==========================================================================
Ubuntu Security Notice USN-3430-2
October 03, 2017
dnsmasq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Dnsmasq.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service, or possibly execute arbitrary code.
(CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router
advertisements. A remote attacker could use this issue to cause
Dnsmasq to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service, or possibly execute arbitrary code.
(CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory
contents. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to consume memory,
resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
dnsmasq 2.59-4ubuntu0.3
dnsmasq-base 2.59-4ubuntu0.3
dnsmasq-utils 2.59-4ubuntu0.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3430-2
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
Tuesday, October 3, 2017
Monday, October 2, 2017
[CentOS-announce] CESA-2017:2836 Critical CentOS 7 dnsmasq Security Update
CentOS Errata and Security Advisory 2017:2836 Critical
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2836
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
4116649e1e436cbc3a5cb3f63fab5b4ddd060a3eec2677ef86319abac5fc39a0 dnsmasq-2.76-2.el7_4.2.x86_64.rpm
e6021c48d7461251abf4a6bdbadc493ec435150bc63e57c255196e267fb3e7e1 dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Source:
41f44e7d21c87685a8cfe3558f6cb37f1e87d998e7f5e8bc383e6c3471826443 dnsmasq-2.76-2.el7_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2836
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
4116649e1e436cbc3a5cb3f63fab5b4ddd060a3eec2677ef86319abac5fc39a0 dnsmasq-2.76-2.el7_4.2.x86_64.rpm
e6021c48d7461251abf4a6bdbadc493ec435150bc63e57c255196e267fb3e7e1 dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Source:
41f44e7d21c87685a8cfe3558f6cb37f1e87d998e7f5e8bc383e6c3471826443 dnsmasq-2.76-2.el7_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2017:2838 Critical CentOS 6 dnsmasq Security Update
CentOS Errata and Security Advisory 2017:2838 Critical
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2838
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
973d0342cc189e8a76a86645b13dddf1582019cb96446f85b68611d8b69249c3 dnsmasq-2.48-18.el6_9.i686.rpm
d97113cf1641a9c46aedd5c4b0d1091ae07ac179e3261334d4bd256186bfbd34 dnsmasq-utils-2.48-18.el6_9.i686.rpm
x86_64:
15647fdea6bbf90bce5b5127dc2da0a0d0b338381dbb73fd1193b7f061986e97 dnsmasq-2.48-18.el6_9.x86_64.rpm
5e62a539a1ab5635ef908109dddb971f68cf476d0efe0475928274f16f207df7 dnsmasq-utils-2.48-18.el6_9.x86_64.rpm
Source:
ddc31b1822ac164af8bdc2f4947f2a760644b1e6c797e6403ef381949ae68109 dnsmasq-2.48-18.el6_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2838
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
973d0342cc189e8a76a86645b13dddf1582019cb96446f85b68611d8b69249c3 dnsmasq-2.48-18.el6_9.i686.rpm
d97113cf1641a9c46aedd5c4b0d1091ae07ac179e3261334d4bd256186bfbd34 dnsmasq-utils-2.48-18.el6_9.i686.rpm
x86_64:
15647fdea6bbf90bce5b5127dc2da0a0d0b338381dbb73fd1193b7f061986e97 dnsmasq-2.48-18.el6_9.x86_64.rpm
5e62a539a1ab5635ef908109dddb971f68cf476d0efe0475928274f16f207df7 dnsmasq-utils-2.48-18.el6_9.x86_64.rpm
Source:
ddc31b1822ac164af8bdc2f4947f2a760644b1e6c797e6403ef381949ae68109 dnsmasq-2.48-18.el6_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-3435-1] Firefox vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJZ0sYyAAoJEGEfvezVlG4P2lQH/i2rQll1m3YO2KIL6HPIcb3G
PDtd/0UIyg0+J7UAFzcREE1lfvd213qakUQuHEubdXKjIymF9guhx3KZcdLAmwiC
5gU+ZFW5tuukMdP8lqGY8lK7EtiwhPeIwgCZpPvOq1LxOYOJypdGVcJFrL+It2jE
GVxRmO3GZtZJlJ/Bt+YnpRhS7RV5Wp8vT1o+4bUoutrsoEH99pl3axBhDeW7wYxg
BWjFcVoUqo9zAMaw5kXYxNwQf3E90vskFasn4kPVuIz07KbRhDw45kglSrIs91+V
AQ5cYuhuz3vy9lHupeRcL1WVcomIp3UxclwS3hN8Exkj+1fyq/DstRfeCRDaq44=
=EB5L
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3435-1
October 02, 2017
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, obtain sensitive
information, bypass phishing and malware protection, spoof the origin in
modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812,
CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819,
CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)
Martin Thomson discovered that NSS incorrectly generated handshake hashes.
