[website] r1499 - in html/trunk: blfs/errata/9.0 blfs/errata/9.0-systemd lfs/errata/9.0 lfs/errata/9.0-systemd

Tue, 08 Oct 2019 10:47:06 -0700 

Author: renodr
Date: Tue Oct  8 10:46:42 2019
New Revision: 1499

Log:
Add errata for systemd-241 vulnerability and e2fsprogs vulnerability to LFS
Add errata for systemd-241, ruby, and unbound to BLFS

Modified:
   html/trunk/blfs/errata/9.0-systemd/index.html
   html/trunk/blfs/errata/9.0/index.html
   html/trunk/lfs/errata/9.0-systemd/index.html
   html/trunk/lfs/errata/9.0/index.html

Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html       Tue Sep 17 13:41:34 
2019        (r1498)
+++ html/trunk/blfs/errata/9.0-systemd/index.html       Tue Oct  8 10:46:42 
2019        (r1499)
@@ -81,6 +81,22 @@
      <a 
href="../../view/systemd/gnome/evolution-data-server.html">evolution-data-server-3.34.0</a>
 and
      <a href="../../view/systemd/gnome/evolution.html">evolution-3.34.0</a> 
respectively.</p>
 
+     <p>After release, several vulnerabilites were discovered in the rdoc 
implementation of
+     Ruby. The BLFS team recommends updating to the latest version of Ruby 
ASAP using the
+     instrunctions in
+     <a href="../../view/systemd/general/ruby.html">Ruby-2.6.5</a>.</p>
+
+     <p>After release, a vulnerability was discovered in Unbound that allows 
remote attackers
+     to crash the process. To fix this, update to the latest version of 
Unbound using the
+     instructions in
+     <a href="../../view/systemd/server/unbound.html">Unbound-1.9.4</a>.</p>
+
+     <p>After release, an access control bypass vulnerability was discovered 
in systemd-241.
+     The BLFS team recommends applying the patch listed below immediately
+     and rebuilding systemd, followed by a reboot:
+     <a 
href="http://linuxfromscratch.org/patches/downloads/systemd/systemd-241-security_patch-1.patch";>
+     systemd-241-security_patch-1.patch</a>.</p>
+
      <h2>Known Security Vulnerabilities</h2>
      
      <p>A few packages are good at reporting that a new

Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html       Tue Sep 17 13:41:34 2019        
(r1498)
+++ html/trunk/blfs/errata/9.0/index.html       Tue Oct  8 10:46:42 2019        
(r1499)
@@ -92,6 +92,16 @@
      <a 
href="../../view/svn/gnome/evolution-data-server.html">evolution-data-server-3.34.0</a>
 and
      <a href="../../view/svn/gnome/evolution.html">evolution-3.34.0</a> 
respectively.</p>
 
+     <p>After release, several vulnerabilites were discovered in the rdoc 
implementation of
+     Ruby. The BLFS team recommends updating to the latest version of Ruby 
ASAP using the
+     instrunctions in
+     <a href="../../view/svn/general/ruby.html">Ruby-2.6.5</a>.</p>
+
+     <p>After release, a vulnerability was discovered in Unbound that allows 
remote attackers
+     to crash the process. To fix this, update to the latest version of 
Unbound using the
+     instructions in
+     <a href="../../view/svn/server/unbound.html">Unbound-1.9.4</a>.</p>
+
 <!--
      <p>A vulnerability with available exploits in all recent versions of
      ghostscript has been fixed in the development book by patching gs-9.25.

Modified: html/trunk/lfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/9.0-systemd/index.html        Tue Sep 17 13:41:34 
2019        (r1498)
+++ html/trunk/lfs/errata/9.0-systemd/index.html        Tue Oct  8 10:46:42 
2019        (r1499)
@@ -25,6 +25,12 @@
             <li>OpenSSL: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547
             (Medium to Low). Upgrade to OpenSSL-1.1.1d using the instructions 
in
             <a 
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1d</a>.</li>
+            <li>e2fsprogs: CVE-2019-5094 (buffer overruns in e2fsck).
+            Update to e2fsprogs-1.45.4 or later using the instructions in
+            <a 
href="../../view/development/chapter06/e2fsprogs.html">e2fsprogs-1.45.4</a>.</li>
+            <li>systemd: CVE-2019-6454 (access control bypass). Apply
+            <a 
href="http://linuxfromscratch.org/patches/downloads/systemd/systemd-241-security_patch-1.patch";>
+            systemd-241-security_patch-1.patch</a> to systemd and 
rebuild.</p></li>
           </ul>
 
        <h2>Miscellaneous Errata</h2>

Modified: html/trunk/lfs/errata/9.0/index.html
==============================================================================
--- html/trunk/lfs/errata/9.0/index.html        Tue Sep 17 13:41:34 2019        
(r1498)
+++ html/trunk/lfs/errata/9.0/index.html        Tue Oct  8 10:46:42 2019        
(r1499)
@@ -25,6 +25,9 @@
             <li>OpenSSL: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547
             (Medium to Low). Upgrade to OpenSSL-1.1.1d using the instructions 
in
             <a 
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1d</a>.</li>
+            <li>e2fsprogs: CVE-2019-5094 (buffer overruns in e2fsck).
+            Update to e2fsprogs-1.45.4 or later using the instructions in
+            <a 
href="../../view/development/chapter06/e2fsprogs.html">e2fsprogs-1.45.4</a>.</li>
           </ul>
 
        <h2>Miscellaneous Errata</h2>
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to