Just released.
Updates in 3 source package(s), 12 binary package(s):
Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64
qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high
* CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x:
CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch
CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch
CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch
CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch
CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch
CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch
CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch
Closes: #886532, CVE-2017-5715
* multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch
Closes: #892041, CVE-2018-7550
* vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch
Closes: #887392, CVE-2018-5683
* osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch
Closes: CVE-2017-18043
* virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch
Closes: #883625, CVE-2017-17381
* ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch
Closes: #882136, CVE-2017-16845
* cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch
Closes: #880832, CVE-2017-15289
* io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch
Closes: #880836, CVE-2017-15268
* nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch
Closes: #883399, CVE-2017-15119
* 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
Closes: #877890, CVE-2017-15038
* CVE-2017-15124 (VNC server unbounded memory usage) fixes:
CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch
CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch
CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch
CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch
CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch
CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch
CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch
CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch
CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch
CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch
CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch
CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch
CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch
Closes: #884806, CVE-2017-15124
Source gnupg2, binaries: gnupg:amd64 gnupg-agent:amd64 gpgv:amd64 gnupg:arm64 gnupg-agent:arm64 gpgv:arm64
gnupg2 (2.1.18-8~deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* gpg: Sanitize diagnostic with the original file name (CVE-2018-12020)
Source procps, binaries: libprocps6:amd64 procps:amd64 libprocps6:arm64 procps:arm64
procps (2:3.3.12-3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* top: Do not default to the cwd in configs_read(). (CVE-2018-1122)
* ps/output.c: Fix outbuf overflows in pr_args() etc. (CVE-2018-1123)
* proc/readproc.c: Fix bugs and overflows in file2strvec(). (CVE-2018-1124)
* pgrep: Prevent a potential stack-based buffer overflow (CVE-2018-1125)
* proc/alloc.*: Use size_t, not unsigned int. (CVE-2018-1126)
https://cloud.debian.org/images/openstack/current-9/
--
Steve McIntyre, Cambridge, UK. steve@einval.com
< Aardvark> I dislike C++ to start with. C++11 just seems to be
handing rope-creating factories for users to hang multiple
instances of themselves.
Attachment:
signature.asc
Description: PGP signature