Author: renodr
Date: Tue Sep 17 13:39:08 2019
New Revision: 1497
Log:
Add errata for known security updates as of 9/17/2019 in LFS and BLFS.
Modified:
html/trunk/blfs/errata/9.0-systemd/index.html
html/trunk/blfs/errata/9.0/index.html
html/trunk/lfs/errata/9.0-systemd/index.html
html/trunk/lfs/errata/9.0/index.html
Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html Sun Sep 8 20:42:33
2019 (r1496)
+++ html/trunk/blfs/errata/9.0-systemd/index.html Tue Sep 17 13:39:08
2019 (r1497)
@@ -20,6 +20,67 @@
Firefox-69.0 using the instructions in
<a href="../../view/systemd/xsoft/firefox.html">Firefox-69.0</a>.</p>
+ <p>After release, a vulnerability was discovered in the version of PHP
+ shipped with BLFS 9.0. The BLFS team recommends updating to the latest
version
+ of PHP in the instructions here:
+ <a href="../../view/systemd/general/php.html">PHP-7.3.9</a>.</p>
+
+ <p>After release, several high and critical severity vulnerabilities were
+ patched in Seamonkey-2.49.5. The BLFS team highly recommends updating to
+ Seamonkey-2.49.5 using the instructions in
+ <a
href="../../view/systemd/xsoft/seamonkey.html">Seamonkey-2.49.5</a>.</p>
+
+ <p>After release, vulnerabilities were discovered in the version of Glib
+ shipped with BLFS 9.0. To fix these, update to glib-2.60.7 or later
+ (glib-2.62.0 is in at the time of this errata) using the instructions in
+ <a href="../../view/systemd/general/glib2.html">GLib-2.60.7</a>.</p>
+
+ <p>After release, a Use-After-Free vulnerability was discovered in
+ gnome-bluetooth when used in gnome-shell with malicious extensions. To fix
+ this, upgrade to gnome-bluetooth-3.34.0 using the instructions in
+ <a
href="../../view/systemd/gnome/gnome-bluetooth.html">gnome-bluetooth-3.24.0</a>.</p>
+
+ <p>After release, a vulnerability was discovered in libjpeg-turbo. To fix
this,
+ upgrade to libjpeg-turbo-2.0.3 or later using the instructions in
+ <a
href="../../view/systemd/general/libjpeg.html">libjpeg-turbo-2.0.3</a>.</p>
+
+ <p>After release, a critical security vulnerability that allows root
access
+ was discovered in Exim. The BLFS team recommends upgrading to Exim-4.92.4
+ immediately to prevent exploitation. To upgrade, use the instructions in
+ <a href="../../view/systemd/server/exim.html">exim-4.92.2</a>.</p>
+
+ <p>After release, a use-after-free vulnerability was discoverd in
at-spi2-core.
+ To fix this, upgrade using the instructions in
+ <a
href="../../view/systemd/at-spi2-core.html">at-spi2-core-2.34.0</a>.</p>
+
+ <p>After release, several high and critical vulnerabilities were
discovered in
+ QtWebEngine (Chromium-based). The BLFS team recommends upgrading
immediately to
+ version 5.13.1 or later. To upgrade, upgrade to Qt-5.13.1 first and then
to
+ QtWebEngine-5.13.1 using the instructions in
+ <a href="../../view/systemd/x/qt5.html">Qt-5.13.1</a> and
+ <a href="../../view/systemd/x/qtwebengine.html">QtWebEngine-5.13.1</a>
respectively.</p>
+
+ <p>After release, two vulnerabilities were discovered in cURL. These are
+ double-free and heap-buffer-overflow vulnerabilities in TFTP and FTP
(with KRB)
+ support. If you don't have TFTP support enabled or Kerberos support
enabled,
+ disregard this notice. Otherwise, upgrade using the instructions in
+ <a href="../../view/systemd/basicnet/curl.html">cURL-7.66.0</a>.</p>
+
+ <p>After release, a potential Denial of Service vulnerability was
discovered
+ in DHCPCD. To fix this, upgrade to the latest version using the
instructions here:
+ <a href="../../view/systemd/basicnet/dhcpcd.html">dhcpcd-8.0.6</a>.</p>
+
+ <p>After release, a security vulnerability was discovered in Wireshark
that could lead
+ to a kernel panic or client crash when analyzing bluetooth packets. To
fix this,
+ upgrade to the latest version of Wireshark using the instructions in
+ <a
href="../../view/systemd/basicnet/wireshark.html">Wireshark-3.0.4</a>.</p>
+
+ <p>After release, a use-after-free vulnerability was discovered in
Evolution-Data-Server that
+ could lead to a denial of service condition. To fix this, upgrade to the
latest
+ version of evolution-data-server and evolution using the instructions in
+ <a
href="../../view/systemd/gnome/evolution-data-server.html">evolution-data-server-3.34.0</a>
and
+ <a href="../../view/systemd/gnome/evolution.html">evolution-3.34.0</a>
respectively.</p>
+
<h2>Known Security Vulnerabilities</h2>
<p>A few packages are good at reporting that a new
Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html Sun Sep 8 20:42:33 2019
(r1496)
+++ html/trunk/blfs/errata/9.0/index.html Tue Sep 17 13:39:08 2019
(r1497)
@@ -31,6 +31,67 @@
Firefox-69.0 using the instructions in
<a href="../../view/svn/xsoft/firefox.html">Firefox-69.0</a>.</p>
+ <p>After release, a vulnerability was discovered in the version of PHP
+ shipped with BLFS 9.0. The BLFS team recommends updating to the latest
version
+ of PHP in the instructions here:
+ <a href="../../view/svn/general/php.html">PHP-7.3.9</a>.</p>
+
+ <p>After release, several high and critical severity vulnerabilities were
+ patched in Seamonkey-2.49.5. The BLFS team highly recommends updating to
+ Seamonkey-2.49.5 using the instructions in
+ <a href="../../view/svn/xsoft/seamonkey.html">Seamonkey-2.49.5</a>.</p>
+
+ <p>After release, vulnerabilities were discovered in the version of Glib
+ shipped with BLFS 9.0. To fix these, update to glib-2.60.7 or later
+ (glib-2.62.0 is in at the time of this errata) using the instructions in
+ <a href="../../view/svn/general/glib2.html">GLib-2.60.7</a>.</p>
+
+ <p>After release, a Use-After-Free vulnerability was discovered in
+ gnome-bluetooth when used in gnome-shell with malicious extensions. To fix
+ this, upgrade to gnome-bluetooth-3.34.0 using the instructions in
+ <a
href="../../view/svn/gnome/gnome-bluetooth.html">gnome-bluetooth-3.24.0</a>.</p>
+
+ <p>After release, a vulnerability was discovered in libjpeg-turbo. To fix
this,
+ upgrade to libjpeg-turbo-2.0.3 or later using the instructions in
+ <a href="../../view/svn/general/libjpeg.html">libjpeg-turbo-2.0.3</a>.</p>
+
+ <p>After release, a critical security vulnerability that allows root
access
+ was discovered in Exim. The BLFS team recommends upgrading to Exim-4.92.4
+ immediately to prevent exploitation. To upgrade, use the instructions in
+ <a href="../../view/svn/server/exim.html">exim-4.92.2</a>.</p>
+
+ <p>After release, a use-after-free vulnerability was discoverd in
at-spi2-core.
+ To fix this, upgrade using the instructions in
+ <a href="../../view/svn/at-spi2-core.html">at-spi2-core-2.34.0</a>.</p>
+
+ <p>After release, several high and critical vulnerabilities were
discovered in
+ QtWebEngine (Chromium-based). The BLFS team recommends upgrading
immediately to
+ version 5.13.1 or later. To upgrade, upgrade to Qt-5.13.1 first and then
to
+ QtWebEngine-5.13.1 using the instructions in
+ <a href="../../view/svn/x/qt5.html">Qt-5.13.1</a> and
+ <a href="../../view/svn/x/qtwebengine.html">QtWebEngine-5.13.1</a>
respectively.</p>
+
+ <p>After release, two vulnerabilities were discovered in cURL. These are
+ double-free and heap-buffer-overflow vulnerabilities in TFTP and FTP
(with KRB)
+ support. If you don't have TFTP support enabled or Kerberos support
enabled,
+ disregard this notice. Otherwise, upgrade using the instructions in
+ <a href="../../view/svn/basicnet/curl.html">cURL-7.66.0</a>.</p>
+
+ <p>After release, a potential Denial of Service vulnerability was
discovered
+ in DHCPCD. To fix this, upgrade to the latest version using the
instructions here:
+ <a href="../../view/svn/basicnet/dhcpcd.html">dhcpcd-8.0.6</a>.</p>
+
+ <p>After release, a security vulnerability was discovered in Wireshark
that could lead
+ to a kernel panic or client crash when analyzing bluetooth packets. To
fix this,
+ upgrade to the latest version of Wireshark using the instructions in
+ <a href="../../view/svn/basicnet/wireshark.html">Wireshark-3.0.4</a>.</p>
+
+ <p>After release, a use-after-free vulnerability was discovered in
Evolution-Data-Server that
+ could lead to a denial of service condition. To fix this, upgrade to the
latest
+ version of evolution-data-server and evolution using the instructions in
+ <a
href="../../view/svn/gnome/evolution-data-server.html">evolution-data-server-3.34.0</a>
and
+ <a href="../../view/svn/gnome/evolution.html">evolution-3.34.0</a>
respectively.</p>
+
<!--
<p>A vulnerability with available exploits in all recent versions of
ghostscript has been fixed in the development book by patching gs-9.25.
Modified: html/trunk/lfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/9.0-systemd/index.html Sun Sep 8 20:42:33
2019 (r1496)
+++ html/trunk/lfs/errata/9.0-systemd/index.html Tue Sep 17 13:39:08
2019 (r1497)
@@ -22,7 +22,9 @@
<h2>Known Security Vulnerabilities</h2>
<ul>
- <li>There are no current security vulnerabilities for LFS
9.0-systemd.</li>
+ <li>OpenSSL: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547
+ (Medium to Low). Upgrade to OpenSSL-1.1.1d using the instructions
in
+ <a
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1d</a>.</li>
</ul>
<h2>Miscellaneous Errata</h2>
Modified: html/trunk/lfs/errata/9.0/index.html
==============================================================================
--- html/trunk/lfs/errata/9.0/index.html Sun Sep 8 20:42:33 2019
(r1496)
+++ html/trunk/lfs/errata/9.0/index.html Tue Sep 17 13:39:08 2019
(r1497)
@@ -22,7 +22,9 @@
<h2>Known Security Vulnerabilities</h2>
<ul>
- <li>There are no current security vulnerabilities for LFS 9.0.</li>
+ <li>OpenSSL: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547
+ (Medium to Low). Upgrade to OpenSSL-1.1.1d using the instructions
in
+ <a
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1d</a>.</li>
</ul>
<h2>Miscellaneous Errata</h2>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
