[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Jessie openstack image updated to version 8.9.2-20170822



Just released, including a security update:

8.9.1-20170822

Updates in 1 source package(s), 1 binary package(s):

 Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
 linux (3.16.43-2+deb8u3) jessie-security; urgency=high

   * regulator: core: Fix regualtor_ena_gpio_free not to access pin after
     freeing (CVE-2014-9940)
   * [x86] drm/vmwgfx: limit the number of mip levels in
     vmw_gb_surface_define_ioctl() (CVE-2017-7346)
   * rxrpc: Fix several cases where a padded len isn't checked in ticket decode
     (CVE-2017-7482)
   * brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
     (CVE-2017-7541)
   * ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
   * [x86] mm: Tighten x86 /dev/mem with zeroing reads (CVE-2017-7889)
   * [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
   * xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
   * mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
   * char: lp: fix possible integer overflow in lp_setup() (CVE-2017-1000363)
   * fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)

   [ Ben Hutchings ]
   * dentry name snapshots (CVE-2017-7533)

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Who needs computer imagery when you've got Brian Blessed?

Attachment: signature.asc
Description: Binary data


Reply to: