Just released. Updates in 3 source package(s), 12 binary package(s): Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high * CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x: CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch Closes: #886532, CVE-2017-5715 * multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch Closes: #892041, CVE-2018-7550 * vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch Closes: #887392, CVE-2018-5683 * osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch Closes: CVE-2017-18043 * virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch Closes: #883625, CVE-2017-17381 * ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch Closes: #882136, CVE-2017-16845 * cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch Closes: #880832, CVE-2017-15289 * io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch Closes: #880836, CVE-2017-15268 * nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch Closes: #883399, CVE-2017-15119 * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch Closes: #877890, CVE-2017-15038 * CVE-2017-15124 (VNC server unbounded memory usage) fixes: CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch Closes: #884806, CVE-2017-15124 Source gnupg2, binaries: gnupg:amd64 gnupg-agent:amd64 gpgv:amd64 gnupg:arm64 gnupg-agent:arm64 gpgv:arm64 gnupg2 (2.1.18-8~deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * gpg: Sanitize diagnostic with the original file name (CVE-2018-12020) Source procps, binaries: libprocps6:amd64 procps:amd64 libprocps6:arm64 procps:arm64 procps (2:3.3.12-3+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * top: Do not default to the cwd in configs_read(). (CVE-2018-1122) * ps/output.c: Fix outbuf overflows in pr_args() etc. (CVE-2018-1123) * proc/readproc.c: Fix bugs and overflows in file2strvec(). (CVE-2018-1124) * pgrep: Prevent a potential stack-based buffer overflow (CVE-2018-1125) * proc/alloc.*: Use size_t, not unsigned int. (CVE-2018-1126) https://cloud.debian.org/images/openstack/current-9/ -- Steve McIntyre, Cambridge, UK. steve@einval.com < Aardvark> I dislike C++ to start with. C++11 just seems to be handing rope-creating factories for users to hang multiple instances of themselves.
Attachment:
signature.asc
Description: PGP signature