Stretch openstack images updated to version 9.1.2-20170822

To: debian-cloud@lists.debian.org
Subject: Stretch openstack images updated to version 9.1.2-20170822
From: Steve McIntyre <steve@einval.com>
Date: Wed, 23 Aug 2017 02:14:30 +0100
Message-id: <[🔎] 20170823011430.vqluuf7ykdjfuno7@tack.einval.com>

Just released, including security updates:

9.1.2-20170822

Updates in 2 source package(s), 4 binary package(s):

  Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64  
  linux (4.9.30-2+deb9u3) stretch-security; urgency=high
  
    * [x86] drm/vmwgfx: limit the number of mip levels in
      vmw_gb_surface_define_ioctl() (CVE-2017-7346)
    * rxrpc: Fix several cases where a padded len isn't checked in ticket decode
      (CVE-2017-7482)
    * brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
      (CVE-2017-7541)
    * ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
    * [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
    * drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
    * xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
    * mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
    * fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
    * dentry name snapshots (CVE-2017-7533)

  Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64  
  qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high
  
    * actually apply the nbd server patches, not only include in debian/patches/
      Really closes: #865755, CVE-2017-9524
    * slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch
      Closes: #869171, CVE-2017-11434
    * exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
      Closes: #869173, CVE-2017-11334
    * usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch
      Closes: #867751, CVE-2017-10806
    * add reference to #869706 to
      xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
    * disable xhci recursive calls fix for now, as it causes instant crash
      (xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch)
      Reopens: #864219, CVE-2017-9375
      Closes: #869945
  
  qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high
  
    * net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch
      Closes: #863840, CVE-2017-9310
    * usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch
      Closes: #863943, CVE-2017-9330
    * ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch
      Closes: #864216, CVE-2017-9373
    * xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
      Closes: #864219, CVE-2017-9375
    * usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch
      Closes: #864568, CVE-2017-9374
    * nbd-ignore-SIGPIPE-CVE-2017-10664.patch
      Closes: #866674, CVE-2017-10664
    * nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch
      nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch
      Closes: #865755, CVE-2017-9524
    * xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
      Closes: CVE-2017-10911

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
We don't need no education.
We don't need no thought control.

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Jessie openstack image updated to version 8.9.2-20170822
Next by Date: Vagrant Boxes
Previous by thread: Jessie openstack image updated to version 8.9.2-20170822
Next by thread: Vagrant Boxes
Index(es):
- Date
- Thread