The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community
Survey.
https://www.research.net/r/freebsd-2020-community-survey
The purpose of the survey is to collect quantitative data from the
public in order to help guide the project's priorities and efforts. As
an example, last year's survey results helped fuel the project's
conversion to git.
The survey will remain open for 14 days and will close on June 16 at
17:00 UTC (Tuesday 10am PDT).
Please feel free to share the survey URL on social media or with your
peers, co-workers, employer, friends, or anyone else interested in
FreeBSD.
The survey will take approximately 15 minutes to complete. We
understand that your time is valuable and we appreciate your investment
to help guide our community.
--
FreeBSD Core Team
Tuesday, June 2, 2020
Upcoming fedoraproject Datacenter move reminder and plans
Greetings.
As previously announced, fedoraproject is moving many of it's servers
from one datacenter (phx2 near phoenix, arizona, usa) to another (iad2:
near arlington, virginia, usa).
As we move from the old datacenter to the new, we will have a temporary
reduction in capacity. The new datacenter has a smaller, less-redundant,
lower-capacity version of our infrastructure. Over the next two weeks,
we will migrate services to it so that we can finish moving out of the
old datacenter.
After everything is moved from the old datacenter, many of the servers
there will be shipped to the new datacenter and then re-added to bring
us back to full redundency and capacity.
Out detailed checklist for these migrations is available at
https://hackmd.io/@fedorainfra2020/rJpsA4FLL
To summarize what we are moving when:
2020-06-03 wed: The fedoraproject master mirrors will move to IAD2. A
very small outage may be noticed as dns changes. There may be some
mirroring slowdowns as we work out bugs.
2020-06-04 thu: Our internal ansible control host and the fedoraproject
wiki will move. The wiki will be down for a few hours.
2020-06-05 fri: Our meeting minutes archive
(https://meetbot.fedoraproject.org) and our freenode irc bot (zodbot).
These two services will see a hour outage or less.
2020-06-07 sun: We will pause for the next week adding new packages and
unretiring packages to avoid problems.
2020-06-08 mon: Our fedora-messaging bus and gateways to it
(github2fedmsg, bugzilla2fedmsg), mirrormanager, product definition
center (pdc), and our identity and authentication systems. Messages over our
message bus may be slow or missing and users may be unable to login at
various times as we migrate services over.
Additionally, we will be stopping services that will not be back until
later in the month.
These include:
* Fedocal
* Badges
* Nuancier
* koschei
* simple-koji-ci
* All staging services (*.stg.fedoraproject.org)
2020-06-09 tue: The build and packaging ecosystem. This includes koji,
src.fedoraproject.org, osbs, odcs, container registries, bodhi (updates
system). During this day maintainers should avoid builds/updates if at
all possible as they may or may not work at various times.
2020-06-10 wed: Various small apps (mdapi, anitya, waiverdb, greenwave,
etc), mailman/lists.fedoraproject.org, and our datagrepper/datanommer
services. Mailing lists will be down for several hours as data is
migrated. Datagrepper will be down for most of the day as it's database
is moved. Other services will be down for short amounts of time while
they are moved.
2020-06-11 thu: Various small site building apps (docs building, fedora
websites building, reviewstats, blockerbugs) and elections will be
moved. elections will be up until the currently running elections
complete. (GO VOTE! https://elections.fedoraproject.org)
2020-06-12 fri: Catch up and fix issues day, along with re-enabling
package unretirements/new packages, and other 'paused' items.
The week after this servers will be shipped and the week after that we
expect to start setting them up and getting them re-added. During this
time, we may have to make further changes to what services are available
in order to deal with load changes.
If you have any questions or concerns, please file an infrastructure
ticket ( https://pagure.io/fedora-infrastructure) or come talk to us in
#fedora-admin on irc.freenode.net.
Finally, I'd like to ask everyone to be patient as we do this move. I
know that it's painful when you are unable to contibute something when
you have time to do so, but rest assured that we are trying to migrate
things as quickly and smoothly as we can.
Thanks.
kevin
As previously announced, fedoraproject is moving many of it's servers
from one datacenter (phx2 near phoenix, arizona, usa) to another (iad2:
near arlington, virginia, usa).
As we move from the old datacenter to the new, we will have a temporary
reduction in capacity. The new datacenter has a smaller, less-redundant,
lower-capacity version of our infrastructure. Over the next two weeks,
we will migrate services to it so that we can finish moving out of the
old datacenter.
After everything is moved from the old datacenter, many of the servers
there will be shipped to the new datacenter and then re-added to bring
us back to full redundency and capacity.
Out detailed checklist for these migrations is available at
https://hackmd.io/@fedorainfra2020/rJpsA4FLL
To summarize what we are moving when:
2020-06-03 wed: The fedoraproject master mirrors will move to IAD2. A
very small outage may be noticed as dns changes. There may be some
mirroring slowdowns as we work out bugs.
2020-06-04 thu: Our internal ansible control host and the fedoraproject
wiki will move. The wiki will be down for a few hours.
2020-06-05 fri: Our meeting minutes archive
(https://meetbot.fedoraproject.org) and our freenode irc bot (zodbot).
These two services will see a hour outage or less.
2020-06-07 sun: We will pause for the next week adding new packages and
unretiring packages to avoid problems.
