CentOS Errata and Security Advisory 2017:2795 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2795
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0ece8515a2a820dd68805f034238d315dc9bf7a3bd8979ab908914fff523535f kernel-2.6.32-696.10.3.el6.i686.rpm
6c0a44700f042cfbd024f7b22852a63626cd2023582b7e9033d473159cf9fe30 kernel-abi-whitelists-2.6.32-696.10.3.el6.noarch.rpm
0ee646bb30bc95b465839b76203c4371aea05c36f9fdc1a12ff5f59d716333e5 kernel-debug-2.6.32-696.10.3.el6.i686.rpm
6257147fd5d9d5e36f6e2c50e992c72d661a07ccfd8ffc6b02ecc81cdbdbb9e5 kernel-debug-devel-2.6.32-696.10.3.el6.i686.rpm
9a9ea42cdd6b6ce5b7f62a4972f2aeaf2f990eff124aa88fbb559a423525e959 kernel-devel-2.6.32-696.10.3.el6.i686.rpm
55f6c6bd63dabafd17488a612514c98ae9b37ee61d0be089be6363d80c3b45db kernel-doc-2.6.32-696.10.3.el6.noarch.rpm
eb543c671ef9785795e3472c146c194a1b0cfbee829b0c7463f457b71f13dee2 kernel-firmware-2.6.32-696.10.3.el6.noarch.rpm
5454beb01c3d7cc4e6ccf7831ac0eb191ea2e44aaa53690c413fe44462c902b3 kernel-headers-2.6.32-696.10.3.el6.i686.rpm
9dfdf0318330bd2e6a082f0c2ffc0a52f4854ebd20da227462b03648294b7ace perf-2.6.32-696.10.3.el6.i686.rpm
083e8d2bfc51b686b8c7f263ce80f8df7ac02fb6f761d4881db2cf66b4651bd6 python-perf-2.6.32-696.10.3.el6.i686.rpm
x86_64:
06e870bb5d57fefe461086e03173b75b2fa3d26b0662c0ed218272be4f62d870 kernel-2.6.32-696.10.3.el6.x86_64.rpm
6c0a44700f042cfbd024f7b22852a63626cd2023582b7e9033d473159cf9fe30 kernel-abi-whitelists-2.6.32-696.10.3.el6.noarch.rpm
0f372b21085376d6ebe881c445d0d4852e0df7c53a57def067cc3e202e62d254 kernel-debug-2.6.32-696.10.3.el6.x86_64.rpm
6257147fd5d9d5e36f6e2c50e992c72d661a07ccfd8ffc6b02ecc81cdbdbb9e5 kernel-debug-devel-2.6.32-696.10.3.el6.i686.rpm
2ac733e53bb15e042ac8391fea5b47808bbb3608037b8fc914131a1802aa3ac3 kernel-debug-devel-2.6.32-696.10.3.el6.x86_64.rpm
d476497f262a01b016efde27d7cdc831c79bdbe1e0deb335e5d1f71f30b324e2 kernel-devel-2.6.32-696.10.3.el6.x86_64.rpm
55f6c6bd63dabafd17488a612514c98ae9b37ee61d0be089be6363d80c3b45db kernel-doc-2.6.32-696.10.3.el6.noarch.rpm
eb543c671ef9785795e3472c146c194a1b0cfbee829b0c7463f457b71f13dee2 kernel-firmware-2.6.32-696.10.3.el6.noarch.rpm
303b8df4e585d9954b566329a16f2abab68783d82ebe619b5beb08fbb7b97f3d kernel-headers-2.6.32-696.10.3.el6.x86_64.rpm
5dcd16fdfe201473d29a27074942fa1d385edf1f0e8c36cfaaec0c42e0da073d perf-2.6.32-696.10.3.el6.x86_64.rpm
6b60c2094c7628db2dfe430250829584e5e5ae958eeebef91b06effe3791de94 python-perf-2.6.32-696.10.3.el6.x86_64.rpm
Source:
6a35901d0c441f3bcfb438598e8658e497c406fab60c784a80b77c47d109c8e0 kernel-2.6.32-696.10.3.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Wednesday, September 27, 2017
F28 System Wide Change: Annobin
= Proposed System Wide Change: Annobin =
https://fedoraproject.org/wiki/Changes/Annobin
Change owner(s):
* Nick Clifton <nickc AT redhat DOT com>
This change causes extra information to be stored in binary files
compiled by gcc. This information can be used by scripts to check on
various features of the file, such as the hardening options used of
potential ABI conflicts.
