CentOS Errata and Security Advisory 2014:X003 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
885234e7bead8d78e914780e3264f74e4058c4d0211934da4a4d28e3e405f51d e1000e-2.5.4-3.10.27.2.el6.centos.alt.x86_64.rpm
7c41b049043145c401915d77d61221163c5dc6438bf061211bd587ddb2267a86 kernel-3.10.27-11.el6.centos.alt.x86_64.rpm
be3b2a9f0e50148b22072418b6c4b84bdc3a7c21ab48e8ca0e4d036565532e14 kernel-devel-3.10.27-11.el6.centos.alt.x86_64.rpm
0dda48c96293eb27d7e61247a0b5c4b62f02f50074237b1c1e57cbe77410655a kernel-doc-3.10.27-11.el6.centos.alt.noarch.rpm
9e9aa71ae2ff05491e78785a45e7ddaa8ea703416522bcebd9a47b10a4d71aee kernel-firmware-3.10.27-11.el6.centos.alt.noarch.rpm
b6417227b1d496436f7c7c990025f31027a9761289fb1372eec64da8d8531e24 kernel-headers-3.10.27-11.el6.centos.alt.x86_64.rpm
64e9fcc80b0adcb964817f44613dc38d3921c78b3ffa2d3141486b1f6b057562 perf-3.10.27-11.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
5ba6ace33dbebe60964af7d3351913f66d0a445f4c4c94250e00876f6778603f e1000e-2.5.4-3.10.27.2.el6.centos.alt.src.rpm
6b691e8914f2d1744082d8a1275630b1d0fae8468a18f04b9119413331e51db1 kernel-3.10.27-11.el6.centos.alt.src.rpm
=====================================================
Kernel Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> 3.10.27-11
- upgrade to upstream 3.10.27
- addresses CVE-2013-4579
e1000e Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> - 2.5.4-3.10.27.2.el6.centos.alt
- build against version 2.10.27 kernel
=====================================================
The following kernel changelogs are available from kernel.org since the previous kernel:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26
=====================================================
The following security issues are addressed in this update:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4579
=====================================================
NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
/boot/grub/grub.conf (or you must update that file manually)
to boot the new kernel on a dom0 xen machine. See for info:
http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Friday, January 24, 2014
[CentOS-announce] CESA-2014:X002 Moderate Xen4CentOS xen Security Update
CentOS Errata and Security Advisory 2014:X002 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
be67f02a8f9eb6193ce790bf21048b2e6e2e17256ec8d236278d6b38a41af47a xen-4.2.3-27.el6.centos.alt.x86_64.rpm
b1bf1a31411d6fe6712973bd41373912655461f771a30e5919a5f7cdd9f13256 xen-debuginfo-4.2.3-27.el6.centos.alt.x86_64.rpm
1c524d0c15ba8ce443a0839bd3a66ec6c9ede64872f5237023589cc9bd02da1c xen-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
a25cbaed182a55871916c665b97263965e2f91f20bc67fb7ddbe96a024e5cd02 xen-doc-4.2.3-27.el6.centos.alt.x86_64.rpm
f13f4e568ed0221a4ce0596e3ec5a632098b3994bc7e62f769d27dea16bbd8e3 xen-hypervisor-4.2.3-27.el6.centos.alt.x86_64.rpm
78cb370bc54deac65c686ae8808ecfe85279be95f27cd65dad9c2ad59515cdfe xen-libs-4.2.3-27.el6.centos.alt.x86_64.rpm
2ebe2761b680ba920c49796d35ccf630e17d50f69351b922f5cd3e619cf87629 xen-licenses-4.2.3-27.el6.centos.alt.x86_64.rpm
d46714cc9e43b09c2d3a0121c1b6f4b0cc6e03bbe8eee88be619bfe95b05ffc9 xen-ocaml-4.2.3-27.el6.centos.alt.x86_64.rpm
b68aa9c107d583c34e3c0f02e7828b2d223b5553052ec752b56dc3e030781045 xen-ocaml-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
4382aa889a5c3a15690bfb9d11505564f1d1c7aa6d9b5e58378db0a33694d034 xen-runtime-4.2.3-27.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
e1b405ee597b55626b399e7ccb87f524c5c1be21690f0f0707e16d0378a9a4f0 xen-4.2.3-27.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> - 4.2.3-27.el6.centos
- Roll in patches 151 and 152 for the following XSAs:
XSA-83 (CVE-2014-1642) and XSA-87 (CVE-2014-1666)
=====================================================
The following XSA info is available from the Xen site
http://xenbits.xen.org/xsa/advisory-82.html
http://xenbits.xen.org/xsa/advisory-87.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
be67f02a8f9eb6193ce790bf21048b2e6e2e17256ec8d236278d6b38a41af47a xen-4.2.3-27.el6.centos.alt.x86_64.rpm
b1bf1a31411d6fe6712973bd41373912655461f771a30e5919a5f7cdd9f13256 xen-debuginfo-4.2.3-27.el6.centos.alt.x86_64.rpm
1c524d0c15ba8ce443a0839bd3a66ec6c9ede64872f5237023589cc9bd02da1c xen-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
a25cbaed182a55871916c665b97263965e2f91f20bc67fb7ddbe96a024e5cd02 xen-doc-4.2.3-27.el6.centos.alt.x86_64.rpm
f13f4e568ed0221a4ce0596e3ec5a632098b3994bc7e62f769d27dea16bbd8e3 xen-hypervisor-4.2.3-27.el6.centos.alt.x86_64.rpm
78cb370bc54deac65c686ae8808ecfe85279be95f27cd65dad9c2ad59515cdfe xen-libs-4.2.3-27.el6.centos.alt.x86_64.rpm
