Stretch openstack image updated to version 9.0.2-20170623

To: debian-cloud@lists.debian.org
Subject: Stretch openstack image updated to version 9.0.2-20170623
From: Steve McIntyre <steve@einval.com>
Date: Fri, 23 Jun 2017 15:13:03 +0100
Message-id: <[🔎] 20170623141303.oziyyrisnh3e7l5f@einval.com>
In-reply-to: <[🔎] 20170620200057.ogzci3tvqyvao7mh@einval.com>
References: <[🔎] 20170620200057.ogzci3tvqyvao7mh@einval.com>

Thanks to Vincent Bernat for pointing out that the 9.0.1-20170620
rebuild was buggy and dod *not* contain the expected security
update. I've just filed a bug against the build script in
openstack-debian-images (#865648) and rebuilt again. We now have
9.0.2-20180623 and I've verified the contents now.

Apologies for any confusion... :-(

========================

Just released, including a stack of security updates:

9.0.2-20170623

Updates in 3 source package(s), 16 binary package(s):

  Source glibc, binaries: libc-bin:amd64 libc-l10n:amd64 libc6:amd64 locales:amd64 locales-all:amd64 multiarch-support:amd64 libc-bin:arm64 libc-l10n:arm64 libc6:arm64 locales:arm64 locales-all:arm64 multiarch-support:arm64  
  glibc (2.24-11+deb9u1) stretch-security; urgency=medium
  
    * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
      debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
      debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
      patches to protect the dynamic linker against stack clashes
      (CVE-2017-1000366).
    * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
      from upstream to allow usage of strcspn in ld.so.
    * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
      upstream to disable HWCAP for AT_SECURE programs.

  Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64  
  gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high
  
    * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
      well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
      Closes: #864560
    * Upload is identical to 3.5.8-6 except for the version number.

  Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64  
  linux (4.9.30-2+deb9u1) stretch-security; urgency=high
  
    * mm: enlarge stack guard gap (CVE-2017-1000364)
    * mm: allow to configure stack gap size
    * mm, proc: cap the stack gap for unpopulated growing vmas
    * mm, proc: drop priv parameter from is_stack
    * mm: do not collapse stack gap into THP
    * fold me "mm: allow to configure stack gap size"

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
  Mature Sporty Personal
  More Innovation More Adult
  A Man in Dandism
  Powered Midship Specialty

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Stretch openstack image updated to version 9.0.1-20180620
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Bug#865611: non-free repositories are enabled by default
Next by Date: Bug#865611: non-free repositories are enabled by default
Previous by thread: Stretch openstack image updated to version 9.0.1-20180620
Next by thread: Bug#863385: marked as done (cloud.debian.org: Latest stretch AMI (ami-772ab761) fails to launch successfully into VPCs)
Index(es):
- Date
- Thread