== Detailed Description ==
The plan is to use a plugin to gcc to record extra information in the
object files it creates. This information can then be examined by
static analysis tools. The information is recorded in a compact,
extensible format, described here:
https://fedoraproject.org/wiki/Toolchain/Watermark
The Fedora annobin package is an implementation of the plugin for gcc.
It also includes some example scripts that demonstrate how the
recorded information can be used to, for example, check that an
executable has been compiled with the correct hardening options, or
detect if any conflicting ABI options have been used when compiling
various parts of the executable.
To enable this change it is proposed that the redhat-rpm-config
package should be extended to add the "-fplugin=annobin" option to the
__global_compiler-flags macro. In theory such a change will be
completely invisible to Fedora users but should prove to be very
helpful to Fedora Release Management, assuming that they like the idea
of these annotated binaries.
== Scope ==
* Proposal owners:
Make sure the annobin plugin is ready.
* Other developers:
An update is needed to the redhat-rpm-config package in order for the
plugin to be invoked when gcc is used to compile programs, and to add
a dependency upon the annobin package.
* Release engineering: https://pagure.io/releng/issue/7069
- Coordination with release engineering is needed.
- A mass rebuild will be required.
* List of deliverables:
All delivered images are affected, however there no changes to the list it self.
* Policies and guidelines:
No updates needed
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
https://fedoraproject.org/wiki/Changes/Annobin
Change owner(s):
* Nick Clifton <nickc AT redhat DOT com>
This change causes extra information to be stored in binary files
compiled by gcc. This information can be used by scripts to check on
various features of the file, such as the hardening options used of
potential ABI conflicts.
== Detailed Description ==
The plan is to use a plugin to gcc to record extra information in the
object files it creates. This information can then be examined by
static analysis tools. The information is recorded in a compact,
extensible format, described here:
https://fedoraproject.org/wiki/Toolchain/Watermark
The Fedora annobin package is an implementation of the plugin for gcc.
It also includes some example scripts that demonstrate how the
recorded information can be used to, for example, check that an
executable has been compiled with the correct hardening options, or
detect if any conflicting ABI options have been used when compiling
various parts of the executable.
To enable this change it is proposed that the redhat-rpm-config
package should be extended to add the "-fplugin=annobin" option to the
__global_compiler-flags macro. In theory such a change will be
completely invisible to Fedora users but should prove to be very
helpful to Fedora Release Management, assuming that they like the idea
of these annotated binaries.
== Scope ==
* Proposal owners:
Make sure the annobin plugin is ready.
* Other developers:
An update is needed to the redhat-rpm-config package in order for the
plugin to be invoked when gcc is used to compile programs, and to add
a dependency upon the annobin package.
* Release engineering: https://pagure.io/releng/issue/7069
- Coordination with release engineering is needed.
- A mass rebuild will be required.
* List of deliverables:
All delivered images are affected, however there no changes to the list it self.
* Policies and guidelines:
No updates needed
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Tuesday, September 26, 2017
LibreSSL 2.6.2 Released
We have released LibreSSL 2.6.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the third
development release from the 2.6 series, which will eventually be part of
OpenBSD 6.2. It includes the following fixes:
* Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair. Issue reported by William Graeber and confirmed by
Andreas Bartelt.
* Fixed various issues in the OCSP extension parsing code.
The original code incorrectly passes the pointer allocated via
CBS_stow() (using malloc()) to a d2i_*() function and then calls
free() on the now incremented pointer, most likely resulting in a
crash. This issue was reported by Robert Swiecki who found the issue
using honggfuzz.
* If tls_config_parse_protocols() is called with a NULL pointer,
return the default protocols instead of crashing - this makes the
behaviour more useful and mirrors what we already do in
tls_config_set_ciphers() et al.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
LibreSSL directory of your local OpenBSD mirror soon. This is the third
development release from the 2.6 series, which will eventually be part of
OpenBSD 6.2. It includes the following fixes:
* Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair. Issue reported by William Graeber and confirmed by
Andreas Bartelt.
* Fixed various issues in the OCSP extension parsing code.
The original code incorrectly passes the pointer allocated via
CBS_stow() (using malloc()) to a d2i_*() function and then calls
free() on the now incremented pointer, most likely resulting in a
crash. This issue was reported by Robert Swiecki who found the issue
using honggfuzz.
* If tls_config_parse_protocols() is called with a NULL pointer,
return the default protocols instead of crashing - this makes the
behaviour more useful and mirrors what we already do in
tls_config_set_ciphers() et al.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
Fwd: Removal of dependencies on net-tools
Hi,
So net-tools has been deprecated a long time at this point with numerous known issues - especially as we enter an IPv6 world.
There was an initial discussion a few months back as can be reviewed here:
FESCo agreed with the goal of removing the distributions dependency on net-tools a couple of months ago:
In accordance with the mass bug filing process the packages that are affected have been located with `dnf repoquery --all --alldeps --whatrequires net-tools` and the list of maintainers/packagers affected are at the end.
I'll be filing the tracker bug in due course and bugs against the packages in question.
I'm going to go through as best I can to check for the reason for the dependency on each, but naturally I only have so much time. If you are able to swiftly remove the dependency yourself, or if there is a good reason for it, please actively close the bugs opened - or reach out to me to do so.
I'm already knee deep in facter which is a complex update to remove the requirement as new dependency packages are introduced to get to the current version without the requirement.
If you're unsure how to port a net-tools related script to one using the iproute2 utilities please do let me know and I'll be happy to help move them over.
For those who aren't currently packagers that would like to help - remember that the new Pagure based interface to our git does support pull requests :)
For any changes that are made to packages, please just include them in Rawhide to be a part of F28 and leave the F27 branch and packages at the current versions they are. If it's going to make a change to the user experience please file (or ping me and I'll do so on your behalf whilst managing this process overall) a Self Contained Change for Fedora 28.
Regards,
James
Maintainers by package:
WALinuxAgent cottsay
beakerlib afri sopos
chkrootkit limb
cloud-init adimania apevec gholms larsks shardy skottler
ctdb
facter gchamoul kanarip lzap rrati skottler stahnma
gnome-nettool alexl caolanm group::gnome-sig johnp kalev mbarnes rhughes rnorwood rstrode ssp
iodine hubbitus lystor
mariadb hhorak jstanek mbayer mkocka mmuzila mschorm
mediatomb limb
open-vm-tools ravindrakumar rjones slaanesh
openslp rdieter vcrhonek
openwsman gunnersrini praveenp vcrhonek
peervpn jcholast
pki-core edewata kwright mharmsen vakwetu
psad rathann
recap bharper carlwgeorge
redhat-lsb ovasik pnemade
resource-agents beekhof cfeist dvossel lon oalbrigt
synce-connector awjb
systemtap brolley drsmith2 fche jistone lberk mjw nathans scox smakarov wcohen
testcloud group::qa-tools-sig mkrizek tflink
tunir kushal
wicd dcantrel
wifi-radar robyduck
wlassistant spot
x2goserver orion
Packages by maintainer:
adimania cloud-init
afri beakerlib
alexl gnome-nettool
apevec cloud-init
awjb synce-connector
beekhof resource-agents
bharper recap
brolley systemtap
caolanm gnome-nettool
carlwgeorge recap
cfeist resource-agents
cottsay WALinuxAgent
dcantrel wicd
drsmith2 systemtap
dvossel resource-agents
edewata pki-core
fche systemtap
gchamoul facter
gholms cloud-init
group::gnome-sig gnome-nettool
group::qa-tools-sig testcloud
gunnersrini openwsman
hhorak mariadb
hubbitus iodine
jcholast peervpn
jistone systemtap
johnp gnome-nettool
jstanek mariadb
kalev gnome-nettool
kanarip facter
kushal tunir
kwright pki-core
larsks cloud-init
lberk systemtap
limb chkrootkit mediatomb
lon resource-agents
lystor iodine
lzap facter
mbarnes gnome-nettool
mbayer mariadb
mharmsen pki-core
mjw systemtap
mkocka mariadb
mkrizek testcloud
mmuzila mariadb
mschorm mariadb
nathans systemtap
oalbrigt resource-agents
orion x2goserver
ovasik redhat-lsb
pnemade redhat-lsb
praveenp openwsman
rathann psad