2020-06-08 mon: Our fedora-messaging bus and gateways to it
(github2fedmsg, bugzilla2fedmsg), mirrormanager, product definition
center (pdc), and our identity and authentication systems. Messages over our
message bus may be slow or missing and users may be unable to login at
various times as we migrate services over.
Additionally, we will be stopping services that will not be back until
later in the month.
These include:
* Fedocal
* Badges
* Nuancier
* koschei
* simple-koji-ci
* All staging services (*.stg.fedoraproject.org)
2020-06-09 tue: The build and packaging ecosystem. This includes koji,
src.fedoraproject.org, osbs, odcs, container registries, bodhi (updates
system). During this day maintainers should avoid builds/updates if at
all possible as they may or may not work at various times.
2020-06-10 wed: Various small apps (mdapi, anitya, waiverdb, greenwave,
etc), mailman/lists.fedoraproject.org, and our datagrepper/datanommer
services. Mailing lists will be down for several hours as data is
migrated. Datagrepper will be down for most of the day as it's database
is moved. Other services will be down for short amounts of time while
they are moved.
2020-06-11 thu: Various small site building apps (docs building, fedora
websites building, reviewstats, blockerbugs) and elections will be
moved. elections will be up until the currently running elections
complete. (GO VOTE! https://elections.fedoraproject.org)
2020-06-12 fri: Catch up and fix issues day, along with re-enabling
package unretirements/new packages, and other 'paused' items.
The week after this servers will be shipped and the week after that we
expect to start setting them up and getting them re-added. During this
time, we may have to make further changes to what services are available
in order to deal with load changes.
If you have any questions or concerns, please file an infrastructure
ticket ( https://pagure.io/fedora-infrastructure) or come talk to us in
#fedora-admin on irc.freenode.net.
Finally, I'd like to ask everyone to be patient as we do this move. I
know that it's painful when you are unable to contibute something when
you have time to do so, but rest assured that we are trying to migrate
things as quickly and smoothly as we can.
Thanks.
kevin
Monday, June 1, 2020
[USN-4380-1] Apache Ant vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl7VYZoACgkQdyg1Qz0o
XX2ZMRAAhhbtu0K+dyz/M4ZzTAMQL2scJyRhMb7eq3BR9Lt1TQSw8s0X0DH/pRg6
+ApSZ9EW8WewV2M94fhjT2a8ArUP7OOfGMH/mB0E6rlPumHa0tdVnia7FXOm7k2W
pyA3FXyd1o3jsxqqixMctwIcnFxx9VKO83w9iULIaieT9t9gkBVXSUDUuA+Ebp0C
bLW6LyBxw3YInwiWoMPZJgY/LCIvtVZ1XLfvRc+8iozQxv91dE7qfap9MSRVCWxc
3BTouTF/e/SadDZ/RcI30Fs1bGp7wCwu5+nnnI799yyVuIYhGvW/03rIjNkl3Djm
RbQVrtDS4m6UXxnrDsbzlOHn2B2mBmagSwAbZfHC73Gg8j1PHwrz8srkyPqUFxpU
3yJpuw91wVSC7IMDA7gU7DMMEfsbLESln7Ge6pQVbn2z7Cu7hEvjmKLtrGHjX06t
BexiQIcG/d1FDjhuiTnf8Py8/mL5ufIfkKs9fao9Fbd7y7amTe+9WryaIy2+1qj0
4aVHCgqwzQDx3Wpvwp/aMiPIlZTvge4/U03l2TEFbiuwwVpPBZLITSz99C83exA6
GlyhBTQ/a1xLKyNhUZVghmCwvvXVy2M13lUNHKEzLhCcnaw3/YFCZq/CXHTSgsu1
KkCOqsoG0/qD6I2uMd3wg4ASZweoa5d0sWSCV5KtMaHAqgt6e+8=
=g6qn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4380-1
June 01, 2020
Apache Ant vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
Summary:
Apache Ant could leak sensitive information or be made to run programs
as your login.
Software Description:
- ant: Java based build tool like make
Details:
It was discovered that Apache Ant created temporary files with insecure
permissions. An attacker could use this vulnerability to read sensitive
information leaked into /tmp, or potentially inject malicious code into a
project that is built with Apache Ant.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
ant 1.10.6-1ubuntu0.1
ant-doc 1.10.6-1ubuntu0.1
ant-optional 1.10.6-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4380-1
CVE-2020-1945
Package Information:
https://launchpad.net/ubuntu/+source/ant/1.10.6-1ubuntu0.1
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl7VYZoACgkQdyg1Qz0o
XX2ZMRAAhhbtu0K+dyz/M4ZzTAMQL2scJyRhMb7eq3BR9Lt1TQSw8s0X0DH/pRg6
+ApSZ9EW8WewV2M94fhjT2a8ArUP7OOfGMH/mB0E6rlPumHa0tdVnia7FXOm7k2W
pyA3FXyd1o3jsxqqixMctwIcnFxx9VKO83w9iULIaieT9t9gkBVXSUDUuA+Ebp0C
bLW6LyBxw3YInwiWoMPZJgY/LCIvtVZ1XLfvRc+8iozQxv91dE7qfap9MSRVCWxc
3BTouTF/e/SadDZ/RcI30Fs1bGp7wCwu5+nnnI799yyVuIYhGvW/03rIjNkl3Djm
RbQVrtDS4m6UXxnrDsbzlOHn2B2mBmagSwAbZfHC73Gg8j1PHwrz8srkyPqUFxpU
3yJpuw91wVSC7IMDA7gU7DMMEfsbLESln7Ge6pQVbn2z7Cu7hEvjmKLtrGHjX06t
BexiQIcG/d1FDjhuiTnf8Py8/mL5ufIfkKs9fao9Fbd7y7amTe+9WryaIy2+1qj0
4aVHCgqwzQDx3Wpvwp/aMiPIlZTvge4/U03l2TEFbiuwwVpPBZLITSz99C83exA6
GlyhBTQ/a1xLKyNhUZVghmCwvvXVy2M13lUNHKEzLhCcnaw3/YFCZq/CXHTSgsu1
KkCOqsoG0/qD6I2uMd3wg4ASZweoa5d0sWSCV5KtMaHAqgt6e+8=
=g6qn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4380-1
June 01, 2020
Apache Ant vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
Summary:
Apache Ant could leak sensitive information or be made to run programs
as your login.
