Author: renodr
Date: Thu Feb 6 14:41:58 2020
New Revision: 1526
Log:
Add errata for Screen vulnerability and update node.js errata
Modified:
html/trunk/blfs/errata/9.0-systemd/index.html
html/trunk/blfs/errata/9.0/index.html
Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html Fri Jan 31 09:23:37
2020 (r1525)
+++ html/trunk/blfs/errata/9.0-systemd/index.html Thu Feb 6 14:41:58
2020 (r1526)
@@ -168,9 +168,10 @@
node.js, that leads to files being overwrited when installing packages.
These files get overwritten in whatever prefix you are installing node in,
and can include files in /usr/bin and /usr/sbin. This can lead to file
- deletion of files installed by other packages and other damage. Please
- update to node.js-12.14.0 as soon as possible using the instructions in
- <a href="../../view/systemd/general/nodejs.html">Node.JS-12.14.0</a>.</p>
+ deletion of files installed by other packages and other damage. Additional
+ flaws in the HTTP parser were also found. Please
+ update to node.js-12.15.0 as soon as possible using the instructions in
+ <a href="../../view/systemd/general/nodejs.html">Node.JS-12.15.0</a>.</p>
<p>After release, a series of security flaws was discovered in libarchive.
These include security fixes in the RAR5 reader, wide string processing,
@@ -179,6 +180,12 @@
instructions in
<a
href="../../view/systemd/general/libarchive.html">libarchive-3.4.1</a>.</p>
+ <p>After release, two security problems were found in GNU Screen. These
+ are primarily use-after-free and out-of-bounds access vulnerabilities.
+ To fix these, please update to Screen-4.8.0 or later using the
+ instructions in
+ <a href="../../view/systemd/general/screen.html">Screen-4.8.0</a>.</p>
+
<h2>Known Security Vulnerabilities</h2>
<p>A few packages are good at reporting that a new
Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html Fri Jan 31 09:23:37 2020
(r1525)
+++ html/trunk/blfs/errata/9.0/index.html Thu Feb 6 14:41:58 2020
(r1526)
@@ -173,9 +173,10 @@
node.js, that leads to files being overwrited when installing packages.
These files get overwritten in whatever prefix you are installing node in,
and can include files in /usr/bin and /usr/sbin. This can lead to file
- deletion of files installed by other packages and other damage. Please
- update to node.js-12.14.0 as soon as possible using the instructions in
- <a href="../../view/svn/general/nodejs.html">Node.JS-12.14.0</a>.</p>
+ deletion of files installed by other packages and other damage. Additional
+ flaws in the HTTP parser were also found. Please
+ update to node.js-12.15.0 as soon as possible using the instructions in
+ <a href="../../view/svn/general/nodejs.html">Node.JS-12.15.0</a>.</p>
<p>After release, a series of security flaws was discovered in libarchive.
These include security fixes in the RAR5 reader, wide string processing,
@@ -184,6 +185,12 @@
instructions in
<a href="../../view/svn/general/libarchive.html">libarchive-3.4.1</a>.</p>
+ <p>After release, two security problems were found in GNU Screen. These
+ are primarily use-after-free and out-of-bounds access vulnerabilities.
+ To fix these, please update to Screen-4.8.0 or later using the
+ instructions in
+ <a href="../../view/svn/general/screen.html">Screen-4.8.0</a>.</p>
+
<!--
<p>A vulnerability with available exploits in all recent versions of
ghostscript has been fixed in the development book by patching gs-9.25.
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