ravindrakumar open-vm-tools
rdieter openslp
rhughes gnome-nettool
rjones open-vm-tools
rnorwood gnome-nettool
robyduck wifi-radar
rrati facter
rstrode gnome-nettool
scox systemtap
shardy cloud-init
skottler cloud-init facter
slaanesh open-vm-tools
smakarov systemtap
sopos beakerlib
spot wlassistant
ssp gnome-nettool
stahnma facter
tflink testcloud
vakwetu pki-core
vcrhonek openslp openwsman
wcohen systemtap
[CentOS-announce] Announcing the release of Gluster 3.12 on CentOS Linux 6 x86_64
I am happy to announce the General Availability of Gluster 3.12 for
CentOS 6 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.
Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/
Users of CentOS 6 can now simply install Gluster 3.12 with only these two
commands:
# yum install centos-release-gluster
# yum install glusterfs-server
The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.
Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html
We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart
More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster
The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs
We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .
Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer
CentOS 6 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.
Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/
Users of CentOS 6 can now simply install Gluster 3.12 with only these two
commands:
# yum install centos-release-gluster
# yum install glusterfs-server
The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.
Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html
We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart
More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster
The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs
We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .
Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer
[CentOS-announce] Announcing the release of Gluster 3.12 on CentOS Linux 7 x86_64
I am happy to announce the General Availability of Gluster 3.12 for
CentOS 7 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.
Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/
Users of CentOS 7 can now simply install Gluster 3.12 with only these two
commands:
# yum install centos-release-gluster
# yum install glusterfs-server
The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.
Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html
We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart
More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster
The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs
We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .
Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer
CentOS 7 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.
Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/
Users of CentOS 7 can now simply install Gluster 3.12 with only these two
commands:
# yum install centos-release-gluster
# yum install glusterfs-server
The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.
Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html
We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart
More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster
The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs
We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .
Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer
Monday, September 25, 2017
[USN-3429-1] Libplist vulnerability
==========================================================================
Ubuntu Security Notice USN-3429-1
September 25, 2017
Ubuntu Security Notice USN-3429-1
September 25, 2017
libplist vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Libplist could be made to crash if it opened a specially crafted
file.
Software Description:
- libplist: Library for handling Apple binary and XML property lists
Details:
Wang Junjie discovered that Libplist incorrectly handled certain files.
If a user were tricked into opening a crafted file, an attacker could
possibly use this to cause a crash or denial or service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libplist-utils 1.12-3.1ubuntu0.17.04.1
libplist3 1.12-3.1ubuntu0.17.04.1
python-plist 1.12-3.1ubuntu0.17.04.1
Ubuntu 16.04 LTS:
libplist-utils 1.12-3.1ubuntu0.16.04.1
libplist3 1.12-3.1ubuntu0.16.04.1
python-plist 1.12-3.1ubuntu0.16.04.1
Ubuntu 14.04 LTS:
libplist-utils 1.10-1ubuntu0.1
libplist1 1.10-1ubuntu0.1
python-plist 1.10-1ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3429-1
CVE-2017-7982
Package Information:
https://launchpad.net/ubuntu/+source/libplist/1.12-3.1ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/libplist/1.12-3.1ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/libplist/1.10-1ubuntu0.1
Friday, September 22, 2017
OpenBSD Errata: September 22nd, 2017 (perl)
Errata patches for perl have been released for OpenBSD 6.0 and 6.1.