Software Description:
- ant: Java based build tool like make
Details:
It was discovered that Apache Ant created temporary files with insecure
permissions. An attacker could use this vulnerability to read sensitive
information leaked into /tmp, or potentially inject malicious code into a
project that is built with Apache Ant.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
ant 1.10.6-1ubuntu0.1
ant-doc 1.10.6-1ubuntu0.1
ant-optional 1.10.6-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4380-1
CVE-2020-1945
Package Information:
https://launchpad.net/ubuntu/+source/ant/1.10.6-1ubuntu0.1
[USN-4379-1] FreeRDP vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7VTgwACgkQZWnYVadE
vpPg7BAAnqvZAJTjoKRmEG0pRO/hH63/CbIqU3IpHYSpXir2S7A+J1WOgWFXCXud
dbdvwpjPy3ttS/qRP/YnH5oG1H5IACJQVsDilCIj9Lglqurm+O3nepfOnl/fYI4y
6IBFO7gGVcl2342+3ciWoJOj/pgj73UB9LxS3PSxJDWXIq+PFHy7tmnfudAjUWHq
KC45KYgFm92Q6gHB2nqceguQiY/oYbmDhKSF1PwzNK7c3KRkgkcuEibiLyvN4oad
KLfYhvqHzuxRAcs3AVyGdydLU3Qcy5JFwTe7MS5axXo+Cc97sqgTa+/r6IjdLKXJ
JVKMtocMItWVTKdijRrMnsysQkxZcfnZOej8btldg4OQXEl4KJ6ZjS5bxO9CmtsY
wDsRVpLdbayNH6oPsgElnldpO27wuZaf/m0ueMKOy2e736xRoS5NKx0CDmX/gcpe
iLC0g2a6QzM6uMdR8yeJRlIhADTud6LBLgf529ajwqhcSqbUTcVIGKPIDJxDAwgx
NVsHjdVc0kx5i9lOjNeucfA+QTU0I9sNPEpK7bxgyo69qxOQCPO8Y8ap0bH7oqNI
kEl7pu4RSFIgPW7LhKKZAQuV/oh8CcUcEFZ1a+jloWUW2FpuW+J50SJyI09hB3hu
5psNz0D76cBM0Ob1dy1+Cbkvjyc69WPVTGwnnsD4/GNpYvNSoFA=
=4YbP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4379-1
June 01, 2020
freerdp2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description:
- freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly exeucte arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
Ubuntu 19.10:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4379-1
CVE-2018-1000852, CVE-2019-17177, CVE-2020-11042, CVE-2020-11044,
CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048,
CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522,
CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526,
CVE-2020-13396, CVE-2020-13397, CVE-2020-13398
Package Information:
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.18.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7VTgwACgkQZWnYVadE
vpPg7BAAnqvZAJTjoKRmEG0pRO/hH63/CbIqU3IpHYSpXir2S7A+J1WOgWFXCXud
dbdvwpjPy3ttS/qRP/YnH5oG1H5IACJQVsDilCIj9Lglqurm+O3nepfOnl/fYI4y
6IBFO7gGVcl2342+3ciWoJOj/pgj73UB9LxS3PSxJDWXIq+PFHy7tmnfudAjUWHq
KC45KYgFm92Q6gHB2nqceguQiY/oYbmDhKSF1PwzNK7c3KRkgkcuEibiLyvN4oad
KLfYhvqHzuxRAcs3AVyGdydLU3Qcy5JFwTe7MS5axXo+Cc97sqgTa+/r6IjdLKXJ
JVKMtocMItWVTKdijRrMnsysQkxZcfnZOej8btldg4OQXEl4KJ6ZjS5bxO9CmtsY
wDsRVpLdbayNH6oPsgElnldpO27wuZaf/m0ueMKOy2e736xRoS5NKx0CDmX/gcpe
iLC0g2a6QzM6uMdR8yeJRlIhADTud6LBLgf529ajwqhcSqbUTcVIGKPIDJxDAwgx
NVsHjdVc0kx5i9lOjNeucfA+QTU0I9sNPEpK7bxgyo69qxOQCPO8Y8ap0bH7oqNI
kEl7pu4RSFIgPW7LhKKZAQuV/oh8CcUcEFZ1a+jloWUW2FpuW+J50SJyI09hB3hu
5psNz0D76cBM0Ob1dy1+Cbkvjyc69WPVTGwnnsD4/GNpYvNSoFA=
=4YbP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4379-1
June 01, 2020
freerdp2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description:
- freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly exeucte arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.20.04.1
Ubuntu 19.10:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4379-1
CVE-2018-1000852, CVE-2019-17177, CVE-2020-11042, CVE-2020-11044,
CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048,
CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522,
CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526,
CVE-2020-13396, CVE-2020-13397, CVE-2020-13398
Package Information:
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.18.04.1
[USN-4377-2] ca-certificates update
==========================================================================
Ubuntu Security Notice USN-4377-2
June 01, 2020
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
An expired certificate was removed from ca-certificates.
Software Description:
- ca-certificates: Common CA certificates
Details:
USN-4377-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
The ca-certificates package contained an expired CA certificate that caused
connectivity issues. This update removes the "AddTrust External Root" CA.
In addition, on Ubuntu 12.04 ESM and Ubuntu 14.04 ESM, this update
refreshes the included certificates to those contained in the 20190110
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
ca-certificates 20190110~14.04.1~esm1
Ubuntu 12.04 ESM:
ca-certificates 20190110~12.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4377-2
https://usn.ubuntu.com/4377-1
https://launchpad.net/bugs/XXXXXX
Ubuntu Security Notice USN-4377-2
June 01, 2020
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
An expired certificate was removed from ca-certificates.
Software Description:
- ca-certificates: Common CA certificates
Details:
USN-4377-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
The ca-certificates package contained an expired CA certificate that caused
connectivity issues. This update removes the "AddTrust External Root" CA.
In addition, on Ubuntu 12.04 ESM and Ubuntu 14.04 ESM, this update
refreshes the included certificates to those contained in the 20190110
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
ca-certificates 20190110~14.04.1~esm1
Ubuntu 12.04 ESM:
ca-certificates 20190110~12.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4377-2
https://usn.ubuntu.com/4377-1
https://launchpad.net/bugs/XXXXXX
OpenBSD Errata: June 1st, 2020 (perl)
Errata patches for Perl have been released for OpenBSD 6.6 and 6.7.
Several problems in Perl's regular expression compiler could lead to
corruption of the intermediate language state of a compiled regular
expression.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata66.html
https://www.openbsd.org/errata67.html
Several problems in Perl's regular expression compiler could lead to
corruption of the intermediate language state of a compiled regular
expression.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata66.html
https://www.openbsd.org/errata67.html
[CentOS-announce] CESA-2020:2344 Important CentOS 7 bind Security Update
CentOS Errata and Security Advisory 2020:2344 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2344
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
7d441e8126dd927899c78af78ffd1f1e460afef943e27596cacb4fd917cdf708 bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
b2636b99596138a3eb6f29f55d40506dbb8f9c8d98bafea6eae1dad0220ee26c bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
b6684c4a2a9341e877cf1766d21d75f47af5dede5138c5eeccc8814aab9e7b6d bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
7426c0203ca23e864c4e4de8164d583a68bc03dc721e44362670eb32eaa431bd bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
28fe7d1ef023376eaae5f1acbcc67b7e4a7b7072ef647871f5d554de9e5a3455 bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
2c810c025cc0045c4376c0b6600757d5cdb6348e47ddb8b8c9edbbcdf2097073 bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
ea5d207bd67c2b037ed570a580848774a896650225a0afa308782bbba6b8ea0b bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
34952d49a47be7d5ceb00f1ccd399a11a752189d5aec601a77d93f3149888f9b bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
471c9492025d23abaa228be48ca0bfc3167bcbe58830c781e6176b6ffc46ff50 bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
94ff4f96c5baf7497561bdab1c460ca770705c8361928a9006c0659d05f8bba3 bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
959292b622b74c6771b234fd384e5824e05e42178e8c8d909af68707525f86c0 bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
b346000d2a94267f3d4e450da340ee8899118e147309f222866f8e92f2eec991 bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
d412f3d546e61dceadb365a0330e05e39f3f17a34fa498282f8185b30873d13a bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
7d84f1efafe000a200cc69c19745ec7160b367816960d4d9b68b74dbd958587f bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