2ebe2761b680ba920c49796d35ccf630e17d50f69351b922f5cd3e619cf87629 xen-licenses-4.2.3-27.el6.centos.alt.x86_64.rpm
d46714cc9e43b09c2d3a0121c1b6f4b0cc6e03bbe8eee88be619bfe95b05ffc9 xen-ocaml-4.2.3-27.el6.centos.alt.x86_64.rpm
b68aa9c107d583c34e3c0f02e7828b2d223b5553052ec752b56dc3e030781045 xen-ocaml-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
4382aa889a5c3a15690bfb9d11505564f1d1c7aa6d9b5e58378db0a33694d034 xen-runtime-4.2.3-27.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
e1b405ee597b55626b399e7ccb87f524c5c1be21690f0f0707e16d0378a9a4f0 xen-4.2.3-27.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> - 4.2.3-27.el6.centos
- Roll in patches 151 and 152 for the following XSAs:
XSA-83 (CVE-2014-1642) and XSA-87 (CVE-2014-1666)
=====================================================
The following XSA info is available from the Xen site
http://xenbits.xen.org/xsa/advisory-82.html
http://xenbits.xen.org/xsa/advisory-87.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update
CentOS Errata and Security Advisory 2014:X001 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
dca0d401b7ac56172c4a004a412a4de308644d03c5cfd544a73aaf3675ca3e6b ibvirt-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b0266f915ecc3a46c14716162f1c19b98746627f0c8f1d08dba62fc75083741b ibvirt-client-0.10.2.8-6.el6.centos.alt.x86_64.rpm
827d90006f7052b850aaad10b8b94c76cf85672a2e50db2de6b87ee28f9962f9 ibvirt-daemon-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ff2350eb0ce8910d109a238a6d3309e4485b20713b79200330a9eb12bc116326 ibvirt-daemon-config-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
c591f292a8ada637b3da039d538b3a3b5304fd0f540d32d4224732972b010559 ibvirt-daemon-config-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8cb8f4b78d3ab68f0576d7d9c3d6eebde14e620dae8753b7cfc9432f427b110 ibvirt-daemon-driver-interface-0.10.2.8-6.el6.centos.alt.x86_64.rpm
5a41e5dc21b670397d65b4ec8bdfc758784d80a4b297eb146ae94d28513d0460 ibvirt-daemon-driver-libxl-0.10.2.8-6.el6.centos.alt.x86_64.rpm
71e2da6d10eeaf5c0d388daf3214f2c4b72bbffbba95554d2a2deb4156ab10ea ibvirt-daemon-driver-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
7a307f03fe71dd04dcfc01cea69e84e3dd3936e76ab9ce56813d3ef3b4452f0b ibvirt-daemon-driver-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
483068ddc0838612b6a64f6c0c0c555795112ae8af6bcc42e66ee72467d902f2 ibvirt-daemon-driver-nodedev-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2edf56a7d69070ee601649c33826710492e8e01025e9a7723583c831658f10e5 ibvirt-daemon-driver-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8ad61584a26c9c90b07aebabfd543ce0605463befacd0cbaa33078fc4b17623 ibvirt-daemon-driver-qemu-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b4f90cc79411a9da849111f66f58ea79872a2cb5cc21094460ac23dc9fa5419c ibvirt-daemon-driver-secret-0.10.2.8-6.el6.centos.alt.x86_64.rpm
9d2d993f9c81d622064a5444a888eb7b7c62f7f6e4a8241a22f68714ab117aee ibvirt-daemon-driver-storage-0.10.2.8-6.el6.centos.alt.x86_64.rpm
aa6ab8f17ed98961d4d170754a8fc63284533624a838121f789d2e31f9cdbdb9 ibvirt-daemon-driver-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
cf67135cc854eb275606fb22bbf4a832b33765c0420afb5bc5097dd28371768f ibvirt-daemon-kvm-0.10.2.8-6.el6.centos.alt.x86_64.rpm
e8795915b4320f32b32b7cd1e3b470665943f54f2f0626c4ddad4ed6bbd14cf0 ibvirt-daemon-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
adeaf6b9a3224fbd94b3a309d4ea8ee04bdd9459b0ea0cda535e4d75b65a4a55 ibvirt-daemon-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ef2c0e42f8fbd670a902c6de484da919c3d9aae428aab3e1c2a202cbf516065b ibvirt-debuginfo-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a2412290d48d386ff1873198aca2b8ef186d9564b6835430d94d655b3eb48dce ibvirt-devel-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2847aa70b0fe7a34aeabdafd6352a7ef0cd35a621741d4944557948d25860eac ibvirt-docs-0.10.2.8-6.el6.centos.alt.x86_64.rpm
f870254cc46117fe473effbb7faa8a6a879bf4a641a71e903b6291b4656cf3b6 libvirt-lock-sanlock-0.10.2.8-6.el6.centos.alt.x86_64.rpm
25efcbeaad0c1d1e021871ffa494f3e5569864fd2c08f6d69de3c5416abb2b82 libvirt-python-0.10.2.8-6.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
97c6cbee46e5b3c332f6fe80fb1bdecc9a47eabe9276ddfba987d251097a0e43 ibvirt-0.10.2.8-6.el6.centos.alt.src.rpm
=====================================================
libvirt Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> 0.10.2.8-6.el6.centos.alt
- applied patches 407 to 415 from the libvirt git tree for the 0.10.2-maint
branch
- CVE-2013-6458 is addressed in this patch
- one of the patches (xen4.3 event handler) needed to be slightly modified
due to the custom patches provided by xen.org (patches 200-207).
=====================================================
The following Security issues are addressed in this release:
https://access.redhat.com/security/cve/CVE-2013-6458
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
dca0d401b7ac56172c4a004a412a4de308644d03c5cfd544a73aaf3675ca3e6b ibvirt-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b0266f915ecc3a46c14716162f1c19b98746627f0c8f1d08dba62fc75083741b ibvirt-client-0.10.2.8-6.el6.centos.alt.x86_64.rpm
827d90006f7052b850aaad10b8b94c76cf85672a2e50db2de6b87ee28f9962f9 ibvirt-daemon-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ff2350eb0ce8910d109a238a6d3309e4485b20713b79200330a9eb12bc116326 ibvirt-daemon-config-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
c591f292a8ada637b3da039d538b3a3b5304fd0f540d32d4224732972b010559 ibvirt-daemon-config-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8cb8f4b78d3ab68f0576d7d9c3d6eebde14e620dae8753b7cfc9432f427b110 ibvirt-daemon-driver-interface-0.10.2.8-6.el6.centos.alt.x86_64.rpm
5a41e5dc21b670397d65b4ec8bdfc758784d80a4b297eb146ae94d28513d0460 ibvirt-daemon-driver-libxl-0.10.2.8-6.el6.centos.alt.x86_64.rpm
71e2da6d10eeaf5c0d388daf3214f2c4b72bbffbba95554d2a2deb4156ab10ea ibvirt-daemon-driver-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
7a307f03fe71dd04dcfc01cea69e84e3dd3936e76ab9ce56813d3ef3b4452f0b ibvirt-daemon-driver-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
483068ddc0838612b6a64f6c0c0c555795112ae8af6bcc42e66ee72467d902f2 ibvirt-daemon-driver-nodedev-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2edf56a7d69070ee601649c33826710492e8e01025e9a7723583c831658f10e5 ibvirt-daemon-driver-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8ad61584a26c9c90b07aebabfd543ce0605463befacd0cbaa33078fc4b17623 ibvirt-daemon-driver-qemu-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b4f90cc79411a9da849111f66f58ea79872a2cb5cc21094460ac23dc9fa5419c ibvirt-daemon-driver-secret-0.10.2.8-6.el6.centos.alt.x86_64.rpm
9d2d993f9c81d622064a5444a888eb7b7c62f7f6e4a8241a22f68714ab117aee ibvirt-daemon-driver-storage-0.10.2.8-6.el6.centos.alt.x86_64.rpm
aa6ab8f17ed98961d4d170754a8fc63284533624a838121f789d2e31f9cdbdb9 ibvirt-daemon-driver-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
cf67135cc854eb275606fb22bbf4a832b33765c0420afb5bc5097dd28371768f ibvirt-daemon-kvm-0.10.2.8-6.el6.centos.alt.x86_64.rpm
e8795915b4320f32b32b7cd1e3b470665943f54f2f0626c4ddad4ed6bbd14cf0 ibvirt-daemon-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
adeaf6b9a3224fbd94b3a309d4ea8ee04bdd9459b0ea0cda535e4d75b65a4a55 ibvirt-daemon-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ef2c0e42f8fbd670a902c6de484da919c3d9aae428aab3e1c2a202cbf516065b ibvirt-debuginfo-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a2412290d48d386ff1873198aca2b8ef186d9564b6835430d94d655b3eb48dce ibvirt-devel-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2847aa70b0fe7a34aeabdafd6352a7ef0cd35a621741d4944557948d25860eac ibvirt-docs-0.10.2.8-6.el6.centos.alt.x86_64.rpm
f870254cc46117fe473effbb7faa8a6a879bf4a641a71e903b6291b4656cf3b6 libvirt-lock-sanlock-0.10.2.8-6.el6.centos.alt.x86_64.rpm
25efcbeaad0c1d1e021871ffa494f3e5569864fd2c08f6d69de3c5416abb2b82 libvirt-python-0.10.2.8-6.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
97c6cbee46e5b3c332f6fe80fb1bdecc9a47eabe9276ddfba987d251097a0e43 ibvirt-0.10.2.8-6.el6.centos.alt.src.rpm
=====================================================
libvirt Changelog info from the SPEC file:
* Fri Jan 24 2014 Johnny Hughes <johnny@centos.org> 0.10.2.8-6.el6.centos.alt
- applied patches 407 to 415 from the libvirt git tree for the 0.10.2-maint
branch
- CVE-2013-6458 is addressed in this patch
- one of the patches (xen4.3 event handler) needed to be slightly modified
due to the custom patches provided by xen.org (patches 200-207).
=====================================================
The following Security issues are addressed in this release:
https://access.redhat.com/security/cve/CVE-2013-6458
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Election schedule slip and moving forward
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
The F21 Election schedule slipped and I've reworked the election schedule[0]. Please note that we've opened up input for the questionnaire[3] so there is still time to ask a question if you haven't already done so. Additional information will be transmitted per the schedule.
== Fedora Board Elections ==
There are two nominations for two open seats on the Board: Neville Cross and Haïkel Guémar[1]. Because there were no other challengers we won't hold an election or townhall for these candidates.
== FESCo (Engineering) Elections ==
There are six nominations for four seats on FESCo: Stephen Gallagher, Dennis Gilmore, Miloslav Trmač, Marcela Mašláňová, Toshio Kuratomi, and Kyle McMartin[2]. Because there are challengers for the seats we'll hold a townhall and an election based on the updated schedule[0]. Input for the questionnaire[3] for the candidates has been reopened until 23:59UTC on 27 January 2014.
== FAmSCo (Ambassadors) Elections ==
There are four nominations for three seats on FAmSCo: Neville A. Cross, Truong Anh Tuan, Marcel Ribeiro Dantas, and Jon Disnard [4]. Because there are challengers for the seats we'll hold a townhall and an election based on the updated schedule[0]. Input for the questionnaire[3] for the candidates has been reopened until 23:59UTC on 27 January 2014.
[0] https://fedoraproject.org/wiki/Elections#Committee_Elections_Schedule
[1] https://fedoraproject.org/wiki/Board_nominations?rd=Board/Elections/Nominations#Candidates
[2] https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations#FESCo_Elections_January_2014
[3] https://fedoraproject.org/wiki/Elections/Questionnaire
[4] https://fedoraproject.org/wiki/FAmSCo_nominations#Candidates
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks@redhat.com - sparks@fedoraproject.org
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJS4s2UAAoJEB/kgVGp2CYvSxcL/0CrmxnsApWq2rrITCEo14Da
8EMUVxGj556sCVrtRl0HagsWF7qm9ZAPi6kjpRSwPL2rdrNu0wS+VAAuU59Yia2t
wk1yAIVc8+b9jRB2SwdsQBsLB4YzPCZ9hPOqRMM7d+zi6mS/xLoda63CxJqgwk7A
YErHdWd863s3XZ/tVjHeAWehAztKOQX2b+WobJNNqkaSgcGn8kTijjqHNEUuOjIP
HHg+bCMW7TMK3dJ53RK8f68i4he7zWc9683ftjz64QFqwIqFBIbx7HYSvbg+bz9t
mrdE2Td+a5yiJ3jYUXqOUaupMgP4+K0fvhVFC23zjxiDh9COUa+/pYZ5yFEiTDC3
mffrpDCfvYeLQX1rB6NA+1SweQpIq6gpJXLHpkhUNYwepYUHplx3DgnE2ALOoytG
rgixvn8PwwWOm2al/AVbzAdZgnAFEvATXllpGhV28xlkmzLOvihS1LpzWjYnOgHv
drZEkbVXk+heZPXWLnGUEl5Zujy3PFBTYD5Onlhz1A==
=zgHd
-----END PGP SIGNATURE-----
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Thursday, January 23, 2014
[USN-2089-1] openjdk-7 vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4YHUAAoJEFHb3FjMVZVziJIP/08+euvmOj6MQo7DtWDqtUBm
pTPKJb8PETnjx8nFclIVuF4I46jcMILiZnoBFnzdIFGjf0OCSeW+q0WJhoPiaNCV
88xDz/7QhUBScm6bm7C5emV5Eg4umtUb6g323VQlRZLLwrBKj36VVcN5rfnpKVE/
jpJ1dU/W1X8xGEDJLm9sj9ViJhVCY8SxOou3zgjA/4FDPTNhS/Au0R97hlUJ4DzX
BqCk0v9edHK54Hb/U0IdclTr+Dp6CPXNpwaqozZfpL33Sc0KBsMXaZ6h+rOicbgb
E+LqGLHfL4wOwo0bQkLLgjQUDqCPhp7IAh/0lPGavgAiUwVzH92KOeGWnMHYb3uG
B1i2W/j5vjhATAKBv9ibBLCi4iSU78CR/F3hYur/DfSbfyPppyD2EO0xcqJoGIo/
AoZWzCd+Eq2PveqddiLJGn69sB1HS6LTbxOSEABqQjXLya21HHiw8SxWAYgqxiKl
cW2Aibl+OT8rA0EcnPIyNmU2pXIt34Va20TdT6gnRG2a+djzaU0kbSQojsI3I4Ne
2+RkXBU3wdw2NyINTNVni1alzt0yT8g5mpE9ojkKMbN4MJlOEOAHhdDjHZ0OZZb5
6qWQ13hFIBOz6YlRn5tKm12gewBj3MHyFhWrGhC+NVLtBp1c+cfKHQphR2KG5F+i
EjjCgdIX7wgTNIqaRFrk
=pri+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2089-1
January 23, 2014
openjdk-7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783,
CVE-2013-5804, CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896,
CVE-2013-5910)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,
CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,
CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884,
CVE-2014-0368)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,
CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850,
CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408,
CVE-2014-0422, CVE-2014-0428)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and availability. An attacker could exploit this to expose
sensitive data over the network or cause a denial of service.
