aws 5.11.0-1022.23
linux-image-5.11.0-1022-azure 5.11.0-1022.23
linux-image-5.11.0-1022-oracle 5.11.0-1022.23
linux-image-5.11.0-1023-gcp 5.11.0-1023.25
linux-image-5.11.0-1023-raspi 5.11.0-1023.25
linux-image-5.11.0-1023-raspi-nolpae 5.11.0-1023.25
linux-image-5.11.0-41-generic 5.11.0-41.45
linux-image-5.11.0-41-generic-64k 5.11.0-41.45
linux-image-5.11.0-41-generic-lpae 5.11.0-41.45
linux-image-5.11.0-41-lowlatency 5.11.0-41.45
linux-image-aws 5.11.0.1022.23
linux-image-azure 5.11.0.1022.23
linux-image-gcp 5.11.0.1023.23
linux-image-generic 5.11.0.41.42
linux-image-generic-64k 5.11.0.41.42
linux-image-generic-lpae 5.11.0.41.42
linux-image-gke 5.11.0.1023.23
linux-image-kvm 5.11.0.1020.21
linux-image-lowlatency 5.11.0.41.42
linux-image-oem-20.04 5.11.0.41.42
linux-image-oracle 5.11.0.1022.23
linux-image-raspi 5.11.0.1023.21
linux-image-raspi-nolpae 5.11.0.1023.21
linux-image-virtual 5.11.0.41.42
Ubuntu 20.04 LTS:
linux-image-5.11.0-1022-aws 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1022-azure 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1022-oracle 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1023-gcp 5.11.0-1023.25~20.04.1
linux-image-5.11.0-41-generic 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-generic-64k 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-generic-lpae 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-lowlatency 5.11.0-41.45~20.04.1
linux-image-aws 5.11.0.1022.23~20.04.21
linux-image-azure 5.11.0.1022.23~20.04.22
linux-image-gcp 5.11.0.1023.25~20.04.22
linux-image-generic-64k-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-generic-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-generic-lpae-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-lowlatency-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-oracle 5.11.0.1022.23~20.04.15
linux-image-virtual-hwe-20.04 5.11.0.41.45~20.04.19
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5161-1
CVE-2021-3655, CVE-2021-3744, CVE-2021-3764, CVE-2021-42252
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.11.0-41.45
https://launchpad.net/ubuntu/+source/linux-aws/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-azure/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1023.25
https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1020.22
https://launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1023.25
https://launchpad.net/ubuntu/+source/linux-aws-5.11/5.11.0-1022.23~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.11/5.11.0-1022.23~20.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.11/5.11.0-1023.25~20.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.11/5.11.0-41.45~20.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.11/5.11.0-1022.23~20.04.1
Ubuntu Security Notice USN-5161-1
November 30, 2021
linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11,
linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle,
linux-oracle-5.11, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.11: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.11: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.11: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.11: Linux hardware enablement (HWE) kernel
- linux-oracle-5.11: Linux kernel for Oracle Cloud systems
Details:
Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)
It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in
the Linux kernel did not properly deallocate memory in some error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)
It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
linux-image-5.11.0-1020-kvm 5.11.0-1020.22
linux-image-5.11.0-1022-aws 5.11.0-1022.23
linux-image-5.11.0-1022-azure 5.11.0-1022.23
linux-image-5.11.0-1022-oracle 5.11.0-1022.23
linux-image-5.11.0-1023-gcp 5.11.0-1023.25
linux-image-5.11.0-1023-raspi 5.11.0-1023.25
linux-image-5.11.0-1023-raspi-nolpae 5.11.0-1023.25
linux-image-5.11.0-41-generic 5.11.0-41.45
linux-image-5.11.0-41-generic-64k 5.11.0-41.45
linux-image-5.11.0-41-generic-lpae 5.11.0-41.45
linux-image-5.11.0-41-lowlatency 5.11.0-41.45
linux-image-aws 5.11.0.1022.23
linux-image-azure 5.11.0.1022.23
linux-image-gcp 5.11.0.1023.23
linux-image-generic 5.11.0.41.42
linux-image-generic-64k 5.11.0.41.42
linux-image-generic-lpae 5.11.0.41.42
linux-image-gke 5.11.0.1023.23
linux-image-kvm 5.11.0.1020.21
linux-image-lowlatency 5.11.0.41.42
linux-image-oem-20.04 5.11.0.41.42
linux-image-oracle 5.11.0.1022.23
linux-image-raspi 5.11.0.1023.21
linux-image-raspi-nolpae 5.11.0.1023.21
linux-image-virtual 5.11.0.41.42
Ubuntu 20.04 LTS:
linux-image-5.11.0-1022-aws 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1022-azure 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1022-oracle 5.11.0-1022.23~20.04.1
linux-image-5.11.0-1023-gcp 5.11.0-1023.25~20.04.1
linux-image-5.11.0-41-generic 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-generic-64k 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-generic-lpae 5.11.0-41.45~20.04.1
linux-image-5.11.0-41-lowlatency 5.11.0-41.45~20.04.1
linux-image-aws 5.11.0.1022.23~20.04.21
linux-image-azure 5.11.0.1022.23~20.04.22
linux-image-gcp 5.11.0.1023.25~20.04.22
linux-image-generic-64k-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-generic-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-generic-lpae-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-lowlatency-hwe-20.04 5.11.0.41.45~20.04.19
linux-image-oracle 5.11.0.1022.23~20.04.15
linux-image-virtual-hwe-20.04 5.11.0.41.45~20.04.19
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5161-1
CVE-2021-3655, CVE-2021-3744, CVE-2021-3764, CVE-2021-42252
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.11.0-41.45
https://launchpad.net/ubuntu/+source/linux-aws/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-azure/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1023.25
https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1020.22
https://launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1022.23
https://launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1023.25
https://launchpad.net/ubuntu/+source/linux-aws-5.11/5.11.0-1022.23~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.11/5.11.0-1022.23~20.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.11/5.11.0-1023.25~20.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.11/5.11.0-41.45~20.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.11/5.11.0-1022.23~20.04.1
Monday, November 29, 2021
[USN-5158-1] ImageMagick vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5158-1
November 29, 2021
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. (CVE-2021-20244)
It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. (CVE-2021-20313)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.12
Ubuntu 16.04 ESM:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm1
Ubuntu 14.04 ESM:
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5158-1
CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,
CVE-2021-20313
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.12
Ubuntu Security Notice USN-5158-1
November 29, 2021
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. (CVE-2021-20244)
It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. (CVE-2021-20313)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.12
Ubuntu 16.04 ESM:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm1
Ubuntu 14.04 ESM:
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5158-1
CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,
CVE-2021-20313
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.12
Fedora 33 End Of Life
Hello all,
Fedora 33 will go end of life for updates and support on 30th of
November 2021. No further updates, including security updates, will be
available for Fedora 33 after the said date. All the updates of Fedora
33 being pushed to stable will be stopped as well.
Fedora 34 will continue to receive updates until approximately one
month after the release of Fedora 36. The maintenance schedule of
Fedora releases is documented on the Fedora Project wiki [0]. The
fedora Project wiki also contains instructions [1] on how to upgrade
from a previous release of Fedora to a version receiving updates.
Regards,
Mohan Boddu.
[0]https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule
[1]https://fedoraproject.org/wiki/Upgrading?rd=DistributionUpgrades
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Fedora 33 will go end of life for updates and support on 30th of
November 2021. No further updates, including security updates, will be
available for Fedora 33 after the said date. All the updates of Fedora
33 being pushed to stable will be stopped as well.
Fedora 34 will continue to receive updates until approximately one
month after the release of Fedora 36. The maintenance schedule of
Fedora releases is documented on the Fedora Project wiki [0]. The
fedora Project wiki also contains instructions [1] on how to upgrade
from a previous release of Fedora to a version receiving updates.
Regards,
Mohan Boddu.
[0]https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule
[1]https://fedoraproject.org/wiki/Upgrading?rd=DistributionUpgrades
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: Users are administrators by default in the installer GUI. (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/Users_are_admins_by_default_in_Anaconda
= Users are administrators by default in the installer GUI =
== Summary ==
The Anaconda installer GUI will have the administrative rights
checkbox on the User screen ticked by default.
== Owner ==
* Name: [[User:Vladimirslavik| Vladimir Slavik]]
* Email: vslavik@redhat.com
== Detailed Description ==
Currently, the Anaconda installer GUI presents an unticked checkbox
"Make this user administrator" on the user setup screen by default.
This means users have to discover the control, understand its meaning,
and consciously decide to change the value from the default one.
However, computer usage by individuals is heavily skewed towards
single user machines where the (sole) user has administrative powers
over the machine by invoking `sudo`. This has been always reflected by
the design of the screen, which allows only a single user to be
created. The GNOME first time setup also creates a single user - and
makes them an administrator without asking.
The proposed change merely changes the default GUI state to be in line
with this expectation.
Further, this change of defaults complements the default for root
account. The redesign of root setup screen in Fedora 35 makes it clear
that root should be left locked. This change makes it clear that the
user should be the administrator. Together, these defaults will let
the user satisfy all user account options by filling in nothing more
than the user name and the password (twice to confirm).
== Benefit to Fedora ==
One less footgun in the installer for entry-level users. They will be
able to rely on defaults and achieve the expected outcome.
== Scope ==
* Proposal owners: Isolated change - adjust Anaconda code to do so as
suggested here. Low effort.