a4f5b9133a0f7a61ecb39821447653dd74a0e566d550a07419a74a6987f5f6a2 bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
89c63dc7c96ed48abafd2f47d8d136386e748bf4b18fdde1542b5fe6d2026972 bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
849903c6ebad979c99eacfda2da0a163278f96c71391c70dacbe37d02cb49cff bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
18a0eeb4fccdbe2e7461e887f1b706c7a5c15829ddbd10be58d425e8d8cf8977 bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
73a2af6e7bc4b18900736aac2169075cae1d6ba1c8ad66edc7ab35c55e314c7f bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
3bbfd7a6839cc3212ce64dea5783ba902179b22db4d92cf645187f6d30a4bcaa bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
7c168b20b00c0448d9f8b328255887fe1b56cdef945b685a1c8a01ab18c484bc bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bf935560405dec5ad9ef7cc57f375e872b41cccab0fd485485ad00bcf33c1dac bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
62d0e11eba7a5abf23ce990fcaf995a7577911d7d03523c67ebd414563116026 bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
54fcca52cf394832615bb650b2f51a9eca3135c38c2e94081996012f56e7bcae bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Source:
3ba83af739659dabac74d8ab36962632fb890fb826a28ea969719f2cf3d9efd7 bind-9.11.4-16.P2.el7_8.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2344
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
7d441e8126dd927899c78af78ffd1f1e460afef943e27596cacb4fd917cdf708 bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
b2636b99596138a3eb6f29f55d40506dbb8f9c8d98bafea6eae1dad0220ee26c bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
b6684c4a2a9341e877cf1766d21d75f47af5dede5138c5eeccc8814aab9e7b6d bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
7426c0203ca23e864c4e4de8164d583a68bc03dc721e44362670eb32eaa431bd bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
28fe7d1ef023376eaae5f1acbcc67b7e4a7b7072ef647871f5d554de9e5a3455 bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
2c810c025cc0045c4376c0b6600757d5cdb6348e47ddb8b8c9edbbcdf2097073 bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
ea5d207bd67c2b037ed570a580848774a896650225a0afa308782bbba6b8ea0b bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
34952d49a47be7d5ceb00f1ccd399a11a752189d5aec601a77d93f3149888f9b bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
471c9492025d23abaa228be48ca0bfc3167bcbe58830c781e6176b6ffc46ff50 bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
94ff4f96c5baf7497561bdab1c460ca770705c8361928a9006c0659d05f8bba3 bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
959292b622b74c6771b234fd384e5824e05e42178e8c8d909af68707525f86c0 bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
b346000d2a94267f3d4e450da340ee8899118e147309f222866f8e92f2eec991 bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
d412f3d546e61dceadb365a0330e05e39f3f17a34fa498282f8185b30873d13a bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
7d84f1efafe000a200cc69c19745ec7160b367816960d4d9b68b74dbd958587f bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
a4f5b9133a0f7a61ecb39821447653dd74a0e566d550a07419a74a6987f5f6a2 bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
89c63dc7c96ed48abafd2f47d8d136386e748bf4b18fdde1542b5fe6d2026972 bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
849903c6ebad979c99eacfda2da0a163278f96c71391c70dacbe37d02cb49cff bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
18a0eeb4fccdbe2e7461e887f1b706c7a5c15829ddbd10be58d425e8d8cf8977 bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
73a2af6e7bc4b18900736aac2169075cae1d6ba1c8ad66edc7ab35c55e314c7f bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
3bbfd7a6839cc3212ce64dea5783ba902179b22db4d92cf645187f6d30a4bcaa bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
7c168b20b00c0448d9f8b328255887fe1b56cdef945b685a1c8a01ab18c484bc bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bf935560405dec5ad9ef7cc57f375e872b41cccab0fd485485ad00bcf33c1dac bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