A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-7805)
Multiple security issues were discovered in WebExtensions. If a user were
tricked in to installing a specially crafted extension, an attacker could
potentially exploit these to download and open non-executable files
without interaction, or obtain elevated privileges. (CVE-2017-7816,
CVE-2017-7821)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
firefox 56.0+build6-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
firefox 56.0+build6-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 56.0+build6-0ubuntu0.14.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3435-1
CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811,
CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815,
CVE-2017-7816, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820,
CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
Package Information:
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.14.04.1
iQEcBAEBCAAGBQJZ0sYyAAoJEGEfvezVlG4P2lQH/i2rQll1m3YO2KIL6HPIcb3G
PDtd/0UIyg0+J7UAFzcREE1lfvd213qakUQuHEubdXKjIymF9guhx3KZcdLAmwiC
5gU+ZFW5tuukMdP8lqGY8lK7EtiwhPeIwgCZpPvOq1LxOYOJypdGVcJFrL+It2jE
GVxRmO3GZtZJlJ/Bt+YnpRhS7RV5Wp8vT1o+4bUoutrsoEH99pl3axBhDeW7wYxg
BWjFcVoUqo9zAMaw5kXYxNwQf3E90vskFasn4kPVuIz07KbRhDw45kglSrIs91+V
AQ5cYuhuz3vy9lHupeRcL1WVcomIp3UxclwS3hN8Exkj+1fyq/DstRfeCRDaq44=
=EB5L
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3435-1
October 02, 2017
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, obtain sensitive
information, bypass phishing and malware protection, spoof the origin in
modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812,
CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819,
CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)
Martin Thomson discovered that NSS incorrectly generated handshake hashes.
A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-7805)
Multiple security issues were discovered in WebExtensions. If a user were
tricked in to installing a specially crafted extension, an attacker could
potentially exploit these to download and open non-executable files
without interaction, or obtain elevated privileges. (CVE-2017-7816,
CVE-2017-7821)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
firefox 56.0+build6-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
firefox 56.0+build6-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 56.0+build6-0ubuntu0.14.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3435-1
CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811,
CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815,
CVE-2017-7816, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820,
CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
Package Information:
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/56.0+build6-0ubuntu0.14.04.1
[USN-3434-1] Libidn vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0n1vAAoJEGVp2FWnRL6Tak8QAIMbFL6BgDCuDfnxiKdwZXUQ
QuvKKY1D7FfhMfGHsz4AXwziHouvH414qIYlUwD9GvlD44WWSCfmOcDzKUiKtjO2
JGBcJ96pZDmhWsKbEhO4fwPLHKgQiNYBZxjQmmdwhgAss6tS615ol/uzidURs2Gh
36GUU1PuEY34l2nRI09BNpBQ3goOUMpWMv3YuP8p28zIjzBBNXeOnk76yTJ7XFdK
Y72UsEvyOJOcr5xGDQtlQU6ELBqbW391W/0Dqc66UJnaXKPZsfi5cVW850sLffR3
WyKeWPA+NEHj5WALgZphI9FgJ7kOYRvXsbzG6ooS9OFYQPt1VRobgf0hWbLx885g
3WgUzIz7qxX4M1ljvRjYFFJl6uD44LhVB85g8c6i3bKPdshvAa8ZMlQnyCksz0be
6xE5yUzsX/wR1H3Yu3tMEeofHGmB6AF76dRN5/hEoDoSue3Ggs3PtecKjy9T4gDK
IrODKfef3sLIicpPJ+FU8dHHRS1ppjPMX3U2JLILy4Yq2iRgsiwvmxIosX1ksrQl
fYze4thE+BKe4dKx+ZkS40yWwTrPbc8QhKC4Svaujy37LNpN9wLKzc+fNJ+yFE5u
xuOz7+YgrakxXefphDQaBTo6HiKKBAWbRpZgD9XSaYYKqSpIOCMSIssO80+T544B
aQKo66UI9PN3wmxQQgpv
=E9Q/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3434-1
October 02, 2017
libidn vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Libidn could be made to crash or run programs if it processed specially
crafted input.
