[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Jessie openstack image updated to version 8.8.3-20170703



Just released, including a few security updates:

8.8.3-20170703

Updates in 3 source package(s), 3 binary package(s):

  Source expat, binaries: libexpat1:amd64  
  expat (2.1.0-6+deb8u4) jessie-security; urgency=high
  
    * Use upstream fix for the following vulnerabilities:
      - CVE-2017-9233, external entity infinite loop bug,
      - CVE-2016-9063, undefined behavior from signed integer
      overflow.

  Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
  linux (3.16.43-2+deb8u2) jessie-security; urgency=high
  
    * Revert previous fixes for CVE-2017-1000364 (Closes: #865303)
    * mm: larger stack guard gap, between vmas (CVE-2017-1000364)
    * mm: fix new crash in unmapped_area_topdown()

  Source libgcrypt20, binaries: libgcrypt20:amd64  
  libgcrypt20 (1.6.3-2+deb8u4) jessie-security; urgency=high
  
    * 22_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
      flush+reload side-channel attack on RSA secret keys dubbed
      "Sliding right
      into  disaster". For details see
      <https://eprint.iacr.org/2017/627>.
      [CVE-2017-7526]

-- Steve McIntyre <93sam@debian.org>  Mon, 03 Jul 2017 14:53:41 +0100

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds

Attachment: signature.asc
Description: PGP signature


Reply to: