Thanks to Vincent Bernat for pointing out that the 9.0.1-20170620 rebuild was buggy and dod *not* contain the expected security update. I've just filed a bug against the build script in openstack-debian-images (#865648) and rebuilt again. We now have 9.0.2-20180623 and I've verified the contents now. Apologies for any confusion... :-( ======================== Just released, including a stack of security updates: 9.0.2-20170623 Updates in 3 source package(s), 16 binary package(s): Source glibc, binaries: libc-bin:amd64 libc-l10n:amd64 libc6:amd64 locales:amd64 locales-all:amd64 multiarch-support:amd64 libc-bin:arm64 libc-l10n:arm64 libc6:arm64 locales:arm64 locales-all:arm64 multiarch-support:arm64 glibc (2.24-11+deb9u1) stretch-security; urgency=medium * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff, debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff, debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add patches to protect the dynamic linker against stack clashes (CVE-2017-1000366). * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported from upstream to allow usage of strcspn in ld.so. * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from upstream to disable HWCAP for AT_SECURE programs. Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64 gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507 Closes: #864560 * Upload is identical to 3.5.8-6 except for the version number. Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64 linux (4.9.30-2+deb9u1) stretch-security; urgency=high * mm: enlarge stack guard gap (CVE-2017-1000364) * mm: allow to configure stack gap size * mm, proc: cap the stack gap for unpopulated growing vmas * mm, proc: drop priv parameter from is_stack * mm: do not collapse stack gap into THP * fold me "mm: allow to configure stack gap size" -- Steve McIntyre, Cambridge, UK. steve@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty
Attachment:
signature.asc
Description: PGP signature