* Other developers: No changes needed.
* Release engineering: Different defaults ''could'' impact installer
testing. [https://pagure.io/releng/issues #Releng issue number]
* Policies and guidelines: N/A
* Trademark approval: N/A
* Alignment with Objectives: None.
== Upgrade/compatibility impact ==
No impact. Installation implies teardown of previous system, including users.
== How To Test ==
Start Anaconda installer for the Server variant, open the user setup
screen, "Make this user administrator" is checked = pass.
Should be variant / spin / hardware agnostic, with the caveat that the
presence of user screen is configurable, so in many cases the screen
is not reachable.
Kickstart installs are not affected.
== User Experience ==
Users installing Fedora will no longer be forced to spend time
deciding how to arrange the administrative powers (they, root, both?)
and configuring that. They will be able to fill in user name and
password and the default configuration will be valid. They can give in
to the power of defaults.
For users that want to configure the system differently from the
majority use case, the controls to do so are still as they were, only
the defaults are different.
For those installing Fedora manually often, muscle memory for user
screen will break, as the checkbox will no longer have to be toggled.
== Dependencies ==
None.
== Contingency Plan ==
Any Fedora QA and OpenQA changes reflecting this will have to be
reverted. Other than that, there is no technical or process
requirement for this change, so no impact. The change does not happen
and previous defaults remain.
* Contingency mechanism: N/A
* Contingency deadline: N/A
* Blocks release? No
== Documentation ==
* https://github.com/rhinstaller/anaconda/pull/3719
== Release Notes ==
In the User spoke, the "Make this user administrator" checkbox is now
checked by default. This improves installation experience for users
who do not know and need to rely on the default values to guide them.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
= Users are administrators by default in the installer GUI =
== Summary ==
The Anaconda installer GUI will have the administrative rights
checkbox on the User screen ticked by default.
== Owner ==
* Name: [[User:Vladimirslavik| Vladimir Slavik]]
* Email: vslavik@redhat.com
== Detailed Description ==
Currently, the Anaconda installer GUI presents an unticked checkbox
"Make this user administrator" on the user setup screen by default.
This means users have to discover the control, understand its meaning,
and consciously decide to change the value from the default one.
However, computer usage by individuals is heavily skewed towards
single user machines where the (sole) user has administrative powers
over the machine by invoking `sudo`. This has been always reflected by
the design of the screen, which allows only a single user to be
created. The GNOME first time setup also creates a single user - and
makes them an administrator without asking.
The proposed change merely changes the default GUI state to be in line
with this expectation.
Further, this change of defaults complements the default for root
account. The redesign of root setup screen in Fedora 35 makes it clear
that root should be left locked. This change makes it clear that the
user should be the administrator. Together, these defaults will let
the user satisfy all user account options by filling in nothing more
than the user name and the password (twice to confirm).
== Benefit to Fedora ==
One less footgun in the installer for entry-level users. They will be
able to rely on defaults and achieve the expected outcome.
== Scope ==
* Proposal owners: Isolated change - adjust Anaconda code to do so as
suggested here. Low effort.
* Other developers: No changes needed.
* Release engineering: Different defaults ''could'' impact installer
testing. [https://pagure.io/releng/issues #Releng issue number]
* Policies and guidelines: N/A
* Trademark approval: N/A
* Alignment with Objectives: None.
== Upgrade/compatibility impact ==
No impact. Installation implies teardown of previous system, including users.
== How To Test ==
Start Anaconda installer for the Server variant, open the user setup
screen, "Make this user administrator" is checked = pass.
Should be variant / spin / hardware agnostic, with the caveat that the
presence of user screen is configurable, so in many cases the screen
is not reachable.
Kickstart installs are not affected.
== User Experience ==
Users installing Fedora will no longer be forced to spend time
deciding how to arrange the administrative powers (they, root, both?)
and configuring that. They will be able to fill in user name and
password and the default configuration will be valid. They can give in
to the power of defaults.
For users that want to configure the system differently from the
majority use case, the controls to do so are still as they were, only
the defaults are different.
For those installing Fedora manually often, muscle memory for user
screen will break, as the checkbox will no longer have to be toggled.
== Dependencies ==
None.
== Contingency Plan ==
Any Fedora QA and OpenQA changes reflecting this will have to be
reverted. Other than that, there is no technical or process
requirement for this change, so no impact. The change does not happen
and previous defaults remain.
* Contingency mechanism: N/A
* Contingency deadline: N/A
* Blocks release? No
== Documentation ==
* https://github.com/rhinstaller/anaconda/pull/3719
== Release Notes ==
In the User spoke, the "Make this user administrator" checkbox is now
checked by default. This improves installation experience for users
who do not know and need to rely on the default values to guide them.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: LXQt 1.0.0 (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/LXQt_1.0
== Summary ==
Update LXQt to 1.0.0 in Fedora.
== Owner ==
* Name: [[User:Zsun|Zamir SUN]]
* Email: zsun#AT#fedoraproject.org
== Detailed Description ==
LXQt 1.0.0 released with a bunch of bugfixes and new features. It's
always good to keep Fedora users running on most recent software.
Detailed LXQt release note is available
[https://lxqt-project.org/release/2021/11/06/lxqt-1-0-0/ here].
== Benefit to Fedora ==
This change brings bug fixes and enhancements to LXQt in Fedora.
== Scope ==
* Proposal owners: Update all the LXQt related packages in Fedora. And
fix the kickstart file if needed.
* Other developers: N/A
* Release engineering: [https://pagure.io/releng/issue/10405 #10405]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
Install using the spin, netinstall or DVD. Or upgrade from older
release. Then users should be able to test by doing any daily work.
== User Experience ==
There will be a better user experience and many new features to explore.
== Dependencies ==
This update is pretty self contained.
== Contingency Plan ==
* Contingency mechanism: If I cannot make it happen, I'll just do not
merge side-tag into f36 branch.
* Contingency deadline: Fedora 36 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
Update LXQt to 1.0.0 in Fedora.
== Owner ==
* Name: [[User:Zsun|Zamir SUN]]
* Email: zsun#AT#fedoraproject.org
== Detailed Description ==
LXQt 1.0.0 released with a bunch of bugfixes and new features. It's
always good to keep Fedora users running on most recent software.
Detailed LXQt release note is available
[https://lxqt-project.org/release/2021/11/06/lxqt-1-0-0/ here].
== Benefit to Fedora ==
This change brings bug fixes and enhancements to LXQt in Fedora.
== Scope ==
* Proposal owners: Update all the LXQt related packages in Fedora. And
fix the kickstart file if needed.
* Other developers: N/A
* Release engineering: [https://pagure.io/releng/issue/10405 #10405]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
Install using the spin, netinstall or DVD. Or upgrade from older
release. Then users should be able to test by doing any daily work.
== User Experience ==
There will be a better user experience and many new features to explore.
== Dependencies ==
This update is pretty self contained.
== Contingency Plan ==
* Contingency mechanism: If I cannot make it happen, I'll just do not
merge side-tag into f36 branch.
* Contingency deadline: Fedora 36 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Friday, November 26, 2021
Planned Outage - bodhi.fedoraproject.org - 2021-11-29 7:00 UTC
Planned Outage - bodhi.fedoraproject.org - 2021-11-29 7:00 UTC
There will be an outage starting on monday at 2021-11-29 7:00 UTC
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2021-11-29 7:00 UTC'
Reason for outage:
Bodhi will be upgraded to 5.7.2 - should help with several issues that
surfaced with the 5.7.1 deployment,
Affected Services:
bodhi / updates.fedoraproject.org may be down or unresponsive during
the upgrade window
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/10379
Please join #fedora-admin or #fedora-noc on irc.freenode.net
or add comments to the ticket for this outage above.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
There will be an outage starting on monday at 2021-11-29 7:00 UTC
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2021-11-29 7:00 UTC'
Reason for outage:
Bodhi will be upgraded to 5.7.2 - should help with several issues that
surfaced with the 5.7.1 deployment,
Affected Services:
bodhi / updates.fedoraproject.org may be down or unresponsive during
the upgrade window
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/10379
Please join #fedora-admin or #fedora-noc on irc.freenode.net
or add comments to the ticket for this outage above.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Thursday, November 25, 2021
LibreSSL 3.4.2 Released
We have released LibreSSL 3.4.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
Fedora elections voting now open
Voting in the Fedora Linux 35 elections is now open. Go to the
Elections app[1] to cast your vote. Voting closes at 23:59 UTC on
Thursday 9 December. Don't forget to claim your "I Voted" badge when
you cast your ballot. Links to candidate interviews are in the
Elections app and on the Community Blog[2].
[1] https://elections.fedoraproject.org/
[2] https://communityblog.fedoraproject.org/f35-elections-voting-now-open/
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Elections app[1] to cast your vote. Voting closes at 23:59 UTC on
Thursday 9 December. Don't forget to claim your "I Voted" badge when
you cast your ballot. Links to candidate interviews are in the
Elections app and on the Community Blog[2].
[1] https://elections.fedoraproject.org/
[2] https://communityblog.fedoraproject.org/f35-elections-voting-now-open/
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: PostgreSQL 14 (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/PostgreSQL_14
== Summary ==
Update of PostgreSQL (`postgresql` and `libpq` components) in Fedora
from version 13 to version 14 in the non-modular (main) builds.
== Owner ==
* Name: [[User:fjanus| Filip Januš]]
* Email: fjanus@redhat.com
== Detailed Description ==
Update of PostgreSQL (`postgresql` and `libpq` components) in Fedora
from version 13 to version 14 in the non-modular (main) builds.
This also involves updating and rebuilding the PostgreSQL plugins that
depend on postgresql server.
=== Plan ===
* Prepare PostgreSQL 14 in Copr (By 2022-01-15)
* Rebuild important dependencies in Copr (By 2022-01-15)
* Debug and fix compatibility issues found in dependencies (a
reasonable amount of non-critical in FTBFS state might be tolerable)
* Prepare Pull requests in Rawhide
* Merge and build PR into Rawhide
== Feedback ==
<!-- Summarize the feedback from the community and address why you
chose not to accept proposed alternatives. This section is optional
for all change proposals but is strongly suggested. Incorporating
feedback here as it is raised gives FESCo a clearer view of your
proposal and leaves a good record for the future. If you get no
feedback, that is useful to note in this section as well. For
innovative or possibly controversial ideas, consider collecting
feedback before you file the change proposal. -->
== Benefit to Fedora ==
The latest stable software is used by Fedora users.
== Scope ==
* Proposal owners:
<!-- What work do the feature owners have to accomplish to complete
the feature in time for release? Is it a large change affecting many
parts of the distribution or is it a very isolated change? What are
those changes?-->
**Prepare PostgreSQL 14
**Prepare PostgreSQL 13 as a module for Rawhide
**Check software that requires or depends on `postgresql-server` or
`libpq` packages for incompatibilities
**Build PostgreSQL 14 (postgresql and libpq) to Rawhide
**Rebuild depended on packages against PostgreSQL 14
**Gather user input on the changes between PostgreSQL 13 and PostgreSQL 14
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issues #Releng issue number]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The PostgreSQL client library (libpq component) is compatible. So,
there shouldn't be any issues with compatibility, but rebuild of the
depended components is recommanded.
Server plugins might require a newer version update, because they
sometimes have explicit server requirements. PostgreSQL maintainer
will help fixing/rebuilding any issues in the plugins.
== How To Test ==
Usual testing as when upgrading between major PostgreSQL versions,
running `postgresql-setup --upgrade` is necessary between major
versions.
Test that all other software runs well with PostgreSQL 14.
== User Experience ==
The users will have to upgrade their databases the same way as between
major PostgreSQL versions, aka `postgresql-setup --upgrade` after
installing PostgreSQL 14 server packages.
If users want to stick with PostgreSQL 13 for a little longer, there
will be PostgreSQL 13 module
== Dependencies ==
There are some packages (mostly server plugins), that build on top of
PostgreSQL. Since the separation of PostgreSQL client library (libpq
component), only packages that build server plugins should use
postgresql package in BuildRequires, others should use libpq. In case
of Postgresql-server, rebuild should be done to make sure all
potential binary incompatibilities are handled.
* PostgreSQL server dependecies
** perl-DBD-Pg
** pgaudit
** qt
** qt3
** qt5-qtbase
** postgres-decoderbufs
** gambas3
** kdb
** kea
** libpqxx
** openvas-manager
** orafce
** pg-semver
** pgRouting
** pgadmin3
** pgsphere
** postgis
** postgresql-ip4r
** postgresql-pgpool-II
** qt3
** rdkit
** rhdb-utils
** timescaledb
** pg_repack
== Contingency Plan ==
Revert changes in the non-modular packages and provide PostgreSQL 14
as a module stream only.
== Documentation ==
Upgrade strategy: https://www.postgresql.org/docs/14/upgrading.html
== Release Notes ==
Release notes for PostgreSQL 14 release:
https://www.postgresql.org/docs/14/index.html
Overall overview of the changes and improvements:
https://www.postgresql.org/docs/14/release-14.html
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
Update of PostgreSQL (`postgresql` and `libpq` components) in Fedora
from version 13 to version 14 in the non-modular (main) builds.
== Owner ==
* Name: [[User:fjanus| Filip Januš]]
* Email: fjanus@redhat.com
== Detailed Description ==
Update of PostgreSQL (`postgresql` and `libpq` components) in Fedora
from version 13 to version 14 in the non-modular (main) builds.
This also involves updating and rebuilding the PostgreSQL plugins that
depend on postgresql server.
=== Plan ===
* Prepare PostgreSQL 14 in Copr (By 2022-01-15)
* Rebuild important dependencies in Copr (By 2022-01-15)
* Debug and fix compatibility issues found in dependencies (a
reasonable amount of non-critical in FTBFS state might be tolerable)
* Prepare Pull requests in Rawhide
* Merge and build PR into Rawhide
== Feedback ==
<!-- Summarize the feedback from the community and address why you
chose not to accept proposed alternatives. This section is optional
for all change proposals but is strongly suggested. Incorporating
feedback here as it is raised gives FESCo a clearer view of your
proposal and leaves a good record for the future. If you get no
feedback, that is useful to note in this section as well. For
innovative or possibly controversial ideas, consider collecting
feedback before you file the change proposal. -->
== Benefit to Fedora ==
The latest stable software is used by Fedora users.
== Scope ==
* Proposal owners:
<!-- What work do the feature owners have to accomplish to complete
the feature in time for release? Is it a large change affecting many
parts of the distribution or is it a very isolated change? What are
those changes?-->
**Prepare PostgreSQL 14
**Prepare PostgreSQL 13 as a module for Rawhide
**Check software that requires or depends on `postgresql-server` or
`libpq` packages for incompatibilities
**Build PostgreSQL 14 (postgresql and libpq) to Rawhide
**Rebuild depended on packages against PostgreSQL 14
**Gather user input on the changes between PostgreSQL 13 and PostgreSQL 14
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issues #Releng issue number]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The PostgreSQL client library (libpq component) is compatible. So,
there shouldn't be any issues with compatibility, but rebuild of the
depended components is recommanded.
Server plugins might require a newer version update, because they
sometimes have explicit server requirements. PostgreSQL maintainer
will help fixing/rebuilding any issues in the plugins.
== How To Test ==
Usual testing as when upgrading between major PostgreSQL versions,
running `postgresql-setup --upgrade` is necessary between major
versions.
Test that all other software runs well with PostgreSQL 14.
== User Experience ==
The users will have to upgrade their databases the same way as between
major PostgreSQL versions, aka `postgresql-setup --upgrade` after
installing PostgreSQL 14 server packages.
If users want to stick with PostgreSQL 13 for a little longer, there
will be PostgreSQL 13 module
== Dependencies ==
There are some packages (mostly server plugins), that build on top of
PostgreSQL. Since the separation of PostgreSQL client library (libpq
component), only packages that build server plugins should use
postgresql package in BuildRequires, others should use libpq. In case
of Postgresql-server, rebuild should be done to make sure all
potential binary incompatibilities are handled.
* PostgreSQL server dependecies
** perl-DBD-Pg
** pgaudit
** qt
** qt3
** qt5-qtbase
** postgres-decoderbufs
** gambas3
** kdb
** kea
** libpqxx
** openvas-manager
** orafce
** pg-semver
** pgRouting
** pgadmin3
** pgsphere
** postgis
** postgresql-ip4r
** postgresql-pgpool-II
** qt3
** rdkit
** rhdb-utils
** timescaledb
** pg_repack
== Contingency Plan ==
Revert changes in the non-modular packages and provide PostgreSQL 14
as a module stream only.
== Documentation ==
Upgrade strategy: https://www.postgresql.org/docs/14/upgrading.html
== Release Notes ==
Release notes for PostgreSQL 14 release:
https://www.postgresql.org/docs/14/index.html
Overall overview of the changes and improvements:
https://www.postgresql.org/docs/14/release-14.html
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
OpenBSD Errata: November 26, 2021 (kernel, libcrypto)
Errata patches for kernel have been released for OpenBSD 6.9 and
7.0. Errata patch for libcrypto has been released for OpenBSD 7.0.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html
7.0. Errata patch for libcrypto has been released for OpenBSD 7.0.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html
Wednesday, November 24, 2021
[USN-5156-1] ICU vulnerability
==========================================================================
Ubuntu Security Notice USN-5156-1
November 24, 2021
A security issue was fixed in ICU
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
ICU could be made to crash if it received specially crafted
input.
Software Description:
- icu: International Components for Unicode library
Details:
It was discovered that ICU contains a double free issue.
An attacker could use this issue to cause a denial of service or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
icu-devtools 67.1-6ubuntu2.1
libicu-dev 67.1-6ubuntu2.1
libicu67 67.1-6ubuntu2.1
Ubuntu 20.04 LTS:
icu-devtools 66.1-2ubuntu2.1
libicu-dev 66.1-2ubuntu2.1
libicu66 66.1-2ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5156-1
CVE-2021-30535
Package Information:
https://launchpad.net/ubuntu/+source/icu/67.1-6ubuntu2.1
https://launchpad.net/ubuntu/+source/icu/66.1-2ubuntu2.1
Ubuntu Security Notice USN-5156-1
November 24, 2021
A security issue was fixed in ICU
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
ICU could be made to crash if it received specially crafted
input.
Software Description:
- icu: International Components for Unicode library
Details:
It was discovered that ICU contains a double free issue.
An attacker could use this issue to cause a denial of service or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
icu-devtools 67.1-6ubuntu2.1
libicu-dev 67.1-6ubuntu2.1
libicu67 67.1-6ubuntu2.1
Ubuntu 20.04 LTS:
icu-devtools 66.1-2ubuntu2.1
libicu-dev 66.1-2ubuntu2.1
libicu66 66.1-2ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5156-1
CVE-2021-30535
Package Information:
https://launchpad.net/ubuntu/+source/icu/67.1-6ubuntu2.1
https://launchpad.net/ubuntu/+source/icu/66.1-2ubuntu2.1
Tuesday, November 23, 2021
[USN-5155-1] BlueZ vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5155-1
November 23, 2021
bluez vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in BlueZ.
Software Description:
- bluez: Bluetooth tools and daemons
Details:
It was discovered that BlueZ incorrectly handled the Discoverable status
when a device is powered down. This could result in devices being powered
up discoverable, contrary to expectations. This issue only affected Ubuntu
20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658)
It was discovered that BlueZ incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause BlueZ to consume
resources, leading to a denial of service. (CVE-2021-41229)
It was discovered that the BlueZ gatt server incorrectly handled
disconnects. A remote attacker could possibly use this issue to cause
BlueZ to crash, leading to a denial of service. (CVE-2021-43400)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
bluez 5.60-0ubuntu2.1
libbluetooth3 5.60-0ubuntu2.1
Ubuntu 21.04:
bluez 5.56-0ubuntu4.3
libbluetooth3 5.56-0ubuntu4.3
Ubuntu 20.04 LTS:
bluez 5.53-0ubuntu3.4
libbluetooth3 5.53-0ubuntu3.4
Ubuntu 18.04 LTS:
bluez 5.48-0ubuntu3.6
libbluetooth3 5.48-0ubuntu3.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5155-1
CVE-2021-3658, CVE-2021-41229, CVE-2021-43400
Package Information:
https://launchpad.net/ubuntu/+source/bluez/5.60-0ubuntu2.1
https://launchpad.net/ubuntu/+source/bluez/5.56-0ubuntu4.3
https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.4
https://launchpad.net/ubuntu/+source/bluez/5.48-0ubuntu3.6
Ubuntu Security Notice USN-5155-1
November 23, 2021
bluez vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in BlueZ.
Software Description:
- bluez: Bluetooth tools and daemons
Details:
It was discovered that BlueZ incorrectly handled the Discoverable status
when a device is powered down. This could result in devices being powered
up discoverable, contrary to expectations. This issue only affected Ubuntu
20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658)
It was discovered that BlueZ incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause BlueZ to consume
resources, leading to a denial of service. (CVE-2021-41229)
It was discovered that the BlueZ gatt server incorrectly handled
disconnects. A remote attacker could possibly use this issue to cause
BlueZ to crash, leading to a denial of service. (CVE-2021-43400)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
bluez 5.60-0ubuntu2.1
libbluetooth3 5.60-0ubuntu2.1
Ubuntu 21.04:
bluez 5.56-0ubuntu4.3
libbluetooth3 5.56-0ubuntu4.3
Ubuntu 20.04 LTS:
bluez 5.53-0ubuntu3.4
libbluetooth3 5.53-0ubuntu3.4
Ubuntu 18.04 LTS:
bluez 5.48-0ubuntu3.6
libbluetooth3 5.48-0ubuntu3.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5155-1
CVE-2021-3658, CVE-2021-41229, CVE-2021-43400
Package Information:
https://launchpad.net/ubuntu/+source/bluez/5.60-0ubuntu2.1
https://launchpad.net/ubuntu/+source/bluez/5.56-0ubuntu4.3
https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.4
https://launchpad.net/ubuntu/+source/bluez/5.48-0ubuntu3.6
F36 Change: ostree native containers / CoreOS layering (System-Wide Change proposal)
https://fedoraproject.org/wiki/Changes/OstreeNativeContainer
== Summary ==
Enhance the (rpm-)ostree stack to natively support OCI/Docker
containers as a transport and delivery mechanism for operating system
content.
This is the basis of
https://github.com/coreos/enhancements/blob/main/os/coreos-layering.md
== Owner ==
* Name: [[User:walters| Colin Walters]]
* Email: walters@verbum.org
== Detailed Description ==
Having the Fedora ecosystem (from users to release engineering)
maintain tooling that operates on all three of "container images",
RPMs, and OSTree updates is a maintenance burden.
This proposes that:
* The ostree stack is enhanced to support
encapsulating/unencapsulating ostree commits as OCI/Docker images
(DONE)
* rpm-ostree is updated to consume this, while still supporting all
its current features (e.g. per-machine package layering) (DONE)
* We ship e.g. `quay.io/fedora/coreos:stable` and
`quay.io/fedora/silverblue:36` etc.
* We support '''deriving''' new user custom images from these images
* We enhance this tooling to
[https://github.com/ostreedev/ostree-rs-ext/issues/69 support
chunking]
For more details, please see:
* [https://github.com/coreos/enhancements/blob/main/os/coreos-layering.md
CoreOS layering enhancement]
* [https://coreos.github.io/rpm-ostree/container/ rpm-ostree container docs]
* [https://github.com/ostreedev/ostree-rs-ext/ ostree-rs-ext project]
Note that significant effort has been invested in ensuring
compatibility between what exists in ostree today and OCI/Docker
container image "encapsulation". For example, we will continue to
reuse the GPG signature infrastructure on OSTree commits that exists
today - the ostree tooling knows how to verify the signature *inside*
the container image. In the future, we will also likely invest in
container-native signatures.
== Benefit to Fedora ==
* Stronger focus on Docker/OCI as transport for operating system and
applications
* New ability to easily create derived operating system images "server side"
* More benefit from e.g. work on container deltas
== Scope ==
* Proposal owners: Lots of detailed items listed in the rpm-ostree/CoreOS docs.
* Other developers: The "other" here is vague, but certainly
developing this so far has needed cooperation with e.g. the
containers/ organization etc.
* Release engineering: https://pagure.io/releng/issue/10399
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: No
== Upgrade/compatibility impact ==
Each individual edition/spin would need to choose when and how to make
a cutover to containers as a transport. The Fedora OSTree repository
would continue to be maintained until that is finished.
== How To Test ==
See the examples under https://coreos.github.io/rpm-ostree/container/
== User Experience ==
Users of rpm-ostree systems will primarily interact with container images.
== Dependencies ==
Release engineering.
== Contingency Plan ==
* Contingency mechanism: Continue to ship updates via baseline OSTree
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Blocks release? No
== Documentation ==
Already linked above to avoid duplicating it here.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
Enhance the (rpm-)ostree stack to natively support OCI/Docker
containers as a transport and delivery mechanism for operating system
content.
This is the basis of
https://github.com/coreos/enhancements/blob/main/os/coreos-layering.md
== Owner ==
* Name: [[User:walters| Colin Walters]]
* Email: walters@verbum.org
== Detailed Description ==
Having the Fedora ecosystem (from users to release engineering)
maintain tooling that operates on all three of "container images",
RPMs, and OSTree updates is a maintenance burden.
This proposes that:
* The ostree stack is enhanced to support
encapsulating/unencapsulating ostree commits as OCI/Docker images
(DONE)
* rpm-ostree is updated to consume this, while still supporting all
its current features (e.g. per-machine package layering) (DONE)
* We ship e.g. `quay.io/fedora/coreos:stable` and
`quay.io/fedora/silverblue:36` etc.
* We support '''deriving''' new user custom images from these images
* We enhance this tooling to
[https://github.com/ostreedev/ostree-rs-ext/issues/69 support
chunking]
For more details, please see:
* [https://github.com/coreos/enhancements/blob/main/os/coreos-layering.md
CoreOS layering enhancement]
* [https://coreos.github.io/rpm-ostree/container/ rpm-ostree container docs]
* [https://github.com/ostreedev/ostree-rs-ext/ ostree-rs-ext project]
Note that significant effort has been invested in ensuring
compatibility between what exists in ostree today and OCI/Docker
container image "encapsulation". For example, we will continue to
reuse the GPG signature infrastructure on OSTree commits that exists
today - the ostree tooling knows how to verify the signature *inside*
the container image. In the future, we will also likely invest in
container-native signatures.
== Benefit to Fedora ==
* Stronger focus on Docker/OCI as transport for operating system and
applications
* New ability to easily create derived operating system images "server side"
* More benefit from e.g. work on container deltas
== Scope ==
* Proposal owners: Lots of detailed items listed in the rpm-ostree/CoreOS docs.
* Other developers: The "other" here is vague, but certainly
developing this so far has needed cooperation with e.g. the
containers/ organization etc.
* Release engineering: https://pagure.io/releng/issue/10399
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: No
== Upgrade/compatibility impact ==
Each individual edition/spin would need to choose when and how to make
a cutover to containers as a transport. The Fedora OSTree repository
would continue to be maintained until that is finished.
== How To Test ==
See the examples under https://coreos.github.io/rpm-ostree/container/
== User Experience ==
Users of rpm-ostree systems will primarily interact with container images.
== Dependencies ==
Release engineering.
== Contingency Plan ==
* Contingency mechanism: Continue to ship updates via baseline OSTree
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Blocks release? No
== Documentation ==
Already linked above to avoid duplicating it here.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: Plocate as the default locate implementation (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/Plocate_as_the_default_locate_implementation
== Summary ==
The venerable `mlocate` program is replaced by `plocate` — a
compatible reimplementation that is faster and uses less disk space.
== Owner ==
* Name: [[User:Zbyszek| Zbigniew Jędrzejewski-Szmek]]
* Email: zbyszek at in.waw.pl
* Name: [[User:Msekleta| Michal Sekletár]]
* Email: msekleta at redhat.com
== Detailed Description ==
Plocate is a newer implementation of `locate`/`mlocate` that using
`liburing` and `libzstd` for speed.
The database it creates on disk is also smaller.
Debian recently switched to `plocate` as the default implementation
(https://lwn.net/Articles/846405/).
It doesn't seem useful to maintain multiple locate implementations.
Thus the new package Conflicts with the old one, so they cannot be
installed in parallel.
The plan is:
# F35: `plocate` is made available for testing
# F36: `mlocate` is replaced by `plocate` in comps
# F37 or F38: `mlocate` will be retired (or given away, if somebody
wants to pick it up)
== Benefit to Fedora ==
We save some cpu cycles and disk sectors by using a more modern
implementation of a common tool.
== Scope ==
* Proposal owners:
** package `mlocate` (Review bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1931141, DONE)
** submit a pull request to comps with `s/mlocate/plocate/`
* Other developers: install plocate locally and test if it works as
expected on F35 and other versions
* Release engineering: n/a
* Policies and guidelines: n/a
* Trademark approval: n/a
* Alignment with Objectives: none
== Upgrade/compatibility impact ==
The upgrade should be mostly invisible. It is possible that somebody
might be relying on some very specific `mlocate` behaviour or parsing
the `mlocate` database directly, but no such cases are currently
known.
== How To Test ==
# Install `plocate` (`sudo dnf install plocate --allowerasing`)
# Wait for `plocate-updatedb.service` to finish (`sudo systemctl start
plocate-updatedb.service`)
# Use `plocate pattern` or `plocate -r <regexp>` to search for files.
== User Experience ==
Users should not notice the difference. Installing `plocate`
automatically removes `mlocate`. The new implementation is generally
compatible with the old one in all common cases, and provides some
additional options.
== Dependencies ==
None.
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
`plocate` is now used as the default provider of `/usr/bin/locate`
instead of `mlocate`.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
The venerable `mlocate` program is replaced by `plocate` — a
compatible reimplementation that is faster and uses less disk space.
== Owner ==
* Name: [[User:Zbyszek| Zbigniew Jędrzejewski-Szmek]]
* Email: zbyszek at in.waw.pl
* Name: [[User:Msekleta| Michal Sekletár]]
* Email: msekleta at redhat.com
== Detailed Description ==
Plocate is a newer implementation of `locate`/`mlocate` that using
`liburing` and `libzstd` for speed.
The database it creates on disk is also smaller.
Debian recently switched to `plocate` as the default implementation
(https://lwn.net/Articles/846405/).
It doesn't seem useful to maintain multiple locate implementations.
Thus the new package Conflicts with the old one, so they cannot be
installed in parallel.
The plan is:
# F35: `plocate` is made available for testing
# F36: `mlocate` is replaced by `plocate` in comps
# F37 or F38: `mlocate` will be retired (or given away, if somebody
wants to pick it up)
== Benefit to Fedora ==
We save some cpu cycles and disk sectors by using a more modern
implementation of a common tool.
== Scope ==
* Proposal owners:
** package `mlocate` (Review bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1931141, DONE)
** submit a pull request to comps with `s/mlocate/plocate/`
* Other developers: install plocate locally and test if it works as
expected on F35 and other versions
* Release engineering: n/a
* Policies and guidelines: n/a
* Trademark approval: n/a
* Alignment with Objectives: none
== Upgrade/compatibility impact ==
The upgrade should be mostly invisible. It is possible that somebody
might be relying on some very specific `mlocate` behaviour or parsing
the `mlocate` database directly, but no such cases are currently
known.
== How To Test ==
# Install `plocate` (`sudo dnf install plocate --allowerasing`)
# Wait for `plocate-updatedb.service` to finish (`sudo systemctl start
plocate-updatedb.service`)
# Use `plocate pattern` or `plocate -r <regexp>` to search for files.
== User Experience ==
Users should not notice the difference. Installing `plocate`
automatically removes `mlocate`. The new implementation is generally
compatible with the old one in all common cases, and provides some
additional options.
== Dependencies ==
None.
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
`plocate` is now used as the default provider of `/usr/bin/locate`
instead of `mlocate`.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[USN-5154-1] FreeRDP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5154-1
November 23, 2021
freerdp2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description:
- freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash. (CVE-2021-41159)
It was discovered that FreeRDP incorrectly handled certain connections.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash. (CVE-2021-41160)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libfreerdp-client2-2 2.3.0+dfsg1-2ubuntu0.1
Ubuntu 21.04:
libfreerdp-client2-2 2.3.0+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS:
libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.20.04.2
Ubuntu 18.04 LTS:
libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5154-1
CVE-2021-41159, CVE-2021-41160
Package Information:
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.18.04.2
Ubuntu Security Notice USN-5154-1
November 23, 2021
freerdp2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description:
- freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash. (CVE-2021-41159)
It was discovered that FreeRDP incorrectly handled certain connections.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash. (CVE-2021-41160)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libfreerdp-client2-2 2.3.0+dfsg1-2ubuntu0.1
Ubuntu 21.04:
libfreerdp-client2-2 2.3.0+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS:
libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.20.04.2
Ubuntu 18.04 LTS:
libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5154-1
CVE-2021-41159, CVE-2021-41160
Package Information:
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.18.04.2
Monday, November 22, 2021
[USN-5153-1] LibreOffice vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5153-1
November 22, 2021
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
LibreOffice could incorrectly validate document signatures.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly handled digital signatures.
An attacker could possibly use this issue to create a specially crafted
document that would display a validly signed indicator, contrary to
expectations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libreoffice-core 1:6.4.7-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5153-1
CVE-2021-25633, CVE-2021-25634
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.2
Ubuntu Security Notice USN-5153-1
November 22, 2021
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
LibreOffice could incorrectly validate document signatures.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly handled digital signatures.
An attacker could possibly use this issue to create a specially crafted
document that would display a validly signed indicator, contrary to
expectations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libreoffice-core 1:6.4.7-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5153-1
CVE-2021-25633, CVE-2021-25634
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.2
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2021-11-22.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
Java-WebSocket orphan 3 weeks ago
PyPAM orphan, tmraz 1 weeks ago
arduino-ctags orphan 3 weeks ago
asl orphan 3 weeks ago
bitlbee-discord orphan 6 weeks ago
bytelist lef, orphan 3 weeks ago
cAudio orphan 6 weeks ago
chaos-client go-sig, orphan 3 weeks ago
chck fale, orphan, zvetlik 3 weeks ago
concurrent-trees hhorak, orphan 3 weeks ago
conky-manager orphan 3 weeks ago
couchdb orphan 3 weeks ago
crlfuzz go-sig, orphan 3 weeks ago
cuetools orphan 3 weeks ago
dummy-test-package-rubino asaleh, orphan, packagerbot, 3 weeks ago
patrikp, scoady, wwoods
edac-utils orphan 3 weeks ago
elog orphan 6 weeks ago
erlang-certifi erlang-maint-sig, orphan 4 weeks ago