62d0e11eba7a5abf23ce990fcaf995a7577911d7d03523c67ebd414563116026 bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
54fcca52cf394832615bb650b2f51a9eca3135c38c2e94081996012f56e7bcae bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Source:
3ba83af739659dabac74d8ab36962632fb890fb826a28ea969719f2cf3d9efd7 bind-9.11.4-16.P2.el7_8.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:2337 Important CentOS 7 git Security Update
CentOS Errata and Security Advisory 2020:2337 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2337
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
86ddd0d6b71eadfc635da7932798cec7d018eb7a72fc85dee5b92b713daf4e81 emacs-git-1.8.3.1-23.el7_8.noarch.rpm
7836a795983d8a8be333000a71c5abe8a208ba0f908627725f359708070a37d6 emacs-git-el-1.8.3.1-23.el7_8.noarch.rpm
e92952c8a62037ba2d78ad57e7c97e66966e22bf66be12fd2591036b5e73245a git-1.8.3.1-23.el7_8.x86_64.rpm
5ae5dc45141c8736d8c9c4f700f0bb300d2d61c344ea47581f532df7ecac2169 git-all-1.8.3.1-23.el7_8.noarch.rpm
6c646fcbc52ef489c8a27a633497002fcad39c11df5ced2709b3511e175f1011 git-bzr-1.8.3.1-23.el7_8.noarch.rpm
1501ff27d796808aa9b64303f421351dd1fbaf4af0c5c196d6f49e5fee03466b git-cvs-1.8.3.1-23.el7_8.noarch.rpm
93a299387958200cff00127fbdcda934af34bf9a624d3a6a34589f39e3428eab git-daemon-1.8.3.1-23.el7_8.x86_64.rpm
0b36556188fbc5cbfd60ac5100672460dcd28b9c315b9615aa3213c580df9297 git-email-1.8.3.1-23.el7_8.noarch.rpm
b33d482116e336c7c32aaaf54821c5bdd0b6327f6ffdb937c1406759507d1987 git-gnome-keyring-1.8.3.1-23.el7_8.x86_64.rpm
c7d920286ca5a71baa0c6635e80944336da4fdfdc044e40ef0316a183be01fea git-gui-1.8.3.1-23.el7_8.noarch.rpm
36029dffe4ada0b402292298587c4a0e648ce6060bf824a23c72d13ccd517447 git-hg-1.8.3.1-23.el7_8.noarch.rpm
eefcbca59152d3d20409a503ad6302a2012e14f16e880a42fc947576e596800e git-instaweb-1.8.3.1-23.el7_8.noarch.rpm
4472d40bb16b4c2fdbe6868a7b44430aecd49c5cf43c04f554d88695426b66b3 gitk-1.8.3.1-23.el7_8.noarch.rpm
ac0bffc0baf7ee51bb73e97bde043081f313cc15d12a4cb080f282ac50c40a0d git-p4-1.8.3.1-23.el7_8.noarch.rpm
130ba8568e95838fee878b2dc4d467a9bfb94ec4f27a425daaab2cebf1104067 git-svn-1.8.3.1-23.el7_8.x86_64.rpm
2e616300637e132bfab013e3edc9d8fcafaa63f169022d2012bdd108278956ac gitweb-1.8.3.1-23.el7_8.noarch.rpm
e5ebcc9bd42d06dae2da84d0328a9806be288ad726e00f86691be5e08cee1ee7 perl-Git-1.8.3.1-23.el7_8.noarch.rpm
9bafb4b8c6e850c7cb3111d5c5603489e48162e77ffaabe6f4f65e3a34c673c0 perl-Git-SVN-1.8.3.1-23.el7_8.noarch.rpm
Source:
08be03369653e145408cf54b836dcdeae06abd558c11decd0b00bfcfdc5f37fe git-1.8.3.1-23.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2337
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
86ddd0d6b71eadfc635da7932798cec7d018eb7a72fc85dee5b92b713daf4e81 emacs-git-1.8.3.1-23.el7_8.noarch.rpm
7836a795983d8a8be333000a71c5abe8a208ba0f908627725f359708070a37d6 emacs-git-el-1.8.3.1-23.el7_8.noarch.rpm
e92952c8a62037ba2d78ad57e7c97e66966e22bf66be12fd2591036b5e73245a git-1.8.3.1-23.el7_8.x86_64.rpm
5ae5dc45141c8736d8c9c4f700f0bb300d2d61c344ea47581f532df7ecac2169 git-all-1.8.3.1-23.el7_8.noarch.rpm
6c646fcbc52ef489c8a27a633497002fcad39c11df5ced2709b3511e175f1011 git-bzr-1.8.3.1-23.el7_8.noarch.rpm
1501ff27d796808aa9b64303f421351dd1fbaf4af0c5c196d6f49e5fee03466b git-cvs-1.8.3.1-23.el7_8.noarch.rpm
93a299387958200cff00127fbdcda934af34bf9a624d3a6a34589f39e3428eab git-daemon-1.8.3.1-23.el7_8.x86_64.rpm
0b36556188fbc5cbfd60ac5100672460dcd28b9c315b9615aa3213c580df9297 git-email-1.8.3.1-23.el7_8.noarch.rpm
b33d482116e336c7c32aaaf54821c5bdd0b6327f6ffdb937c1406759507d1987 git-gnome-keyring-1.8.3.1-23.el7_8.x86_64.rpm
c7d920286ca5a71baa0c6635e80944336da4fdfdc044e40ef0316a183be01fea git-gui-1.8.3.1-23.el7_8.noarch.rpm
36029dffe4ada0b402292298587c4a0e648ce6060bf824a23c72d13ccd517447 git-hg-1.8.3.1-23.el7_8.noarch.rpm
eefcbca59152d3d20409a503ad6302a2012e14f16e880a42fc947576e596800e git-instaweb-1.8.3.1-23.el7_8.noarch.rpm
4472d40bb16b4c2fdbe6868a7b44430aecd49c5cf43c04f554d88695426b66b3 gitk-1.8.3.1-23.el7_8.noarch.rpm
ac0bffc0baf7ee51bb73e97bde043081f313cc15d12a4cb080f282ac50c40a0d git-p4-1.8.3.1-23.el7_8.noarch.rpm
130ba8568e95838fee878b2dc4d467a9bfb94ec4f27a425daaab2cebf1104067 git-svn-1.8.3.1-23.el7_8.x86_64.rpm