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:
https://www.openbsd.org/errata60.html
https://www.openbsd.org/errata61.html
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:
https://www.openbsd.org/errata60.html
https://www.openbsd.org/errata61.html
Thursday, September 21, 2017
[USN-3428-1] Emacs vulnerability
==========================================================================
Ubuntu Security Notice USN-3428-1
September 21, 2017
emacs25 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
Summary:
Emacs could be made to run programs as your login if it opened a
specially crafted file.
Software Description:
- emacs25: GNU Emacs editor
Details:
Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
emacs25 25.1+1-3ubuntu4.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3428-1
CVE-2017-14482
Package Information:
https://launchpad.net/ubuntu/+source/emacs25/25.1+1-3ubuntu4.1
Ubuntu Security Notice USN-3428-1
September 21, 2017
emacs25 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
Summary:
Emacs could be made to run programs as your login if it opened a
specially crafted file.
Software Description:
- emacs25: GNU Emacs editor
Details:
Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
emacs25 25.1+1-3ubuntu4.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3428-1
CVE-2017-14482
Package Information:
https://launchpad.net/ubuntu/+source/emacs25/25.1+1-3ubuntu4.1
[USN-3427-1] Emacs vulnerability
==========================================================================
Ubuntu Security Notice USN-3427-1
September 21, 2017
emacs24 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Emacs could be made to run programs as your login if it
opened a specially crafted file.
Software Description:
- emacs24: GNU Emacs editor
Details:
Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
emacs24 24.5+1-6ubuntu1.1
Ubuntu 14.04 LTS:
emacs24 24.3+1-2ubuntu1.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3427-1
CVE-2017-14482
Package Information:
https://launchpad.net/ubuntu/+source/emacs24/24.5+1-6ubuntu1.1
https://launchpad.net/ubuntu/+source/emacs24/24.3+1-2ubuntu1.1
Ubuntu Security Notice USN-3427-1
September 21, 2017
emacs24 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Emacs could be made to run programs as your login if it
opened a specially crafted file.
Software Description:
- emacs24: GNU Emacs editor
Details:
Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
emacs24 24.5+1-6ubuntu1.1
Ubuntu 14.04 LTS:
emacs24 24.3+1-2ubuntu1.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3427-1
CVE-2017-14482
Package Information:
https://launchpad.net/ubuntu/+source/emacs24/24.5+1-6ubuntu1.1
https://launchpad.net/ubuntu/+source/emacs24/24.3+1-2ubuntu1.1
Fedora 27 Beta status is NO-GO
Release status of the Fedora 27 Beta is NO-GO.
The next Go/No-Go meeting is planned on Thursday, Sep 28th. The Beta
release slips for one week. All further milestones will move out 1
week also.
For more information please check the minutes from the second round of
F27 Beta Go/No-Go meeting [1][2].
[1] https://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-21/f27-beta-go-no-go-meeting-2nd.2017-09-21-17.00.html
[2] https://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-21/f27-beta-go-no-go-meeting-2nd.2017-09-21-17.00.log.html
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
The next Go/No-Go meeting is planned on Thursday, Sep 28th. The Beta
release slips for one week. All further milestones will move out 1
week also.
For more information please check the minutes from the second round of
F27 Beta Go/No-Go meeting [1][2].