Software Description:
- libidn: implementation of IETF IDN specifications
Details:
It was discovered that Libidn incorrectly handled decoding certain digits.
A remote attacker could use this issue to cause Libidn to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libidn11 1.33-1ubuntu0.1
Ubuntu 16.04 LTS:
libidn11 1.32-3ubuntu1.2
Ubuntu 14.04 LTS:
libidn11 1.28-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3434-1
CVE-2017-14062
Package Information:
https://launchpad.net/ubuntu/+source/libidn/1.33-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libidn/1.32-3ubuntu1.2
https://launchpad.net/ubuntu/+source/libidn/1.28-1ubuntu2.2
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0n1vAAoJEGVp2FWnRL6Tak8QAIMbFL6BgDCuDfnxiKdwZXUQ
QuvKKY1D7FfhMfGHsz4AXwziHouvH414qIYlUwD9GvlD44WWSCfmOcDzKUiKtjO2
JGBcJ96pZDmhWsKbEhO4fwPLHKgQiNYBZxjQmmdwhgAss6tS615ol/uzidURs2Gh
36GUU1PuEY34l2nRI09BNpBQ3goOUMpWMv3YuP8p28zIjzBBNXeOnk76yTJ7XFdK
Y72UsEvyOJOcr5xGDQtlQU6ELBqbW391W/0Dqc66UJnaXKPZsfi5cVW850sLffR3
WyKeWPA+NEHj5WALgZphI9FgJ7kOYRvXsbzG6ooS9OFYQPt1VRobgf0hWbLx885g
3WgUzIz7qxX4M1ljvRjYFFJl6uD44LhVB85g8c6i3bKPdshvAa8ZMlQnyCksz0be
6xE5yUzsX/wR1H3Yu3tMEeofHGmB6AF76dRN5/hEoDoSue3Ggs3PtecKjy9T4gDK
IrODKfef3sLIicpPJ+FU8dHHRS1ppjPMX3U2JLILy4Yq2iRgsiwvmxIosX1ksrQl
fYze4thE+BKe4dKx+ZkS40yWwTrPbc8QhKC4Svaujy37LNpN9wLKzc+fNJ+yFE5u
xuOz7+YgrakxXefphDQaBTo6HiKKBAWbRpZgD9XSaYYKqSpIOCMSIssO80+T544B
aQKo66UI9PN3wmxQQgpv
=E9Q/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3434-1
October 02, 2017
libidn vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Libidn could be made to crash or run programs if it processed specially
crafted input.
Software Description:
- libidn: implementation of IETF IDN specifications
Details:
It was discovered that Libidn incorrectly handled decoding certain digits.
A remote attacker could use this issue to cause Libidn to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libidn11 1.33-1ubuntu0.1
Ubuntu 16.04 LTS:
libidn11 1.32-3ubuntu1.2
Ubuntu 14.04 LTS:
libidn11 1.28-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3434-1
CVE-2017-14062
Package Information:
https://launchpad.net/ubuntu/+source/libidn/1.33-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libidn/1.32-3ubuntu1.2
https://launchpad.net/ubuntu/+source/libidn/1.28-1ubuntu2.2
SL 7.4 x86_64 is officially released
Scientific Linux 7.4 x86_64 - Oct 2 2017
== Information ==
NOTE: Please review the SL Release Notes along with
The Upstream Vendor's Release Notes:
http://ftp.scientificlinux.org/linux/scientific/7.4/x86_64/release-notes/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html
There is a great deal of information within those documents not listed here.
Please run: yum clean expire-cache
== Media ==
You can find the release media at:
http://ftp.scientificlinux.org/linux/scientific/7.4/x86_64/iso/
Due to the size of the release, the 4.7gb Install media is discontinued.
We have retained the Dual Layer Install media.
Alternatively the livecd-iso-to-disk utility is able to convert
this to USB successfully. A USB device of sufficient size is
required.
Alternatively you can utilize the dd command to write the
raw image to a USB device.
http://ftp.scientificlinux.org/linux/scientific/7/x86_64/release-notes/#_how_to_make_a_bootable_usb_installer
== SL Specific Updates ==
.UEFI Secure Boot Chain
The boot packages (shim, grub2, kernel) are now signed by the
new Scientific Linux Secure Boot key.