erlang-cf erlang-maint-sig, orphan 4 weeks ago
erlang-cth_readable erlang-maint-sig, orphan 4 weeks ago
erlang-erlware_commons erlang-maint-sig, orphan 4 weeks ago
erlang-eunit_formatters erlang-maint-sig, orphan 4 weeks ago
erlang-exometer_core orphan 3 weeks ago
erlang-hex_core erlang-maint-sig, orphan 4 weeks ago
erlang-protobuffs orphan 3 weeks ago
erlang-providers erlang-maint-sig, orphan 4 weeks ago
erlang-relx erlang-maint-sig, orphan 4 weeks ago
erlang-riak_api bowlofeggs, erlang-maint-sig, 3 weeks ago
orphan
erlang-riak_core bowlofeggs, erlang-maint-sig, 3 weeks ago
orphan
erlang-ssl_verify_fun erlang-maint-sig, orphan 4 weeks ago
erlang-triq orphan 3 weeks ago
fennel epel-packagers-sig, lua- 3 weeks ago
packagers-sig, orphan
forbidden-apis jvanek, orphan 3 weeks ago
gdata-sharp moezroy, orphan, tpokorra 3 weeks ago
gfm orphan 6 weeks ago
gnu-getopt dwalluck, mizdebsk, orphan 3 weeks ago
golang-github-beevik-ntp go-sig, orphan 2 weeks ago
golang-github-dgraph-io-badger orphan 6 weeks ago
golang-github-dgraph-io- orphan 6 weeks ago
ristretto
golang-github-ema-qdisc go-sig, orphan 2 weeks ago
golang-github-geziyor orphan 6 weeks ago
golang-github-kolo-xmlrpc go-sig, orphan 2 weeks ago
golang-github-mdlayher- go-sig, orphan 2 weeks ago
genetlink
golang-github-mdlayher-wifi go-sig, orphan 2 weeks ago
golang-github-milochristiansen- go-sig, orphan 6 weeks ago
axis2
golang-github-milochristiansen- go-sig, orphan 6 weeks ago
lua
golang-github-soundcloud-runit go-sig, orphan 2 weeks ago
ipmitool branto, jridky, orphan, 0 weeks ago
pcahyna, praveenp
jsap orphan 3 weeks ago
k3guitune orphan 3 weeks ago
kexi kde-sig, orphan 0 weeks ago
komparator orphan 3 weeks ago
latex-mk orphan 3 weeks ago
libcxl orphan 5 weeks ago
libgaiagraphics orphan 3 weeks ago
libocxl orphan 5 weeks ago
librfid orphan 3 weeks ago
libticables2 orphan 6 weeks ago
libticalcs2 orphan 6 weeks ago
libticonv orphan 6 weeks ago
libtifiles2 orphan 6 weeks ago
llvm11.0 orphan, tstellar 3 weeks ago
mingw-colord-gtk gnome-sig, orphan 3 weeks ago
mir orphan 2 weeks ago
mygui orphan 6 weeks ago
naabu go-sig, orphan 3 weeks ago
netcf berrange, orphan 3 weeks ago
nuclei go-sig, orphan 3 weeks ago
oci-kvm-hook orphan 3 weeks ago
pam_mount lupinix, orphan, steve 3 weeks ago
passenger kanarip, orphan 3 weeks ago
perl-OpenOffice-UNO filabrazilska, orphan, scenek 3 weeks ago
plantuml gil, orphan 0 weeks ago
plasma-applet-redshift-control kde-sig, lupinix, orphan 3 weeks ago
postgres-decoderbufs fjanus, hhorak, orphan, 3 weeks ago
panovotn
purple-mattermost orphan 6 weeks ago
python-sockjs-tornado orphan, python-sig 6 weeks ago
qotd orphan 6 weeks ago
quasselgrep orphan 6 weeks ago
qwtpolar orphan 3 weeks ago
rubygem-simple-navigation orphan 3 weeks ago
rubygem-six orphan 3 weeks ago
rust-ruma-events orphan, rust-sig 3 weeks ago
seahorse-sharing gnome-sig, orphan, stefw 3 weeks ago
shuffledns go-sig, orphan 3 weeks ago
spasm-ng orphan 6 weeks ago
sugar-visualmatch orphan 3 weeks ago
tfdocgen orphan 6 weeks ago
tilp2 orphan 6 weeks ago
trafshow orphan 3 weeks ago
treefrog-framework orphan 6 weeks ago
truth orphan 3 weeks ago
uglify-js1 nodejs-sig, orphan, patches 6 weeks ago
umph orphan 1 weeks ago
unshield orphan 6 weeks ago
vanessa_logger orphan 3 weeks ago
vgrive orphan 3 weeks ago
wxpdfdoc orphan, swt2c 3 weeks ago
xfce4-equake-plugin cheese, orphan 3 weeks ago
xoreos-tools orphan 6 weeks ago
yecht orphan 3 weeks ago
yydebug orphan 3 weeks ago
zgrab2 orphan 6 weeks ago
The following packages require above mentioned packages:
Report too long, see the full version at
https://churchyard.fedorapeople.org/orphans-2021-11-22.txt
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
abbot: truth
abbra: ipmitool
achernya: truth
adev: truth
adrian: truth
akoutsou: golang-github-kolo-xmlrpc
alakatos: truth
alexl: truth
am1g0: truth
andreamanzi: truth
anoopcs: ipmitool
asaleh: dummy-test-package-rubino
asn: ipmitool
atim: truth
avagin: truth
avsej: truth
berrange: netcf, ipmitool
besser82: ipmitool
bofh80: golang-github-kolo-xmlrpc
bonzini: ipmitool
bowlofeggs: erlang-riak_core, erlang-riak_api, erlang-exometer_core,
erlang-triq, erlang-protobuffs
branto: ipmitool
bruno: truth
caillon: truth
caolanm: truth
carlwgeorge: truth
cfeist: ipmitool
cheese: xfce4-equake-plugin
churchyard: truth
clalance: ipmitool
cockpit: golang-github-kolo-xmlrpc
codeblock: erlang-triq, erlang-protobuffs
comzeradd: truth
crobinso: ipmitool
dang: ipmitool
ddd: truth
defolos: truth
deji: truth
denisarnaud: truth
devos: ipmitool
dwalluck: gnu-getopt
dwmw2: ipmitool
dwrobel: plantuml
eclipseo: golang-github-ema-qdisc, golang-github-mdlayher-wifi,
golang-github-mdlayher-genetlink, truth, golang-github-soundcloud-runit,
golang-github-kolo-xmlrpc, golang-github-beevik-ntp
ehabkost: ipmitool
epel-packagers-sig: fennel
erlang-maint-sig: erlang-cf, erlang-riak_core, erlang-erlware_commons,
erlang-riak_api, erlang-providers, erlang-hex_core, erlang-eunit_formatters,
erlang-certifi, erlang-cth_readable, erlang-ssl_verify_fun, erlang-relx,
erlang-exometer_core, erlang-triq, erlang-protobuffs
etrunko: truth
fab: truth
fale: chck
fantom: truth
filabrazilska: erlang-triq, erlang-protobuffs, perl-OpenOffice-UNO
filbranden: truth
fjanus: postgres-decoderbufs
fnux: erlang-triq, erlang-protobuffs
fujiwara: truth
gbitzes: truth
gd: ipmitool
gferon: truth
gil: plantuml
gnome-sig: mingw-colord-gtk, seahorse-sharing
go-sig: naabu, golang-github-ema-qdisc, chaos-client,
golang-github-mdlayher-genetlink, golang-github-mdlayher-wifi, nuclei, truth,
golang-github-soundcloud-runit, golang-github-kolo-xmlrpc,
golang-github-beevik-ntp, golang-github-milochristiansen-axis2, shuffledns,
crlfuzz, golang-github-milochristiansen-lua
grover: ipmitool
hguemar: truth
hhorak: postgres-decoderbufs, concurrent-trees, truth
hno: truth
hubbitus: vanessa_logger, truth
hvad: truth
iboukris: ipmitool
icheishvili: erlang-triq, erlang-protobuffs
idevat: ipmitool
ignatenkobrain: rust-ruma-events, truth
infra-sig: truth
jarrpa: ipmitool
java-sig: truth
jcline: erlang-triq, erlang-protobuffs
jcpunk: ipmitool
jeckersb: erlang-triq, erlang-protobuffs
jforbes: ipmitool
jiffintt: ipmitool
jjanco: truth
jjg: truth
jkucera: truth
jlayton: ipmitool
jlcjohn: truth
jmlich: truth
jonny: truth
jreznik: truth
jridky: truth, ipmitool
jskarvad: truth
jsteffan: truth, ipmitool
jstephen: ipmitool
jvanek: forbidden-apis
kanarip: passenger
kde-sig: plasma-applet-redshift-control, kexi, truth
kevin: ipmitool
kkeithle: ipmitool
kkofler: truth
konradm: truth
kwizart: truth
laine: ipmitool
larsu: golang-github-kolo-xmlrpc
leamas: jsap
lef: bytelist
leigh123linux: ipmitool
libvirt-maint: ipmitool
limb: truth
linkdupont: truth
ljavorsk: truth
lkundrak: erlang-triq, erlang-protobuffs, ipmitool
lua-packagers-sig: fennel
lupinix: pam_mount, plasma-applet-redshift-control
martinlanghoff: erlang-triq, erlang-protobuffs
martinpitt: golang-github-kolo-xmlrpc
marx: ipmitool
mayorga: truth
mbarnes: truth
mcrha: truth
mhayden: truth
michaelc: ipmitool
mikep: truth
mizdebsk: gnu-getopt, truth
mjakubicek: truth
mkulik: truth
mlisik: ipmitool
mlombard: ipmitool
mmuzila: truth
moceap: truth
moezroy: gdata-sharp
mruprich: truth
mschorm: truth
msehnout: golang-github-kolo-xmlrpc
mstevens: truth
music: truth
musuruan: truth
nforro: truth
ngompa: truth
njha: truth
nodejs-sig: uglify-js1
nonamedotc: ipmitool
oalbrigt: ipmitool
obnox: ipmitool
obudai: golang-github-kolo-xmlrpc
ochosi: golang-github-kolo-xmlrpc
odubaj: truth
okeeble: truth
olem: golang-github-kolo-xmlrpc
omular: ipmitool
orion: truth
osier: ipmitool
packagerbot: dummy-test-package-rubino
packit: golang-github-kolo-xmlrpc
panovotn: postgres-decoderbufs
patches: uglify-js1
patrikp: dummy-test-package-rubino
pbrobinson: truth
pcahyna: ipmitool
pemensik: truth
peter: erlang-cf, erlang-riak_core, erlang-erlware_commons, erlang-providers,
erlang-hex_core, erlang-eunit_formatters, erlang-certifi, erlang-cth_readable,
erlang-ssl_verify_fun, erlang-relx, erlang-exometer_core, erlang-triq,
erlang-protobuffs
piotrp: truth
ppisar: truth
praveenp: ipmitool
pwalter: truth
python-sig: python-sockjs-tornado, truth
quintela: ipmitool
rathann: ipmitool
rdieter: truth