[1] https://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-21/f27-beta-go-no-go-meeting-2nd.2017-09-21-17.00.html
[2] https://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-21/f27-beta-go-no-go-meeting-2nd.2017-09-21-17.00.log.html
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
[USN-3426-1] Samba vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZw/nzAAoJEGVp2FWnRL6TXsAP/RFDEgOveaMuoI1s1Xr/fqGk
RbOZKH23yv8iMbdd81kYsscWA4SIPYd0P9v47rbGpGMHJkGJ29aO4aTvoVHoZtr7
OUrl7LcWtUXRg4+VcQeU/ii0Jq8AyDuioskDnl8CYtG7uxRvsg3sUYXB+JlcfSHr
Pj4ZoUrtRdt3WfIr+V54U3DyRVk5agIHs5W9NyhyPzl0MeQCeubMv4xwhuDBAHZO
xgQ7Sb6OPCkN74N11Aw9SGg8ub7tWgNXKaRk5nl5tYls2IfKTgo4p3IIhzlm4bet
dVPJVN45D71NuNRXneeTKyRmCPvtBv8e8sJj693Q8b566eSQdkwnlCduqfL3t6Hp
tAM5MRTNP3aGMfJ73rwtNrVGwyGO9T/F1JIyqch1ov5TCjlJMopYLFgHm9khlxZD
+8pEwQlj5CxZqMypQJEQg8ztGCrHUd3oG5wMk/nuCV/A7Bk9BP09aTvkUXHkTB2o
ZQPqQg2zZ/OlsL7VWX1b8jeJ0P2wDT1wP+dSdleRTPyQ+VUX0RUUqwpY3hFL16i1
woYT9EB/f1q6O4C2ghFk9SV6OdHE+wi1+vA0PT/35g4W9CrhJBk2pCM4Lx1rVxc/
OSvgM+M2h3QGo7bMw8nZRfK+b03a7KGGRIclJ6htGg1aiXWDTz43Ehw1E67SLTRU
qTFBUQZniJLmGa03ZJ6H
=GK+b
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3426-1
September 21, 2017
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Samba could be made to expose sensitive information over the network.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a man
in the middle attack. (CVE-2017-12150)
Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
man in the middle attack. (CVE-2017-12151)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.7
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.11
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.12
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3426-1
CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.5.8+dfsg-0ubuntu0.17.04.7
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.11
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.12
Version: GnuPG v2
iQIcBAEBCgAGBQJZw/nzAAoJEGVp2FWnRL6TXsAP/RFDEgOveaMuoI1s1Xr/fqGk
RbOZKH23yv8iMbdd81kYsscWA4SIPYd0P9v47rbGpGMHJkGJ29aO4aTvoVHoZtr7
OUrl7LcWtUXRg4+VcQeU/ii0Jq8AyDuioskDnl8CYtG7uxRvsg3sUYXB+JlcfSHr
Pj4ZoUrtRdt3WfIr+V54U3DyRVk5agIHs5W9NyhyPzl0MeQCeubMv4xwhuDBAHZO
xgQ7Sb6OPCkN74N11Aw9SGg8ub7tWgNXKaRk5nl5tYls2IfKTgo4p3IIhzlm4bet
dVPJVN45D71NuNRXneeTKyRmCPvtBv8e8sJj693Q8b566eSQdkwnlCduqfL3t6Hp
tAM5MRTNP3aGMfJ73rwtNrVGwyGO9T/F1JIyqch1ov5TCjlJMopYLFgHm9khlxZD
+8pEwQlj5CxZqMypQJEQg8ztGCrHUd3oG5wMk/nuCV/A7Bk9BP09aTvkUXHkTB2o
ZQPqQg2zZ/OlsL7VWX1b8jeJ0P2wDT1wP+dSdleRTPyQ+VUX0RUUqwpY3hFL16i1
woYT9EB/f1q6O4C2ghFk9SV6OdHE+wi1+vA0PT/35g4W9CrhJBk2pCM4Lx1rVxc/
OSvgM+M2h3QGo7bMw8nZRfK+b03a7KGGRIclJ6htGg1aiXWDTz43Ehw1E67SLTRU
qTFBUQZniJLmGa03ZJ6H
=GK+b
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3426-1
September 21, 2017
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Samba could be made to expose sensitive information over the network.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a man
in the middle attack. (CVE-2017-12150)
Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
man in the middle attack. (CVE-2017-12151)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.7
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.11
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.12
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3426-1
CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.5.8+dfsg-0ubuntu0.17.04.7
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.11
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.12
Subscribe to:
Posts (Atom)