Jessie openstack image updated to version 8.8.2-20180620

To: debian-cloud@lists.debian.org
Subject: Jessie openstack image updated to version 8.8.2-20180620
From: Steve McIntyre <steve@einval.com>
Date: Tue, 20 Jun 2017 15:50:05 +0100
Message-id: <[🔎] 20170620145005.vcfswlnqcuknzphn@einval.com>

Just released, including a stack of security updates:

8.8.2-20180620

Updates in 9 source package(s), 14 binary package(s):

  Source glibc, binaries: libc-bin:amd64 libc6:amd64 locales:amd64 locales-all:amd64 multiarch-support:amd64  
  glibc (2.19-18+deb8u10) jessie-security; urgency=medium
  
    * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
      debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
      debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
      patches to protect the dynamic linker against stack clashes
      (CVE-2017-1000366).
    * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
      upstream to disable HWCAP for AT_SECURE programs.

  Source gnutls28, binaries: libgnutls-deb0-28:amd64 libgnutls-openssl27:amd64  
  gnutls28 (3.3.8-6+deb8u6) jessie-security; urgency=high
  
    * 56_CVE-2017-7507_1-ext-status_request-ensure-response-IDs-are-pro.patch
      56_CVE-2017-7507_2-ext-status_request-Removed-the-parsing-of-resp.patch
      56_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-docum.patch
      from upstream gnutls_3_3_x branch: Fix crash upon receiving
      well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
      Closes: #864560

  Source libffi, binaries: libffi6:amd64  
  libffi (3.1-2+deb8u1) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * debian/patches:
      - 01_add_missing_GNU_STACK_markings, fix requirement on an executable
        stack on x86_32 (CVE-2017-1000376)                        closes: #751907
    * debian/rules:
      - enable pax_emutramp

  Source sudo, binaries: sudo:amd64  
  sudo (1.8.10p3-1+deb8u4) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * CVE-2017-1000367: Fix parsing of /proc/[pid]/stat

  Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
  linux (3.16.43-2+deb8u1) jessie-security; urgency=high
  
    [ Ben Hutchings ]
    * tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
      (CVE-2017-0605)
    * ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487)
    * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
    * nfsd4: minor NFSv2/v3 write decoding cleanup
    * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
    * media: dvb-usb-v2: avoid use-after-free (CVE-2017-8064)
    * dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
    * USB: serial: io_ti: fix information leak in completion handler
      (CVE-2017-8924)
    * USB: serial: omninet: fix reference leaks at open (CVE-2017-8925)
    * ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
    * ipv6: Check ip6_find_1stfragopt() return value properly.
    * ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
    * ipv6: Fix leak in ipv6_gso_segment().
    * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
    * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076,
      CVE-2017-9077)
    * ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)
  
    [ Salvatore Bonaccorso ]
    * mm: enlarge stack guard gap (CVE-2017-1000364)
    * mm: allow to configure stack gap size
    * mm, proc: cap the stack gap for unpopulated growing vmas
    * mm: do not collapse stack gap into THP
    * fold me "mm: allow to configure stack gap size"

  Source libtasn1-6, binaries: libtasn1-6:amd64  
  libtasn1-6 (4.2-3+deb8u3) jessie-security; urgency=high
  
    * Non-maintainer upload by the Wheezy LTS Team.
    * CVE-2017-6891 (Closes: #863186)
      two errors in the "asn1_find_node()" function (lib/parser_aux.c)
      can be exploited to cause a stacked-based buffer overflow.

  Source perl, binaries: perl-base:amd64
  Source libgcrypt20, binaries: libgcrypt20:amd64  
  libgcrypt20 (1.6.3-2+deb8u3) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * ecc: Store EdDSA session key in secure memory (CVE-2017-9526)
    * secmem: Fix SEGV and stat calculation

  Source debian-archive-keyring, binaries: debian-archive-keyring:amd64  
  debian-archive-keyring (2017.5~deb8u1) jessie; urgency=medium
  
    * Team upload.
    * Update jessie with 2017.5, closes: #860831, 860830, 863303
  
  debian-archive-keyring (2017.5) unstable; urgency=medium
  
    * Team upload.
    * Add Debian Stable Release Key (9/stretch) (ID: EF0F382A1A7B6500)
      (Closes: #860831)
    * Add Debian Archive Automatic Signing Key (9/stretch) (ID: E0B11894F66AEC98)
      and Debian Security Archive Automatic Signing Key (9/stretch)
      (ID: EDA0D2388AE22BA9) (Closes: #860830)
    * Move the squeeze keys to the removed keyring (Closes: #863303)
    * Update the maintainer README to document removing keys


-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"You can't barbecue lettuce!" -- Ellie Crane

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Bug#852569: cloud-initramfs-tools: Update udevadm path
Next by Date: Stretch openstack image updated to version 9.0.1-20180620
Previous by thread: Bug#852569: cloud-initramfs-tools: Update udevadm path
Next by thread: Stretch openstack image updated to version 9.0.1-20180620
Index(es):
- Date
- Thread