(CVE-2014-0423)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.10.1
Ubuntu 13.04:
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.04.2
Ubuntu 12.10:
icedtea-7-jre-cacao 7u51-2.4.4-0ubuntu0.12.10.2
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.12.10.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2089-1
CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774,
CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,
CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800,
CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805,
CVE-2013-5806, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817,
CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829,
CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849,
CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884,
CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910,
CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0408,
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.04.2
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.12.10.2
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4YHUAAoJEFHb3FjMVZVziJIP/08+euvmOj6MQo7DtWDqtUBm
pTPKJb8PETnjx8nFclIVuF4I46jcMILiZnoBFnzdIFGjf0OCSeW+q0WJhoPiaNCV
88xDz/7QhUBScm6bm7C5emV5Eg4umtUb6g323VQlRZLLwrBKj36VVcN5rfnpKVE/
jpJ1dU/W1X8xGEDJLm9sj9ViJhVCY8SxOou3zgjA/4FDPTNhS/Au0R97hlUJ4DzX
BqCk0v9edHK54Hb/U0IdclTr+Dp6CPXNpwaqozZfpL33Sc0KBsMXaZ6h+rOicbgb
E+LqGLHfL4wOwo0bQkLLgjQUDqCPhp7IAh/0lPGavgAiUwVzH92KOeGWnMHYb3uG
B1i2W/j5vjhATAKBv9ibBLCi4iSU78CR/F3hYur/DfSbfyPppyD2EO0xcqJoGIo/
AoZWzCd+Eq2PveqddiLJGn69sB1HS6LTbxOSEABqQjXLya21HHiw8SxWAYgqxiKl
cW2Aibl+OT8rA0EcnPIyNmU2pXIt34Va20TdT6gnRG2a+djzaU0kbSQojsI3I4Ne
2+RkXBU3wdw2NyINTNVni1alzt0yT8g5mpE9ojkKMbN4MJlOEOAHhdDjHZ0OZZb5
6qWQ13hFIBOz6YlRn5tKm12gewBj3MHyFhWrGhC+NVLtBp1c+cfKHQphR2KG5F+i
EjjCgdIX7wgTNIqaRFrk
=pri+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2089-1
January 23, 2014
openjdk-7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783,
CVE-2013-5804, CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896,
CVE-2013-5910)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,
CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,
CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884,
CVE-2014-0368)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,
CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850,
CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408,
CVE-2014-0422, CVE-2014-0428)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and availability. An attacker could exploit this to expose
sensitive data over the network or cause a denial of service.
(CVE-2014-0423)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.10.1
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.10.1
Ubuntu 13.04:
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.04.2
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.04.2
Ubuntu 12.10:
icedtea-7-jre-cacao 7u51-2.4.4-0ubuntu0.12.10.2
icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.12.10.2
openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.12.10.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2089-1
CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774,
CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,
CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800,
CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805,
CVE-2013-5806, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817,
CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829,
CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849,
CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884,
CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910,
CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0408,
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.04.2
https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.12.10.2
[USN-2088-1] NSS vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UHDAAoJEGVp2FWnRL6T+84P/jbiKqP6MgTjLNXZ1Sp2M72r
JfMkPcvEZmif/nDVY0ukVafmZjDBxfzf3gQNMFNllW3FBiNCZufLX8HHc7AAu0wS
L4qx1wWLYpDz3LeFSI8M/9LldkjcPQmtCh9acyzTSi3c470iIlRIk6qiE8shPWcJ
VlYtWD9oJ7vnNERMmm3ekg5BH8A4TuFCEbWu5BYwaTg4NvSV3HoLqKHJmet2i0Ii
tSehKKWWb8xdYBHRjhR517oHAEexku6bqCwMMZ8Mo6gWqRmHLewJV5jclRrRhJh7
tmdpTvBrX+3R+5rc/OHQZsZ0v4PdlDd1Gixt/gPXDLY/1qp//QpOENCgsLHmjfy2
ob2osY1GkJu/Ks0HkyS6FstEPv4pZ8ffd+DCXLM3dHoRggy6RHtPOIaksA32HRtD
yc2D3bfZZvsPKCbMSDfxvWjjmnxJw+xiNsENZByZkgybEZntw+KY3bet+1rGfA98
VETVFgmLTIAZh5DT3eaV1JpcpMjWEzWNkfbSxzMa6v9w0jHTixwZdD/Cgg7L4r+8
2PJ1Y2+zuXtiEaq7l1un5jqsGLq3HahlegCCmRjLZK4EOWtY21NiMlxGE49HGm9A
sJAM8T4gfERI96p2kWExHu9Gj2wuMlcDvp6fFP/nO721EIw5F9pVuBwQr8U8quMO
XruEq5eAtStoSgNNNDd+
=w6K7
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2088-1
January 23, 2014
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
NSS could be made to expose sensitive information over the network.
Software Description:
- nss: Network Security Service library
Details:
Brian Smith discovered that NSS incorrectly handled the TLS False Start
feature. If a remote attacker were able to perform a man-in-the-middle
attack, this flaw could be exploited to spoof SSL servers.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libnss3 2:3.15.4-0ubuntu0.13.10.1
Ubuntu 12.10:
libnss3 3.15.4-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
libnss3 3.15.4-0ubuntu0.12.04.1
Ubuntu 10.04 LTS:
libnss3-1d 3.15.4-0ubuntu0.10.04.1
After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2088-1
CVE-2013-1740
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.15.4-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.10.04.1
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UHDAAoJEGVp2FWnRL6T+84P/jbiKqP6MgTjLNXZ1Sp2M72r
JfMkPcvEZmif/nDVY0ukVafmZjDBxfzf3gQNMFNllW3FBiNCZufLX8HHc7AAu0wS
L4qx1wWLYpDz3LeFSI8M/9LldkjcPQmtCh9acyzTSi3c470iIlRIk6qiE8shPWcJ
VlYtWD9oJ7vnNERMmm3ekg5BH8A4TuFCEbWu5BYwaTg4NvSV3HoLqKHJmet2i0Ii
tSehKKWWb8xdYBHRjhR517oHAEexku6bqCwMMZ8Mo6gWqRmHLewJV5jclRrRhJh7
tmdpTvBrX+3R+5rc/OHQZsZ0v4PdlDd1Gixt/gPXDLY/1qp//QpOENCgsLHmjfy2
ob2osY1GkJu/Ks0HkyS6FstEPv4pZ8ffd+DCXLM3dHoRggy6RHtPOIaksA32HRtD
yc2D3bfZZvsPKCbMSDfxvWjjmnxJw+xiNsENZByZkgybEZntw+KY3bet+1rGfA98
VETVFgmLTIAZh5DT3eaV1JpcpMjWEzWNkfbSxzMa6v9w0jHTixwZdD/Cgg7L4r+8
2PJ1Y2+zuXtiEaq7l1un5jqsGLq3HahlegCCmRjLZK4EOWtY21NiMlxGE49HGm9A
sJAM8T4gfERI96p2kWExHu9Gj2wuMlcDvp6fFP/nO721EIw5F9pVuBwQr8U8quMO
XruEq5eAtStoSgNNNDd+
=w6K7
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2088-1
January 23, 2014
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
NSS could be made to expose sensitive information over the network.
Software Description:
- nss: Network Security Service library
Details:
Brian Smith discovered that NSS incorrectly handled the TLS False Start
feature. If a remote attacker were able to perform a man-in-the-middle
attack, this flaw could be exploited to spoof SSL servers.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libnss3 2:3.15.4-0ubuntu0.13.10.1
Ubuntu 12.10:
libnss3 3.15.4-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
libnss3 3.15.4-0ubuntu0.12.04.1
Ubuntu 10.04 LTS:
libnss3-1d 3.15.4-0ubuntu0.10.04.1
After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2088-1
CVE-2013-1740
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.15.4-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.15.4-0ubuntu0.10.04.1
[USN-2087-1] NSPR vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq
FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b
RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA
krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1
6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N
zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6
E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP
mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ
Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU
v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC
45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt
KcbQSmUwKDjf4xi84DVJ
=vLNM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2087-1
January 23, 2014
nspr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
NSPR could be made to crash or run programs if it received a specially
crafted certificate.
Software Description:
- nspr: NetScape Portable Runtime Library
Details:
It was discovered that NSPR incorrectly handled certain malformed X.509
certificates. A remote attacker could use a crafted X.509 certificate to
cause NSPR to crash, leading to a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libnspr4 2:4.9.5-1ubuntu1.1
Ubuntu 12.10:
libnspr4 4.9.5-0ubuntu0.12.10.2
Ubuntu 12.04 LTS:
libnspr4 4.9.5-0ubuntu0.12.04.2
Ubuntu 10.04 LTS:
libnspr4-0d 4.9.5-0ubuntu0.10.04.2
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2087-1
CVE-2013-5607
Package Information:
https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq
FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b
RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA
krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1
6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N
zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6
E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP
mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ
Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU
v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC
45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt
KcbQSmUwKDjf4xi84DVJ
=vLNM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2087-1
January 23, 2014
nspr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
NSPR could be made to crash or run programs if it received a specially
crafted certificate.
Software Description:
- nspr: NetScape Portable Runtime Library
Details:
It was discovered that NSPR incorrectly handled certain malformed X.509
certificates. A remote attacker could use a crafted X.509 certificate to
cause NSPR to crash, leading to a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libnspr4 2:4.9.5-1ubuntu1.1
Ubuntu 12.10:
libnspr4 4.9.5-0ubuntu0.12.10.2
Ubuntu 12.04 LTS:
libnspr4 4.9.5-0ubuntu0.12.04.2
Ubuntu 10.04 LTS:
libnspr4-0d 4.9.5-0ubuntu0.10.04.2
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2087-1
CVE-2013-5607
Package Information:
https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2
Wednesday, January 22, 2014
NYCBSDCon ticket sales
Two more scheduled as per the registration page for $25 tickets.
Suspenders, January 23, 2014, 6:30 PM (111 Broadway, Manhattan)
Suspenders, January 27, 2014, 6:30 PM (111 Broadway, Manhattan)
These should last until 8 PM or so.
We are not sure when the other ones will be, if any.
These times will also be used for installfest-type activities.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce
Suspenders, January 23, 2014, 6:30 PM (111 Broadway, Manhattan)
Suspenders, January 27, 2014, 6:30 PM (111 Broadway, Manhattan)
These should last until 8 PM or so.
We are not sure when the other ones will be, if any.
These times will also be used for installfest-type activities.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce
[CentOS-announce] CEBA-2014:0085 CentOS 6 python Update
CentOS Errata and Bugfix Advisory 2014:0085
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0085.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7ffc935bd1b74cc8f47aa56a89b18d076fb147c161d600ca4e8bb32f29e8d4d5 python-2.6.6-52.el6.i686.rpm
0d6ba30030d477e68b68a99c26aca8620439a56d8ed408827bc4e904f64bca04 python-devel-2.6.6-52.el6.i686.rpm
0ac4c0b448a9e9adf1fa69eaad6711aa59da693d3f81bff90078d481e55ead27 python-libs-2.6.6-52.el6.i686.rpm
395628883b0eaf52d0cde980f5aa8496aff2ad9fab402eee3c29d2729d9d449a python-test-2.6.6-52.el6.i686.rpm
9d064def2836ed06520a39b927ee2c88070c6fa762e2ecc6f6304964bd050349 python-tools-2.6.6-52.el6.i686.rpm
96af917955dd711ae2f91bec07615aba1f5518dbb8eccf9f75616d10a3e48b33 tkinter-2.6.6-52.el6.i686.rpm
x86_64:
11b9dad91ba9df1f0f8f2749e1b57dce79f8125e8616a7a64274a21fdf35a6a2 python-2.6.6-52.el6.x86_64.rpm
44d27cb6b6cc1a0205c8f2ad2f6c054124f0d1de2ac872d126199ce7108b9fb0 python-devel-2.6.6-52.el6.x86_64.rpm
306f7507da559789672f2daab6162cecabde273b586bba1a559068ea08c0f4cc python-libs-2.6.6-52.el6.x86_64.rpm
f454a64169260d6054fdc3fc8cb1facf00314efb7d3a5bd80f83875bbbecaa0b python-test-2.6.6-52.el6.x86_64.rpm
8e73ae937c9ce29a1aebd2b97b04f69d6cd2132df15d1974f768364cf743de9e python-tools-2.6.6-52.el6.x86_64.rpm
1a36833025bf5ca09caf35030b25122fd07e42fb50bfd3ab2f691c44d21b305f tkinter-2.6.6-52.el6.x86_64.rpm
Source:
f35557314a7f4b5ad15ad3cf1bef934f4a0eec26aaea57a8ca475efee237a5f8 python-2.6.6-52.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0085.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7ffc935bd1b74cc8f47aa56a89b18d076fb147c161d600ca4e8bb32f29e8d4d5 python-2.6.6-52.el6.i686.rpm
0d6ba30030d477e68b68a99c26aca8620439a56d8ed408827bc4e904f64bca04 python-devel-2.6.6-52.el6.i686.rpm
0ac4c0b448a9e9adf1fa69eaad6711aa59da693d3f81bff90078d481e55ead27 python-libs-2.6.6-52.el6.i686.rpm
395628883b0eaf52d0cde980f5aa8496aff2ad9fab402eee3c29d2729d9d449a python-test-2.6.6-52.el6.i686.rpm
9d064def2836ed06520a39b927ee2c88070c6fa762e2ecc6f6304964bd050349 python-tools-2.6.6-52.el6.i686.rpm
96af917955dd711ae2f91bec07615aba1f5518dbb8eccf9f75616d10a3e48b33 tkinter-2.6.6-52.el6.i686.rpm
x86_64:
11b9dad91ba9df1f0f8f2749e1b57dce79f8125e8616a7a64274a21fdf35a6a2 python-2.6.6-52.el6.x86_64.rpm
44d27cb6b6cc1a0205c8f2ad2f6c054124f0d1de2ac872d126199ce7108b9fb0 python-devel-2.6.6-52.el6.x86_64.rpm
306f7507da559789672f2daab6162cecabde273b586bba1a559068ea08c0f4cc python-libs-2.6.6-52.el6.x86_64.rpm
f454a64169260d6054fdc3fc8cb1facf00314efb7d3a5bd80f83875bbbecaa0b python-test-2.6.6-52.el6.x86_64.rpm
8e73ae937c9ce29a1aebd2b97b04f69d6cd2132df15d1974f768364cf743de9e python-tools-2.6.6-52.el6.x86_64.rpm
1a36833025bf5ca09caf35030b25122fd07e42fb50bfd3ab2f691c44d21b305f tkinter-2.6.6-52.el6.x86_64.rpm
Source:
f35557314a7f4b5ad15ad3cf1bef934f4a0eec26aaea57a8ca475efee237a5f8 python-2.6.6-52.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Tuesday, January 21, 2014
[CentOS-announce] CEBA-2014:0084 CentOS 6 firefox Update
CentOS Errata and Bugfix Advisory 2014:0084
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0084.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d4be792a1455cbcbc0bf87520621be381b7058bb9b0d0cbab7de5ef31ca9ae20 firefox-24.2.0-6.el6.centos.i686.rpm
x86_64:
d4be792a1455cbcbc0bf87520621be381b7058bb9b0d0cbab7de5ef31ca9ae20 firefox-24.2.0-6.el6.centos.i686.rpm
91c18e09db27f0da1ab4ee78f1e55fb6ed7aa5146136c72a72d1f8d8e07888c2 firefox-24.2.0-6.el6.centos.x86_64.rpm
Source:
b146296bac575fafe20ed8435fbd9cbd9dbfbf91b03b98a340a95c01a2df252f firefox-24.2.0-6.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0084.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d4be792a1455cbcbc0bf87520621be381b7058bb9b0d0cbab7de5ef31ca9ae20 firefox-24.2.0-6.el6.centos.i686.rpm
x86_64:
d4be792a1455cbcbc0bf87520621be381b7058bb9b0d0cbab7de5ef31ca9ae20 firefox-24.2.0-6.el6.centos.i686.rpm
91c18e09db27f0da1ab4ee78f1e55fb6ed7aa5146136c72a72d1f8d8e07888c2 firefox-24.2.0-6.el6.centos.x86_64.rpm
Source:
b146296bac575fafe20ed8435fbd9cbd9dbfbf91b03b98a340a95c01a2df252f firefox-24.2.0-6.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
CANCELLED installfest/ticket sale
Tonight's installfest/NYCBSDCon ticket sale is cancelled.