2e616300637e132bfab013e3edc9d8fcafaa63f169022d2012bdd108278956ac gitweb-1.8.3.1-23.el7_8.noarch.rpm
e5ebcc9bd42d06dae2da84d0328a9806be288ad726e00f86691be5e08cee1ee7 perl-Git-1.8.3.1-23.el7_8.noarch.rpm
9bafb4b8c6e850c7cb3111d5c5603489e48162e77ffaabe6f4f65e3a34c673c0 perl-Git-SVN-1.8.3.1-23.el7_8.noarch.rpm
Source:
08be03369653e145408cf54b836dcdeae06abd558c11decd0b00bfcfdc5f37fe git-1.8.3.1-23.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:2334 Important CentOS 7 freerdp Security Update
CentOS Errata and Security Advisory 2020:2334 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2334
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
e9e31d04292b8a74dd0059fa677993199d6560901e05d899bff523292e396433 freerdp-2.0.0-4.rc4.el7_8.x86_64.rpm
9525ccd52c4cff879c9c875be6e7639f7928305e3fb45e6b110f51768ad3435e freerdp-devel-2.0.0-4.rc4.el7_8.i686.rpm
03bbcd326f47c1b9b7e4b2fc2b01eabbfd5e237529c04985fc68035a3470b5e8 freerdp-devel-2.0.0-4.rc4.el7_8.x86_64.rpm
a8fe2f06e27066efae184329614a8574dd3dd7117f1ba4b55ea500e63334ad37 freerdp-libs-2.0.0-4.rc4.el7_8.i686.rpm
aad00478548f2a342ed111ae27ad492942c6890b7bd9de1f58954eaca05c7c4a freerdp-libs-2.0.0-4.rc4.el7_8.x86_64.rpm
9e6df1358ba37d30cd7a6e0db76a6ee242bdc0aed0c1a5e039035ec963814555 libwinpr-2.0.0-4.rc4.el7_8.i686.rpm
32cbd21c213f11009dc3fd3b9dc85e74c8f6a32e136f558bcf0101f9b0137b0f libwinpr-2.0.0-4.rc4.el7_8.x86_64.rpm
96d53bb2a1ff0cc5d2545052eafac0ddd3f6bbeab1df28ee2c59fbb53380f88a libwinpr-devel-2.0.0-4.rc4.el7_8.i686.rpm
c20c8eb83a977c474a71e3058f67afc3d6734043bc4e2c47cda817ffe6504466 libwinpr-devel-2.0.0-4.rc4.el7_8.x86_64.rpm
Source:
fec5dcb3b0acb6a41a8b1941355df873663e1e0e135757c003edbaf152b84bd3 freerdp-2.0.0-4.rc4.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2334
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
e9e31d04292b8a74dd0059fa677993199d6560901e05d899bff523292e396433 freerdp-2.0.0-4.rc4.el7_8.x86_64.rpm
9525ccd52c4cff879c9c875be6e7639f7928305e3fb45e6b110f51768ad3435e freerdp-devel-2.0.0-4.rc4.el7_8.i686.rpm
03bbcd326f47c1b9b7e4b2fc2b01eabbfd5e237529c04985fc68035a3470b5e8 freerdp-devel-2.0.0-4.rc4.el7_8.x86_64.rpm
a8fe2f06e27066efae184329614a8574dd3dd7117f1ba4b55ea500e63334ad37 freerdp-libs-2.0.0-4.rc4.el7_8.i686.rpm
aad00478548f2a342ed111ae27ad492942c6890b7bd9de1f58954eaca05c7c4a freerdp-libs-2.0.0-4.rc4.el7_8.x86_64.rpm
9e6df1358ba37d30cd7a6e0db76a6ee242bdc0aed0c1a5e039035ec963814555 libwinpr-2.0.0-4.rc4.el7_8.i686.rpm
32cbd21c213f11009dc3fd3b9dc85e74c8f6a32e136f558bcf0101f9b0137b0f libwinpr-2.0.0-4.rc4.el7_8.x86_64.rpm
96d53bb2a1ff0cc5d2545052eafac0ddd3f6bbeab1df28ee2c59fbb53380f88a libwinpr-devel-2.0.0-4.rc4.el7_8.i686.rpm
c20c8eb83a977c474a71e3058f67afc3d6734043bc4e2c47cda817ffe6504466 libwinpr-devel-2.0.0-4.rc4.el7_8.x86_64.rpm
Source:
fec5dcb3b0acb6a41a8b1941355df873663e1e0e135757c003edbaf152b84bd3 freerdp-2.0.0-4.rc4.el7_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-4378-1] Flask vulnerability
==========================================================================
Ubuntu Security Notice USN-4378-1
June 01, 2020
flask vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Flask could be made to consume a large amount of memory if it
received a specially crafted input.
Software Description:
- flask: Micro web framework based on Werkzeug and Jinja2
Details:
It was discovered that Flask incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python-flask 0.12.2-3ubuntu0.1
python3-flask 0.12.2-3ubuntu0.1
Ubuntu 16.04 LTS:
python-flask 0.10.1-2ubuntu0.1
python3-flask 0.10.1-2ubuntu0.1
Ubuntu 14.04 ESM:
python-flask 0.10.1-2ubuntu0.1~esm1
python3-flask 0.10.1-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4378-1
CVE-2018-1000656
Package Information:
https://launchpad.net/ubuntu/+source/flask/0.12.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/flask/0.10.1-2ubuntu0.1
Ubuntu Security Notice USN-4378-1
June 01, 2020
flask vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Flask could be made to consume a large amount of memory if it
received a specially crafted input.