rebus: truth
rhughes: truth
rjones: ipmitool
rmattes: truth
robotics-sig: truth
rocha: truth
rsroka: truth
rstoyanov: truth
rstrode: truth
ruben: truth
rust-sig: rust-ruma-events, truth
s4504kr: erlang-triq, erlang-protobuffs
sagitter: truth
salimma: truth
sandeen: truth
scenek: perl-OpenOffice-UNO
scitech_sig: truth
scoady: dummy-test-package-rubino
sergiomb: truth
simo: ipmitool
skoduri: ipmitool
skottler: erlang-triq, erlang-protobuffs
smani: libgaiagraphics, truth
ssp: truth
stefw: seahorse-sharing
steve: pam_mount
swt2c: wxpdfdoc
tagoh: truth
tartare: truth
tdawson: truth
terjeros: ipmitool
than: truth
thofmann: truth
timn: truth
tjikkun: truth
tmraz: PyPAM
tojeline: ipmitool
tomegun: golang-github-kolo-xmlrpc
tomh: truth
torbuntu: truth
tpokorra: gdata-sharp
tstellar: llvm11.0
van: truth
vascom: truth, ipmitool
veillard: ipmitool
virtmaint-sig: ipmitool
vjancik: truth
vokac: truth
volter: truth
wwoods: dummy-test-package-rubino
xavierb: erlang-triq, erlang-protobuffs
xiubli: ipmitool
yanqiyu: truth
zfridric: truth
zmiklank: truth
zvetlik: chck
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2021-11-22.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
Java-WebSocket orphan 3 weeks ago
PyPAM orphan, tmraz 1 weeks ago
arduino-ctags orphan 3 weeks ago
asl orphan 3 weeks ago
bitlbee-discord orphan 6 weeks ago
bytelist lef, orphan 3 weeks ago
cAudio orphan 6 weeks ago
chaos-client go-sig, orphan 3 weeks ago
chck fale, orphan, zvetlik 3 weeks ago
concurrent-trees hhorak, orphan 3 weeks ago
conky-manager orphan 3 weeks ago
couchdb orphan 3 weeks ago
crlfuzz go-sig, orphan 3 weeks ago
cuetools orphan 3 weeks ago
dummy-test-package-rubino asaleh, orphan, packagerbot, 3 weeks ago
patrikp, scoady, wwoods
edac-utils orphan 3 weeks ago
elog orphan 6 weeks ago
erlang-certifi erlang-maint-sig, orphan 4 weeks ago
erlang-cf erlang-maint-sig, orphan 4 weeks ago
erlang-cth_readable erlang-maint-sig, orphan 4 weeks ago
erlang-erlware_commons erlang-maint-sig, orphan 4 weeks ago
erlang-eunit_formatters erlang-maint-sig, orphan 4 weeks ago
erlang-exometer_core orphan 3 weeks ago
erlang-hex_core erlang-maint-sig, orphan 4 weeks ago
erlang-protobuffs orphan 3 weeks ago
erlang-providers erlang-maint-sig, orphan 4 weeks ago
erlang-relx erlang-maint-sig, orphan 4 weeks ago
erlang-riak_api bowlofeggs, erlang-maint-sig, 3 weeks ago
orphan
erlang-riak_core bowlofeggs, erlang-maint-sig, 3 weeks ago
orphan
erlang-ssl_verify_fun erlang-maint-sig, orphan 4 weeks ago
erlang-triq orphan 3 weeks ago
fennel epel-packagers-sig, lua- 3 weeks ago
packagers-sig, orphan
forbidden-apis jvanek, orphan 3 weeks ago
gdata-sharp moezroy, orphan, tpokorra 3 weeks ago
gfm orphan 6 weeks ago
gnu-getopt dwalluck, mizdebsk, orphan 3 weeks ago
golang-github-beevik-ntp go-sig, orphan 2 weeks ago
golang-github-dgraph-io-badger orphan 6 weeks ago
golang-github-dgraph-io- orphan 6 weeks ago
ristretto
golang-github-ema-qdisc go-sig, orphan 2 weeks ago
golang-github-geziyor orphan 6 weeks ago
golang-github-kolo-xmlrpc go-sig, orphan 2 weeks ago
golang-github-mdlayher- go-sig, orphan 2 weeks ago
genetlink
golang-github-mdlayher-wifi go-sig, orphan 2 weeks ago
golang-github-milochristiansen- go-sig, orphan 6 weeks ago
axis2
golang-github-milochristiansen- go-sig, orphan 6 weeks ago
lua
golang-github-soundcloud-runit go-sig, orphan 2 weeks ago
ipmitool branto, jridky, orphan, 0 weeks ago
pcahyna, praveenp
jsap orphan 3 weeks ago
k3guitune orphan 3 weeks ago
kexi kde-sig, orphan 0 weeks ago
komparator orphan 3 weeks ago
latex-mk orphan 3 weeks ago
libcxl orphan 5 weeks ago
libgaiagraphics orphan 3 weeks ago
libocxl orphan 5 weeks ago
librfid orphan 3 weeks ago
libticables2 orphan 6 weeks ago
libticalcs2 orphan 6 weeks ago
libticonv orphan 6 weeks ago
libtifiles2 orphan 6 weeks ago
llvm11.0 orphan, tstellar 3 weeks ago
mingw-colord-gtk gnome-sig, orphan 3 weeks ago
mir orphan 2 weeks ago
mygui orphan 6 weeks ago
naabu go-sig, orphan 3 weeks ago
netcf berrange, orphan 3 weeks ago
nuclei go-sig, orphan 3 weeks ago
oci-kvm-hook orphan 3 weeks ago
pam_mount lupinix, orphan, steve 3 weeks ago
passenger kanarip, orphan 3 weeks ago
perl-OpenOffice-UNO filabrazilska, orphan, scenek 3 weeks ago
plantuml gil, orphan 0 weeks ago
plasma-applet-redshift-control kde-sig, lupinix, orphan 3 weeks ago
postgres-decoderbufs fjanus, hhorak, orphan, 3 weeks ago
panovotn
purple-mattermost orphan 6 weeks ago
python-sockjs-tornado orphan, python-sig 6 weeks ago
qotd orphan 6 weeks ago
quasselgrep orphan 6 weeks ago
qwtpolar orphan 3 weeks ago
rubygem-simple-navigation orphan 3 weeks ago
rubygem-six orphan 3 weeks ago
rust-ruma-events orphan, rust-sig 3 weeks ago
seahorse-sharing gnome-sig, orphan, stefw 3 weeks ago
shuffledns go-sig, orphan 3 weeks ago
spasm-ng orphan 6 weeks ago
sugar-visualmatch orphan 3 weeks ago
tfdocgen orphan 6 weeks ago
tilp2 orphan 6 weeks ago
trafshow orphan 3 weeks ago
treefrog-framework orphan 6 weeks ago
truth orphan 3 weeks ago
uglify-js1 nodejs-sig, orphan, patches 6 weeks ago
umph orphan 1 weeks ago
unshield orphan 6 weeks ago
vanessa_logger orphan 3 weeks ago
vgrive orphan 3 weeks ago
wxpdfdoc orphan, swt2c 3 weeks ago
xfce4-equake-plugin cheese, orphan 3 weeks ago
xoreos-tools orphan 6 weeks ago
yecht orphan 3 weeks ago
yydebug orphan 3 weeks ago
zgrab2 orphan 6 weeks ago
The following packages require above mentioned packages:
Report too long, see the full version at
https://churchyard.fedorapeople.org/orphans-2021-11-22.txt
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
abbot: truth
abbra: ipmitool
achernya: truth
adev: truth
adrian: truth
akoutsou: golang-github-kolo-xmlrpc
alakatos: truth
alexl: truth
am1g0: truth
andreamanzi: truth
anoopcs: ipmitool
asaleh: dummy-test-package-rubino
asn: ipmitool
atim: truth
avagin: truth
avsej: truth
berrange: netcf, ipmitool
besser82: ipmitool
bofh80: golang-github-kolo-xmlrpc
bonzini: ipmitool
bowlofeggs: erlang-riak_core, erlang-riak_api, erlang-exometer_core,
erlang-triq, erlang-protobuffs
branto: ipmitool
bruno: truth
caillon: truth
caolanm: truth
carlwgeorge: truth
cfeist: ipmitool
cheese: xfce4-equake-plugin
churchyard: truth
clalance: ipmitool
cockpit: golang-github-kolo-xmlrpc
codeblock: erlang-triq, erlang-protobuffs
comzeradd: truth
crobinso: ipmitool
dang: ipmitool
ddd: truth
defolos: truth
deji: truth
denisarnaud: truth
devos: ipmitool
dwalluck: gnu-getopt
dwmw2: ipmitool
dwrobel: plantuml
eclipseo: golang-github-ema-qdisc, golang-github-mdlayher-wifi,
golang-github-mdlayher-genetlink, truth, golang-github-soundcloud-runit,
golang-github-kolo-xmlrpc, golang-github-beevik-ntp
ehabkost: ipmitool
epel-packagers-sig: fennel
erlang-maint-sig: erlang-cf, erlang-riak_core, erlang-erlware_commons,
erlang-riak_api, erlang-providers, erlang-hex_core, erlang-eunit_formatters,
erlang-certifi, erlang-cth_readable, erlang-ssl_verify_fun, erlang-relx,
erlang-exometer_core, erlang-triq, erlang-protobuffs
etrunko: truth
fab: truth
fale: chck
fantom: truth
filabrazilska: erlang-triq, erlang-protobuffs, perl-OpenOffice-UNO
filbranden: truth
fjanus: postgres-decoderbufs
fnux: erlang-triq, erlang-protobuffs
fujiwara: truth
gbitzes: truth
gd: ipmitool
gferon: truth
gil: plantuml
gnome-sig: mingw-colord-gtk, seahorse-sharing
go-sig: naabu, golang-github-ema-qdisc, chaos-client,
golang-github-mdlayher-genetlink, golang-github-mdlayher-wifi, nuclei, truth,
golang-github-soundcloud-runit, golang-github-kolo-xmlrpc,
golang-github-beevik-ntp, golang-github-milochristiansen-axis2, shuffledns,
crlfuzz, golang-github-milochristiansen-lua
grover: ipmitool
hguemar: truth
hhorak: postgres-decoderbufs, concurrent-trees, truth
hno: truth
hubbitus: vanessa_logger, truth
hvad: truth
iboukris: ipmitool
icheishvili: erlang-triq, erlang-protobuffs
idevat: ipmitool
ignatenkobrain: rust-ruma-events, truth
infra-sig: truth
jarrpa: ipmitool
java-sig: truth
jcline: erlang-triq, erlang-protobuffs
jcpunk: ipmitool
jeckersb: erlang-triq, erlang-protobuffs
jforbes: ipmitool
jiffintt: ipmitool
jjanco: truth
jjg: truth
jkucera: truth
jlayton: ipmitool
jlcjohn: truth
jmlich: truth
jonny: truth
jreznik: truth
jridky: truth, ipmitool
jskarvad: truth
jsteffan: truth, ipmitool
jstephen: ipmitool
jvanek: forbidden-apis
kanarip: passenger
kde-sig: plasma-applet-redshift-control, kexi, truth
kevin: ipmitool
kkeithle: ipmitool
kkofler: truth
konradm: truth
kwizart: truth
laine: ipmitool
larsu: golang-github-kolo-xmlrpc
leamas: jsap
lef: bytelist
leigh123linux: ipmitool
libvirt-maint: ipmitool
limb: truth
linkdupont: truth
ljavorsk: truth
lkundrak: erlang-triq, erlang-protobuffs, ipmitool
lua-packagers-sig: fennel
lupinix: pam_mount, plasma-applet-redshift-control
martinlanghoff: erlang-triq, erlang-protobuffs
martinpitt: golang-github-kolo-xmlrpc
marx: ipmitool
mayorga: truth
mbarnes: truth
mcrha: truth
mhayden: truth
michaelc: ipmitool
mikep: truth
mizdebsk: gnu-getopt, truth
mjakubicek: truth
mkulik: truth
mlisik: ipmitool
mlombard: ipmitool
mmuzila: truth
moceap: truth
moezroy: gdata-sharp
mruprich: truth
mschorm: truth
msehnout: golang-github-kolo-xmlrpc
mstevens: truth
music: truth
musuruan: truth
nforro: truth
ngompa: truth
njha: truth
nodejs-sig: uglify-js1
nonamedotc: ipmitool
oalbrigt: ipmitool
obnox: ipmitool
obudai: golang-github-kolo-xmlrpc
ochosi: golang-github-kolo-xmlrpc
odubaj: truth
okeeble: truth
olem: golang-github-kolo-xmlrpc
omular: ipmitool
orion: truth
osier: ipmitool
packagerbot: dummy-test-package-rubino
packit: golang-github-kolo-xmlrpc
panovotn: postgres-decoderbufs
patches: uglify-js1
patrikp: dummy-test-package-rubino
pbrobinson: truth
pcahyna: ipmitool
pemensik: truth
peter: erlang-cf, erlang-riak_core, erlang-erlware_commons, erlang-providers,
erlang-hex_core, erlang-eunit_formatters, erlang-certifi, erlang-cth_readable,
erlang-ssl_verify_fun, erlang-relx, erlang-exometer_core, erlang-triq,
erlang-protobuffs
piotrp: truth
ppisar: truth
praveenp: ipmitool
pwalter: truth
python-sig: python-sockjs-tornado, truth
quintela: ipmitool
rathann: ipmitool
rdieter: truth
rebus: truth
rhughes: truth
rjones: ipmitool
rmattes: truth
robotics-sig: truth
rocha: truth
rsroka: truth
rstoyanov: truth
rstrode: truth
ruben: truth
rust-sig: rust-ruma-events, truth
s4504kr: erlang-triq, erlang-protobuffs
sagitter: truth
salimma: truth
sandeen: truth
scenek: perl-OpenOffice-UNO
scitech_sig: truth
scoady: dummy-test-package-rubino
sergiomb: truth
simo: ipmitool
skoduri: ipmitool
skottler: erlang-triq, erlang-protobuffs
smani: libgaiagraphics, truth
ssp: truth
stefw: seahorse-sharing
steve: pam_mount
swt2c: wxpdfdoc
tagoh: truth
tartare: truth
tdawson: truth
terjeros: ipmitool
than: truth
thofmann: truth
timn: truth
tjikkun: truth
tmraz: PyPAM
tojeline: ipmitool
tomegun: golang-github-kolo-xmlrpc
tomh: truth
torbuntu: truth
tpokorra: gdata-sharp
tstellar: llvm11.0
van: truth
vascom: truth, ipmitool
veillard: ipmitool
virtmaint-sig: ipmitool
vjancik: truth
vokac: truth
volter: truth
wwoods: dummy-test-package-rubino
xavierb: erlang-triq, erlang-protobuffs
xiubli: ipmitool
yanqiyu: truth
zfridric: truth
zmiklank: truth
zvetlik: chck
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Thursday, November 18, 2021
[USN-5152-1] Thunderbird vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5152-1
November 18, 2021
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass security restrictions, spoof the UI, confuse the user, conduct
phishing attacks, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
thunderbird 1:91.3.1+build1-0ubuntu0.21.10.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5152-1
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38509
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:91.3.1+build1-0ubuntu0.21.10.1
Ubuntu Security Notice USN-5152-1
November 18, 2021
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass security restrictions, spoof the UI, confuse the user, conduct
phishing attacks, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
thunderbird 1:91.3.1+build1-0ubuntu0.21.10.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5152-1
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38509
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:91.3.1+build1-0ubuntu0.21.10.1
[USN-5151-1] Mailman vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5151-1
November 18, 2021
mailman vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Mailman.
Software Description:
- mailman: Web-based mailing list manager
Details:
It was discovered that Mailman incorrectly handled certain URL.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-43331)
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-43332)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mailman 1:2.1.26-1ubuntu0.5
Ubuntu 16.04 ESM:
mailman 1:2.1.20-1ubuntu0.6+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5151-1
CVE-2021-43331, CVE-2021-43332, https://launchpad.net/bugs/1949401, https://launchpad.net/mailman/+bug/1949403
Package Information:
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.5
Ubuntu Security Notice USN-5151-1
November 18, 2021
mailman vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Mailman.
Software Description:
- mailman: Web-based mailing list manager
Details:
It was discovered that Mailman incorrectly handled certain URL.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-43331)
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-43332)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mailman 1:2.1.26-1ubuntu0.5
Ubuntu 16.04 ESM:
mailman 1:2.1.20-1ubuntu0.6+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5151-1
CVE-2021-43331, CVE-2021-43332, https://launchpad.net/bugs/1949401, https://launchpad.net/mailman/+bug/1949403
Package Information:
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.5
Wednesday, November 17, 2021
[CentOS-announce] CESA-2021:4134 Important CentOS 7 thunderbird Security Update
CentOS Errata and Security Advisory 2021:4134 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4134
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
36259b436231dc4bfc0fb0c9db4b4bcb6693260e26b5c858fed3e11c71a5be0a thunderbird-91.3.0-2.el7.centos.x86_64.rpm
Source:
38c680ecadd599b7195652d34ac032c350a2b98be21334d5891f248862e840fc thunderbird-91.3.0-2.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4134
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
36259b436231dc4bfc0fb0c9db4b4bcb6693260e26b5c858fed3e11c71a5be0a thunderbird-91.3.0-2.el7.centos.x86_64.rpm
Source:
38c680ecadd599b7195652d34ac032c350a2b98be21334d5891f248862e840fc thunderbird-91.3.0-2.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2021:3841 Important CentOS 7 thunderbird Security Update
CentOS Errata and Security Advisory 2021:3841 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2021:3841
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
69ae41a6c3ac23339ec68078341f79bf409340725c4349483ba59ace78f79028 thunderbird-91.2.0-1.el7.centos.x86_64.rpm
Source:
2c5ef7f7281f2aa16ad9c0c8179703f8980c388e43bb0add565e73005addb358 thunderbird-91.2.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2021:3841
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
69ae41a6c3ac23339ec68078341f79bf409340725c4349483ba59ace78f79028 thunderbird-91.2.0-1.el7.centos.x86_64.rpm
Source:
2c5ef7f7281f2aa16ad9c0c8179703f8980c388e43bb0add565e73005addb358 thunderbird-91.2.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2021:4116 Important CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2021:4116 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4116
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
91c597c3c15155bea7576d423bb897ce5644669e24f2b918fb694fe845700c49 firefox-91.3.0-1.el7.centos.i686.rpm
6d5b1649b1e98557b5173af9108f9a86fc71dcf1bec82baed2b16dc82c6491d4 firefox-91.3.0-1.el7.centos.x86_64.rpm
Source:
3a8936f56624f3c8f1740d0eb997811a3a25511c2ce95d8aafcdcfc4cf682438 firefox-91.3.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2021:4116
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
91c597c3c15155bea7576d423bb897ce5644669e24f2b918fb694fe845700c49 firefox-91.3.0-1.el7.centos.i686.rpm
6d5b1649b1e98557b5173af9108f9a86fc71dcf1bec82baed2b16dc82c6491d4 firefox-91.3.0-1.el7.centos.x86_64.rpm
Source:
3a8936f56624f3c8f1740d0eb997811a3a25511c2ce95d8aafcdcfc4cf682438 firefox-91.3.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Subscribe to:
Posts (Atom)