Jessie openstack image updated to version 8.9.6-20170921

To: debian-cloud@lists.debian.org
Subject: Jessie openstack image updated to version 8.9.6-20170921
From: Steve McIntyre <steve@einval.com>
Date: Thu, 21 Sep 2017 21:19:14 +0100
Message-id: <[🔎] 20170921201914.nivtbuyvzygqsyfz@tack.einval.com>

Just released, including security updates:

8.9.6-20170921

Updates in 2 source package(s), 2 binary package(s):

  Source perl, binaries: perl-base:amd64  
  perl (5.20.2-3+deb8u9) jessie-security; urgency=high
  
    * Update upstream base.pm no-dot-in-inc fix patch description.
    * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
      expression compiler. (Closes: #875596)
    * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
      expression parser.   (Closes: #875597)
      + also includes a separate upstream fix from the 5.23 cycle

  Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
  linux (3.16.43-2+deb8u5) jessie-security; urgency=medium
  
    * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
  
  linux (3.16.43-2+deb8u4) jessie-security; urgency=high
  
    * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
    * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
      CVE-2017-1000371)
    * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
    * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
      (CVE-2017-1000380)
    * timerfd: Protect the might cancel mechanism proper (CVE-2017-10661)
    * xfrm: policy: check policy direction value (CVE-2017-11600)
    * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
    * ipv6: Should use consistent conditional judgement for ip6 fragment
      between __ip6_append_data and ip6_finish_output
    * udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
    * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
    * nl80211: check for the required netlink attributes presence (CVE-2017-12153)
    * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
    * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
    * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
    * Sanitize 'move_pages()' permission checks (CVE-2017-14140)
    * video: fbdev: aty: do not leak uninitialized padding in clk to userspace
      (CVE-2017-14156)
    * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
      (CVE-2017-14340)
    * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
      (CVE-2017-14489)
    * Bluetooth: Properly check L2CAP config option output buffer length
      (CVE-2017-1000251) (Closes: #875881)

https://cloud.debian.org/images/openstack/current-8/


-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
< liw> everything I know about UK hotels I learned from "Fawlty Towers"

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Stretch openstack images updated to version 9.1.7-20170921
Next by Date: Bug#876464: cloud.debian.org: vagrant home directory has no files from /etc/skel
Previous by thread: Stretch openstack images updated to version 9.1.7-20170921
Next by thread: Bug#876464: cloud.debian.org: vagrant home directory has no files from /etc/skel
Index(es):
- Date
- Thread