Software Description:
- flask: Micro web framework based on Werkzeug and Jinja2
Details:
It was discovered that Flask incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python-flask 0.12.2-3ubuntu0.1
python3-flask 0.12.2-3ubuntu0.1
Ubuntu 16.04 LTS:
python-flask 0.10.1-2ubuntu0.1
python3-flask 0.10.1-2ubuntu0.1
Ubuntu 14.04 ESM:
python-flask 0.10.1-2ubuntu0.1~esm1
python3-flask 0.10.1-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4378-1
CVE-2018-1000656
Package Information:
https://launchpad.net/ubuntu/+source/flask/0.12.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/flask/0.10.1-2ubuntu0.1
[USN-4377-1] ca-certificates update
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7VG+UACgkQZWnYVadE
vpNeJBAAljGAWH0LvhCURSz287+8qw3PNQzcj/1L2zxAgG9fA1yrmj37byhF6sKg
+ssXj+46ATsILQWpjKFwwE0qS7l+XHNaaOUs7BBK3w1ZPUZ0Olv+1svq8+yYqBYm
E8TlVc8GyFSjHGJ5GsnH8otVixIR6CMwmHfdGOCiN/AAyFMqp4Quj0Ml/QLUa4tN
T0Hli4QSosl8t+yamIa48L2bMhmdqr54O36kbKvFT5yeEbQBi4wPkY4BikrWRGQZ
Ak/+G3RqvdzjNYLP+TIzcRYqtWSPgBqMryO5De+zT/gv0edegNPmvl7EHAqEjJ6F
7gCfoYpEeG5SKrt7jKMG2xpSQd7HeO0JgGXoUKFUmA3Ukqs6vOc5GdRBZEvWE6uU
AyAluDjyr76ria9jmW+FVvv0Icj9sZt/btiQNsowkuIKg249kDtrXKPz8m94rw7K
ef1fO19ziPFTq++nCw83dP5aHTHL+ytl+OaOUDprrZJ4Hmi1pRLyBFSch7PO35lH
Ja5dowHb4S5Dq4Z0MAQDVkpZJ2RqJeTyShyw6Zt3dtKZRPVvJ4p9pj1eMQEKcObN
umA0eNl/cVP8d/c17mfGQW73avSnUM9dZ0/wk8VfTVfuav3Sci2os8qO0BWO++WN
ao6WSJ/uKb0HeU2IfMdn8mGLvBwzYOSyvFDhbNCA/3SNM6ne1UU=
=Vrd3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4377-1
June 01, 2020
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
An expired certificate was removed from ca-certificates.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained an expired CA certificate that caused
connectivity issues. This update removes the "AddTrust External Root" CA.
In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update
refreshes the included certificates to those contained in the 20190110
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
ca-certificates 20190110ubuntu1.1
Ubuntu 19.10:
ca-certificates 20190110ubuntu0.19.10.1
Ubuntu 18.04 LTS:
ca-certificates 20190110~18.04.1
Ubuntu 16.04 LTS:
ca-certificates 20190110~16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4377-1
https://launchpad.net/bugs/1881533
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20190110ubuntu1.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~18.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~16.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7VG+UACgkQZWnYVadE
vpNeJBAAljGAWH0LvhCURSz287+8qw3PNQzcj/1L2zxAgG9fA1yrmj37byhF6sKg
+ssXj+46ATsILQWpjKFwwE0qS7l+XHNaaOUs7BBK3w1ZPUZ0Olv+1svq8+yYqBYm
E8TlVc8GyFSjHGJ5GsnH8otVixIR6CMwmHfdGOCiN/AAyFMqp4Quj0Ml/QLUa4tN
T0Hli4QSosl8t+yamIa48L2bMhmdqr54O36kbKvFT5yeEbQBi4wPkY4BikrWRGQZ
Ak/+G3RqvdzjNYLP+TIzcRYqtWSPgBqMryO5De+zT/gv0edegNPmvl7EHAqEjJ6F
7gCfoYpEeG5SKrt7jKMG2xpSQd7HeO0JgGXoUKFUmA3Ukqs6vOc5GdRBZEvWE6uU
AyAluDjyr76ria9jmW+FVvv0Icj9sZt/btiQNsowkuIKg249kDtrXKPz8m94rw7K
ef1fO19ziPFTq++nCw83dP5aHTHL+ytl+OaOUDprrZJ4Hmi1pRLyBFSch7PO35lH
Ja5dowHb4S5Dq4Z0MAQDVkpZJ2RqJeTyShyw6Zt3dtKZRPVvJ4p9pj1eMQEKcObN
umA0eNl/cVP8d/c17mfGQW73avSnUM9dZ0/wk8VfTVfuav3Sci2os8qO0BWO++WN
ao6WSJ/uKb0HeU2IfMdn8mGLvBwzYOSyvFDhbNCA/3SNM6ne1UU=
=Vrd3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4377-1
June 01, 2020
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
An expired certificate was removed from ca-certificates.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained an expired CA certificate that caused
connectivity issues. This update removes the "AddTrust External Root" CA.
In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update
refreshes the included certificates to those contained in the 20190110
package.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
ca-certificates 20190110ubuntu1.1
Ubuntu 19.10:
ca-certificates 20190110ubuntu0.19.10.1
Ubuntu 18.04 LTS:
ca-certificates 20190110~18.04.1
Ubuntu 16.04 LTS:
ca-certificates 20190110~16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4377-1
https://launchpad.net/bugs/1881533
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20190110ubuntu1.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~18.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20190110~16.04.1
lists.linuxfromscratch.org mailing list memberships reminder
This is a reminder, sent out once a month, about your
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
the list (for example, mailman-request@lists.linuxfromscratch.org)
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.
If you have questions, problems, comments, etc, send them to
mailman-owner@lists.linuxfromscratch.org. Thanks!
Passwords for reallost1.fbsd2233449@blogger.com:
List Password // URL
---- --------
lfs-announce@lists.linuxfromscratch.org vaozebru
http://lists.linuxfromscratch.org/options/lfs-announce/reallost1.fbsd2233449%40blogger.com
Subscribe to:
Posts (Atom)