If you use UEFI Secure Boot, you MUST import this new key
into your Machine Owner Key database.
If you do not use UEFI Secure Boot, no action is required.
For more information about Scientific Linux and Secure Boot
please review
http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/release-notes/#_about_uefi_secure_boot
https://listserv.fnal.gov/scripts/wa.exe?A2=SCIENTIFIC-LINUX-ANNOUNCE;2776c184.1707
.Iptables
iptables has been rebuilt with the fixes from RHBZ 1481207.
These patches resolve a bug where the iptables services report the
firewall is loaded when it is not. This bug primarily impacts dual
stack (IPv4 and IPv6) systems.
The upstream fix is still pending release.
.OpenAFS
OpenAFS has been updated to version 1.6.21 from openafs.org
.Anaconda User Help
The anaconda user help files are now correctly debranded.
Thanks for the bug report Michael Tiernan!
== Known Issues ==
.libgpod
Users of the EPEL libgpod package may need to run
yum downgrade libgpod
before running yum update
.MATE and Cinnamon
We have encountered some display issues with the MATE and
Cinnamon desktops as provided by EPEL-7.
The exact causes are unclear.
== UEFI Secure Boot ==
The status of UEFI Secure Boot for Scientific Linux is noted in detail at:
http://ftp.scientificlinux.org/linux/scientific/7/x86_64/release-notes/#_about_uefi_secure_boot
Booting SL7 with Secure Boot enabled works but requires a manual step.
This is because the "shim" has not been signed by the UEFI CA.
Instructions are included within the SL7 Release Notes.
== Information ==
NOTE: Please review the SL Release Notes along with
The Upstream Vendor's Release Notes:
http://ftp.scientificlinux.org/linux/scientific/7.4/x86_64/release-notes/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html
There is a great deal of information within those documents not listed here.
Please run: yum clean expire-cache
== Media ==
You can find the release media at:
http://ftp.scientificlinux.org/linux/scientific/7.4/x86_64/iso/
Due to the size of the release, the 4.7gb Install media is discontinued.
We have retained the Dual Layer Install media.
Alternatively the livecd-iso-to-disk utility is able to convert
this to USB successfully. A USB device of sufficient size is
required.
Alternatively you can utilize the dd command to write the
raw image to a USB device.
http://ftp.scientificlinux.org/linux/scientific/7/x86_64/release-notes/#_how_to_make_a_bootable_usb_installer
== SL Specific Updates ==
.UEFI Secure Boot Chain
The boot packages (shim, grub2, kernel) are now signed by the
new Scientific Linux Secure Boot key.
If you use UEFI Secure Boot, you MUST import this new key
into your Machine Owner Key database.
If you do not use UEFI Secure Boot, no action is required.
For more information about Scientific Linux and Secure Boot
please review
http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/release-notes/#_about_uefi_secure_boot
https://listserv.fnal.gov/scripts/wa.exe?A2=SCIENTIFIC-LINUX-ANNOUNCE;2776c184.1707
.Iptables
iptables has been rebuilt with the fixes from RHBZ 1481207.
These patches resolve a bug where the iptables services report the
firewall is loaded when it is not. This bug primarily impacts dual
stack (IPv4 and IPv6) systems.
The upstream fix is still pending release.
.OpenAFS
OpenAFS has been updated to version 1.6.21 from openafs.org
.Anaconda User Help
The anaconda user help files are now correctly debranded.
Thanks for the bug report Michael Tiernan!
== Known Issues ==
.libgpod
Users of the EPEL libgpod package may need to run
yum downgrade libgpod
before running yum update
.MATE and Cinnamon
We have encountered some display issues with the MATE and
Cinnamon desktops as provided by EPEL-7.
The exact causes are unclear.
== UEFI Secure Boot ==
The status of UEFI Secure Boot for Scientific Linux is noted in detail at:
http://ftp.scientificlinux.org/linux/scientific/7/x86_64/release-notes/#_about_uefi_secure_boot
Booting SL7 with Secure Boot enabled works but requires a manual step.
This is because the "shim" has not been signed by the UEFI CA.
Instructions are included within the SL7 Release Notes.
[USN-3433-1] poppler vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3433-1
October 02, 2017
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
poppler could be made to crash if opened a specially crafted file.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that Poppler incorrectly handled certain files.
If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial service.
This issue only affected Ubuntu 17.04. (CVE-2017-14517)
It was discovered that Poppler incorrectly handled certain files.
If a user or automated system were tricked into opening a crafted PDF
file, an attacker could cause a denial of service. (CVE-2017-14519)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libpoppler64 0.48.0-2ubuntu2.2
poppler-utils 0.48.0-2ubuntu2.2
Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.3
poppler-utils 0.41.0-0ubuntu1.3
Ubuntu 14.04 LTS:
libpoppler44 0.24.5-2ubuntu4.6
poppler-utils 0.24.5-2ubuntu4.6
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3433-1
CVE-2017-14517, CVE-2017-14519
Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.48.0-2ubuntu2.2
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.3
https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubuntu4.6
Ubuntu Security Notice USN-3433-1
October 02, 2017
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
poppler could be made to crash if opened a specially crafted file.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that Poppler incorrectly handled certain files.
If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial service.
This issue only affected Ubuntu 17.04. (CVE-2017-14517)
It was discovered that Poppler incorrectly handled certain files.
If a user or automated system were tricked into opening a crafted PDF
file, an attacker could cause a denial of service. (CVE-2017-14519)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libpoppler64 0.48.0-2ubuntu2.2
poppler-utils 0.48.0-2ubuntu2.2
Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.3
poppler-utils 0.41.0-0ubuntu1.3
Ubuntu 14.04 LTS:
libpoppler44 0.24.5-2ubuntu4.6
poppler-utils 0.24.5-2ubuntu4.6
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3433-1
CVE-2017-14517, CVE-2017-14519
Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.48.0-2ubuntu2.2
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.3
https://launchpad.net/ubuntu/+source/poppler/0.24.5-2ubuntu4.6
[USN-3432-1] ca-certificates update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lchAAoJEGVp2FWnRL6TFBwQAJkW4N9b0pJGa9UjNJfZlSxP
Z5X2AMW2KxCegk8/TqBN08xBgT/yfG16FCDnmt4SHaE0XRdgJIfSoGf3E4nm92pj
m0awjgqqTAgqkeKYoXtPtAvH7zS7sj4pslC5n7W/C1Ab1DGcNJT8vk/Ze5iqI0+6
ea/RHbT77Go/VMfpW4CtHuUFPaqlyDFUFWcNGnWIK4S2ZczwI1qugJT7aEo89/BP
ZDZTUvbkitregPE2jxeVgYx8WzOXgXD+BreLAZdR1spiS1xmL7YPCIv9v75mEEuC
2wub7WqPx2bfwYuOLtdLBPdIQwJ0zOMbw5WvwKXdnxaNOBZvR4DuAncOLDw859oq
eJ5JRZ83aDCFQMlTQZWt2mJQ6V9itA3WKetd3P/hcDMovhhVCKJeKRZ50UqyeRbO
2PEbI2v6ZPJq93BzEGkYRIIvb5VlsXtkVj1hGb3wdHW9U+aHhrUkdlFnwEberZvv
eNEAp3qct7p7sIxG3pGUejDtz5U8pH6mgCuFj3LFqrlsUepR5vNYb6EiptlIV2ld
OT/oaP0mMGbrK1l8DljNEN8IzSzuVJI/ol6ZSc01owwmn5I5TAfJbVwWxbyWI3yL
kAoLkzL4e+GstmO7SyICnDM7dbgsTzLxAaUuhXUjbBqv++Ws/snTYPDpbYAM/HuO
I+GoBNukDgbgO+NZ4k05
=KL+P
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3432-1
October 02, 2017
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
ca-certificates was updated to the 20170717 package.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20170717
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
ca-certificates 20170717~17.04.1
Ubuntu 16.04 LTS:
ca-certificates 20170717~16.04.1
Ubuntu 14.04 LTS:
ca-certificates 20170717~14.04.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3432-1
https://launchpad.net/bugs/1719851
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~17.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~16.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~14.04.1
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lchAAoJEGVp2FWnRL6TFBwQAJkW4N9b0pJGa9UjNJfZlSxP
Z5X2AMW2KxCegk8/TqBN08xBgT/yfG16FCDnmt4SHaE0XRdgJIfSoGf3E4nm92pj
m0awjgqqTAgqkeKYoXtPtAvH7zS7sj4pslC5n7W/C1Ab1DGcNJT8vk/Ze5iqI0+6
ea/RHbT77Go/VMfpW4CtHuUFPaqlyDFUFWcNGnWIK4S2ZczwI1qugJT7aEo89/BP
ZDZTUvbkitregPE2jxeVgYx8WzOXgXD+BreLAZdR1spiS1xmL7YPCIv9v75mEEuC
2wub7WqPx2bfwYuOLtdLBPdIQwJ0zOMbw5WvwKXdnxaNOBZvR4DuAncOLDw859oq
eJ5JRZ83aDCFQMlTQZWt2mJQ6V9itA3WKetd3P/hcDMovhhVCKJeKRZ50UqyeRbO
2PEbI2v6ZPJq93BzEGkYRIIvb5VlsXtkVj1hGb3wdHW9U+aHhrUkdlFnwEberZvv
eNEAp3qct7p7sIxG3pGUejDtz5U8pH6mgCuFj3LFqrlsUepR5vNYb6EiptlIV2ld
OT/oaP0mMGbrK1l8DljNEN8IzSzuVJI/ol6ZSc01owwmn5I5TAfJbVwWxbyWI3yL
kAoLkzL4e+GstmO7SyICnDM7dbgsTzLxAaUuhXUjbBqv++Ws/snTYPDpbYAM/HuO
I+GoBNukDgbgO+NZ4k05
=KL+P
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3432-1
October 02, 2017
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
ca-certificates was updated to the 20170717 package.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20170717
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
ca-certificates 20170717~17.04.1
Ubuntu 16.04 LTS:
ca-certificates 20170717~16.04.1
Ubuntu 14.04 LTS:
ca-certificates 20170717~14.04.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3432-1
https://launchpad.net/bugs/1719851
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~17.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~16.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20170717~14.04.1
[USN-3431-1] NSS vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcRAAoJEGVp2FWnRL6TsuoP/3GHDsxVyhUfzENvceNjAIML
OmeyThE6T1khNnfnEOQQmP5Irs+I86faSn4pxcaeBd/iCU64S9mizeeU3dhqYeTp
NbyF66Tk8G78ZqMvsrdAmuYp+yUbT8huXL4+Y6u0ZPuwrRGe2lsZCGVIBMxIFwv5
M+BxuOPfRjQvCDIroSq7CXkzU/9BFrdg+I2UqwczIsRHNEFxg4/fJU6s/lHq8z0J
J0XGzu8LAg4TEUUt7c1IcQQAt2LZ/njICngI7Y5pBayNKNG/WM/uK96l3FEWUrgg
YhyhFJ4MD21RLE0Cyxa2qE5ZPjqBnwdtH+WfCqEimRC3RdI7MkrTD/qbTTV8D14F
K79hR73lN3IYSd/CzddfBWomArTFFfQ6ufBZx0uaEN+cA5pmWDYbSa6SgYB5ZyJg
8BalvTW5EGxDjfrqk76K1ihf5Mz94E/R3jjgguBKsx9he0J9URqLn8J0y1l3bdyY
HqJTmSTG7+QsmG+if8ebQXLw+07x9clrcYoZLMmm3PWC0mg3EB+F8v3dAyizcSqU
Ygf/RaELnFt1sb6o6F1fI0As0EmWs8DXmgQxbJZi2ZiwQZxAxhEy/qm2mRxG0lrX
EuonU3T5erfTU330Id4TFX898l0QaOzANu1ZsMrUlKOUD+uarGvjpUzmyyOVvJtk
yDxVjPZh0Mr2+XZu69EL
=NElS
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3431-1
October 02, 2017
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
NSS could be made to crash or run programs if it received specially crafted
network traffic.
Software Description:
- nss: Network Security Service library
Details:
Martin Thomson discovered that NSS incorrectly generated handshake hashes.
A remote attacker could use this issue to cause NSS to crash, resulting in
a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libnss3 2:3.28.4-0ubuntu0.17.04.3
Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libnss3 2:3.28.4-0ubuntu0.14.04.3
After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3431-1
CVE-2017-7805
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.17.04.3
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.3
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcRAAoJEGVp2FWnRL6TsuoP/3GHDsxVyhUfzENvceNjAIML
OmeyThE6T1khNnfnEOQQmP5Irs+I86faSn4pxcaeBd/iCU64S9mizeeU3dhqYeTp
NbyF66Tk8G78ZqMvsrdAmuYp+yUbT8huXL4+Y6u0ZPuwrRGe2lsZCGVIBMxIFwv5
M+BxuOPfRjQvCDIroSq7CXkzU/9BFrdg+I2UqwczIsRHNEFxg4/fJU6s/lHq8z0J
J0XGzu8LAg4TEUUt7c1IcQQAt2LZ/njICngI7Y5pBayNKNG/WM/uK96l3FEWUrgg
YhyhFJ4MD21RLE0Cyxa2qE5ZPjqBnwdtH+WfCqEimRC3RdI7MkrTD/qbTTV8D14F
K79hR73lN3IYSd/CzddfBWomArTFFfQ6ufBZx0uaEN+cA5pmWDYbSa6SgYB5ZyJg
8BalvTW5EGxDjfrqk76K1ihf5Mz94E/R3jjgguBKsx9he0J9URqLn8J0y1l3bdyY
HqJTmSTG7+QsmG+if8ebQXLw+07x9clrcYoZLMmm3PWC0mg3EB+F8v3dAyizcSqU
Ygf/RaELnFt1sb6o6F1fI0As0EmWs8DXmgQxbJZi2ZiwQZxAxhEy/qm2mRxG0lrX
EuonU3T5erfTU330Id4TFX898l0QaOzANu1ZsMrUlKOUD+uarGvjpUzmyyOVvJtk
yDxVjPZh0Mr2+XZu69EL
=NElS
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3431-1
October 02, 2017
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
NSS could be made to crash or run programs if it received specially crafted
network traffic.
Software Description:
- nss: Network Security Service library
Details:
Martin Thomson discovered that NSS incorrectly generated handshake hashes.
A remote attacker could use this issue to cause NSS to crash, resulting in
a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libnss3 2:3.28.4-0ubuntu0.17.04.3
Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libnss3 2:3.28.4-0ubuntu0.14.04.3
After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3431-1
CVE-2017-7805
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.17.04.3
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.3
[USN-3430-1] Dnsmasq vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcBAAoJEGVp2FWnRL6TJnsP/Rp1kq/hjKtoCshWgqx9WMyR
F7bt5lVZTZzVlLrQqAs3N19MpwMrP2Ro7gsS2wIIOv1FSKze3kvD9MwsSmWAa3iY
6q0MPCSfPE+pJ78aio3EcZlfk6JpXfmGotBfzTWoUhYbv29uywmJypFhmHeITrWZ
+Nj5xOvX4U8V7f8W4R4+//SHSf6ftuL2AWb0s7bFZketA27ftCmav+akXGz0yNQf
nXCpOwRWqAr5JTDOhfwRazoJKRSBbnEyIVsSLfkqZUhJ45CwgJrOXep/ZfAf33vK
CGtNk9H0NFLiD2k4IMyva2gFmau+cmq/4C9O5wtwpAkIftsX0TYW/OAP7Gw1BsFv
O9S99vetsTQROZJL90hewmu0z+U6fXnFRH8QgTsf8ovht5YXN+OUQWUb0+iyCTni
Yp5WsiClEJu/mbWvyNL+WFAAUQd+XUZzEpPwIA8EH72ZUNcYp/oCbGVYImhm3rmN
gXWyxOIP7rocj3XskhTmGCyfEUDgqHos3Mjvgb2Dm2gr9CQfVEM+vhDRKMnQAX4d
kcxpbWY3lETvgCvjY3mitOmVuZZk6cHK242YN0j9FD73NFUoQMk5Sqbyd7R/Gfgu
5fwiPch2fpdo8Z0rvSojy8bUmzHjd3/ZNjZ/0EXJx4rgkwxmWCqmJhHYAFQ8TJr8
8JVIlwWQjQ1TvFmkpy98
=XkG1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3430-1
October 02, 2017
dnsmasq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A
remote attacker could use this issue to cause Dnsmasq to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory contents.
(CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to consume memory, resulting in a
denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
dnsmasq 2.76-5ubuntu0.1
dnsmasq-base 2.76-5ubuntu0.1
dnsmasq-utils 2.76-5ubuntu0.1
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.3
dnsmasq-base 2.75-1ubuntu0.16.04.3
dnsmasq-utils 2.75-1ubuntu0.16.04.3
Ubuntu 14.04 LTS:
dnsmasq 2.68-1ubuntu0.2
dnsmasq-base 2.68-1ubuntu0.2
dnsmasq-utils 2.68-1ubuntu0.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcBAAoJEGVp2FWnRL6TJnsP/Rp1kq/hjKtoCshWgqx9WMyR
F7bt5lVZTZzVlLrQqAs3N19MpwMrP2Ro7gsS2wIIOv1FSKze3kvD9MwsSmWAa3iY
6q0MPCSfPE+pJ78aio3EcZlfk6JpXfmGotBfzTWoUhYbv29uywmJypFhmHeITrWZ
+Nj5xOvX4U8V7f8W4R4+//SHSf6ftuL2AWb0s7bFZketA27ftCmav+akXGz0yNQf
nXCpOwRWqAr5JTDOhfwRazoJKRSBbnEyIVsSLfkqZUhJ45CwgJrOXep/ZfAf33vK
CGtNk9H0NFLiD2k4IMyva2gFmau+cmq/4C9O5wtwpAkIftsX0TYW/OAP7Gw1BsFv
O9S99vetsTQROZJL90hewmu0z+U6fXnFRH8QgTsf8ovht5YXN+OUQWUb0+iyCTni
Yp5WsiClEJu/mbWvyNL+WFAAUQd+XUZzEpPwIA8EH72ZUNcYp/oCbGVYImhm3rmN
gXWyxOIP7rocj3XskhTmGCyfEUDgqHos3Mjvgb2Dm2gr9CQfVEM+vhDRKMnQAX4d
kcxpbWY3lETvgCvjY3mitOmVuZZk6cHK242YN0j9FD73NFUoQMk5Sqbyd7R/Gfgu
5fwiPch2fpdo8Z0rvSojy8bUmzHjd3/ZNjZ/0EXJx4rgkwxmWCqmJhHYAFQ8TJr8
8JVIlwWQjQ1TvFmkpy98
=XkG1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3430-1
October 02, 2017
dnsmasq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A
remote attacker could use this issue to cause Dnsmasq to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory contents.
(CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to consume memory, resulting in a
denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
dnsmasq 2.76-5ubuntu0.1
dnsmasq-base 2.76-5ubuntu0.1
dnsmasq-utils 2.76-5ubuntu0.1
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.3
dnsmasq-base 2.75-1ubuntu0.16.04.3
dnsmasq-utils 2.75-1ubuntu0.16.04.3
Ubuntu 14.04 LTS:
dnsmasq 2.68-1ubuntu0.2
dnsmasq-base 2.68-1ubuntu0.2
dnsmasq-utils 2.68-1ubuntu0.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2
[opensuse-announce] Planned downtime for many openSUSE services from 2017-10-13 to 2017-10-14
Hello,
from Friday 2017-10-13 16:00 UTC till Saturday 2017-10-14 16:00 UTC the SUSE
Nuremberg office will have a power outage, for scheduled maintenance on the
building's electricity. Due to that, a number of services will be down. The
only services that will be normally operating are:
- status.opensuse.org
- download.opensuse.org
- static.opensuse.org
- conncheck.opensuse.org
The rest of the services will be fully online on Sunday 2017-10-15. The Heroes
team will try to keep you updated on the situation, and will also send a few
reminders (on the opensuse-announce mailing list) before the incident.
Thanks for the understanding.
On behalf of the heroes team and the SUSE-IT team
Theo
from Friday 2017-10-13 16:00 UTC till Saturday 2017-10-14 16:00 UTC the SUSE
Nuremberg office will have a power outage, for scheduled maintenance on the
building's electricity. Due to that, a number of services will be down. The
only services that will be normally operating are:
- status.opensuse.org
- download.opensuse.org
- static.opensuse.org
- conncheck.opensuse.org
The rest of the services will be fully online on Sunday 2017-10-15. The Heroes
team will try to keep you updated on the situation, and will also send a few
reminders (on the opensuse-announce mailing list) before the incident.
Thanks for the understanding.
On behalf of the heroes team and the SUSE-IT team
Theo
Sunday, October 1, 2017
lists.linuxfromscratch.org mailing list memberships reminder
This is a reminder, sent out once a month, about your
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
the list (for example, mailman-request@lists.linuxfromscratch.org)
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.
If you have questions, problems, comments, etc, send them to
mailman-owner@lists.linuxfromscratch.org. Thanks!
Passwords for reallost1.fbsd2233449@blogger.com:
List Password // URL
---- --------
lfs-announce@lists.linuxfromscratch.org vaozebru
http://lists.linuxfromscratch.org/options/lfs-announce/reallost1.fbsd2233449%40blogger.com
Subscribe to:
Posts (Atom)