We will reschedule for next week.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce
We will reschedule for next week.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce
[USN-2085-1] HPLIP vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS3oj2AAoJEGVp2FWnRL6T7kQP/0YoJdWnH0gTUQ7ZljRO/iH4
Mbr6rDlo+taMQv1pceb/rD/lkVJCOtPEKHnlA/Bw5GBLxmq1npeSWmwsEEOtghrd
hjN3ELdNxLuJiMnDHFpoagMt41lRS+oULYO8A/bq85srSWgZALZ9gLQhhWtMbBdh
OY52B/+dgrOAqZsc9B83SPxaKoRJbVIJiZxq/xFOUBlfzCruxQiRM2f7p/Z6F3DR
zKmUvJCjBltCUZfpeBXx/13e53Rbr2lbe2hrRwbfCQZN39Jj6sXGAfuJAzpMaNiQ
WdjuTEsu05+2OEhfRu8aP0bN7i7tXf99sVz+95pXij/5fn7P5klqNy2v5WE+hY5I
5FApt43xauuxDcsWcT9jZ0Mh1RbxKq6gdvDvae6VP/Mm4kauEl/kctPCexbspNnV
n333ojfescfxS1tARHhwVZ+s2vSm8V7brcJV1Z2D6Eqp8Ms6gGD5mvAS65mxTp2Z
RSsXx5BPddB5bU74u2G2Br/vxYw03kZJEYmOByIOgHV38F3cOXNLECEafU4v4zR/
zH59bo2HUF8GjoZsNfpNlP0uUBxF+zVTbHTRTUZewPY+m5VZy+5BUT0+91UPtmM6
+Ia5YQoR92/Hg2dMDU0Eeik6vdN8/kbaf3YVBlW9bHR6zz3lM2vWc55Y8MAkc7kC
lcLnM7AtDg/qhK6vlCLL
=cbyp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2085-1
January 21, 2014
hplip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in HPLIP.
Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)
Details:
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS
and higher, this should be prevented by the Yama link restrictions.
(CVE-2013-6402)
It was discovered that HPLIP contained an upgrade tool that would download
code in an unsafe fashion. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to execute arbitrary
code. (CVE-2013-6427)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
hplip 3.13.9-1ubuntu0.1
Ubuntu 12.10:
hplip 3.12.6-3ubuntu4.3
Ubuntu 12.04 LTS:
hplip 3.12.2-1ubuntu3.4
Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.5
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2085-1
CVE-2013-6402, CVE-2013-6427
Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.13.9-1ubuntu0.1
https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.3
https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.4
https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.5
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS3oj2AAoJEGVp2FWnRL6T7kQP/0YoJdWnH0gTUQ7ZljRO/iH4
Mbr6rDlo+taMQv1pceb/rD/lkVJCOtPEKHnlA/Bw5GBLxmq1npeSWmwsEEOtghrd
hjN3ELdNxLuJiMnDHFpoagMt41lRS+oULYO8A/bq85srSWgZALZ9gLQhhWtMbBdh
OY52B/+dgrOAqZsc9B83SPxaKoRJbVIJiZxq/xFOUBlfzCruxQiRM2f7p/Z6F3DR
zKmUvJCjBltCUZfpeBXx/13e53Rbr2lbe2hrRwbfCQZN39Jj6sXGAfuJAzpMaNiQ
WdjuTEsu05+2OEhfRu8aP0bN7i7tXf99sVz+95pXij/5fn7P5klqNy2v5WE+hY5I
5FApt43xauuxDcsWcT9jZ0Mh1RbxKq6gdvDvae6VP/Mm4kauEl/kctPCexbspNnV
n333ojfescfxS1tARHhwVZ+s2vSm8V7brcJV1Z2D6Eqp8Ms6gGD5mvAS65mxTp2Z
RSsXx5BPddB5bU74u2G2Br/vxYw03kZJEYmOByIOgHV38F3cOXNLECEafU4v4zR/
zH59bo2HUF8GjoZsNfpNlP0uUBxF+zVTbHTRTUZewPY+m5VZy+5BUT0+91UPtmM6
+Ia5YQoR92/Hg2dMDU0Eeik6vdN8/kbaf3YVBlW9bHR6zz3lM2vWc55Y8MAkc7kC
lcLnM7AtDg/qhK6vlCLL
=cbyp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2085-1
January 21, 2014
hplip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in HPLIP.
Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)
Details:
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS
and higher, this should be prevented by the Yama link restrictions.
(CVE-2013-6402)
It was discovered that HPLIP contained an upgrade tool that would download
code in an unsafe fashion. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to execute arbitrary
code. (CVE-2013-6427)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
hplip 3.13.9-1ubuntu0.1
Ubuntu 12.10:
hplip 3.12.6-3ubuntu4.3
Ubuntu 12.04 LTS:
hplip 3.12.2-1ubuntu3.4
Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.5
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2085-1
CVE-2013-6402, CVE-2013-6427
Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.13.9-1ubuntu0.1
https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.3
https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.4
https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.5
Subscribe to:
Posts (Atom)