Just released, including security updates: 8.9.6-20170921
Updates in 2 source package(s), 2 binary package(s): Source perl, binaries: perl-base:amd64 perl (5.20.2-3+deb8u9) jessie-security; urgency=high * Update upstream base.pm no-dot-in-inc fix patch description. * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular expression compiler. (Closes: #875596) * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular expression parser. (Closes: #875597) + also includes a separate upstream fix from the 5.23 cycle Source linux, binaries: linux-image-3.16.0-4-amd64:amd64 linux (3.16.43-2+deb8u5) jessie-security; urgency=medium * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan) linux (3.16.43-2+deb8u4) jessie-security; urgency=high * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518) * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371) * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380) * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (CVE-2017-1000380) * timerfd: Protect the might cancel mechanism proper (CVE-2017-10661) * xfrm: policy: check policy direction value (CVE-2017-11600) * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111) * ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output * udp: consistently apply ufo or fragmentation (CVE-2017-1000112) * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511) * nl80211: check for the required netlink attributes presence (CVE-2017-12153) * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154) * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051) * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106) * Sanitize 'move_pages()' permission checks (CVE-2017-14140) * video: fbdev: aty: do not leak uninitialized padding in clk to userspace (CVE-2017-14156) * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present (CVE-2017-14340) * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (CVE-2017-14489) * Bluetooth: Properly check L2CAP config option output buffer length (CVE-2017-1000251) (Closes: #875881) https://cloud.debian.org/images/openstack/current-8/ -- Steve McIntyre, Cambridge, UK. st...@einval.com < liw> everything I know about UK hotels I learned from "Fawlty Towers"
signature.asc
Description: PGP signature