[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Stretch openstack images updated to version 9.1.7-20170921

Just released, including security updates:


Updates in 3 source package(s), 6 binary package(s):

  Source linux, binaries: linux-image-4.9.0-3-amd64:amd64 linux-image-4.9.0-3-arm64:arm64  
  linux (4.9.30-2+deb9u5) stretch-security; urgency=medium
    * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
  linux (4.9.30-2+deb9u4) stretch-security; urgency=high
    * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
    * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
    * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
    * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
    * xfrm: policy: check policy direction value (CVE-2017-11600)
    * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
    * ipv6: Should use consistent conditional judgement for ip6 fragment
      between __ip6_append_data and ip6_finish_output
    * udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
    * sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
    * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
    * driver core: platform: fix race condition with driver_override
    * nl80211: check for the required netlink attributes presence (CVE-2017-12153)
    * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
    * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
    * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
    * Sanitize 'move_pages()' permission checks (CVE-2017-14140)
    * video: fbdev: aty: do not leak uninitialized padding in clk to userspace
    * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
    * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
    * packet: Don't write vnet header beyond end of buffer (CVE-2017-14497)
    * Bluetooth: Properly check L2CAP config option output buffer length
      (CVE-2017-1000251) (Closes: #875881)
    * [x86] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (CVE-2017-1000252)

  Source pyjwt, binaries: python3-jwt:amd64 python3-jwt:arm64  
  pyjwt (1.4.2-1+deb9u1) stretch-security; urgency=medium
    * CVE-2017-11424

  Source perl, binaries: perl-base:amd64 perl-base:arm64  
  perl (5.24.1-3+deb9u2) stretch-security; urgency=high
    * Update upstream base.pm no-dot-in-inc fix patch description.
    * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
      expression compiler. (Closes: #875596)
    * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
      expression parser.   (Closes: #875597)


Steve McIntyre, Cambridge, UK.                                steve@einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...

Attachment: signature.asc
Description: PGP signature

Reply to: