Author: renodr
Date: Sat May 16 08:47:01 2020
New Revision: 1560
Log:
Errata: Add errata for python3 urllib vulnerabilities
Errata: Add errata for MariaDB vulnerabilities
Errata: Add errata for p7zip vulnerabilities
Errata: Update fontforge errata in systemd to point to the systemd version of
the book instead of SysV
Modified:
html/trunk/blfs/errata/9.1-systemd/index.html
html/trunk/blfs/errata/9.1/index.html
html/trunk/lfs/errata/9.1-systemd/index.html
html/trunk/lfs/errata/9.1/index.html
Modified: html/trunk/blfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1-systemd/index.html Tue May 12 12:21:13
2020 (r1559)
+++ html/trunk/blfs/errata/9.1-systemd/index.html Sat May 16 08:47:01
2020 (r1560)
@@ -165,9 +165,16 @@
<li>Various security vulnerabilities have been found in the old
version of fontforge we were using. These can be fixed by updating
to fontforge-20200314 using the instructions in
- <a href="../../view/svn/xsoft/fontforge.html">fontforge-20200314</a>.
- </li>
-
+ <a
href="../../view/systemd/xsoft/fontforge.html">fontforge-20200314</a>.</li>
+ <li>After release, several security vulnerabilities were patched in p7zip
+ while fixing the book to support GCC-10. To fix these
vulnerabilities,
+ apply the patch in the page below and rebuild p7zip:
+ <a href="../../view/systemd/general/p7zip.html">p7zip-16.02</a>.</li>
+ <li>After release, four security vulnerabilities were discovered
+ in MariaDB. These four vulnerabilities are marked "Medium" in the
+ NVD database. If you wish to fix them, update to MariaDB-10.4.13
+ or later using the instructions in
+ <a
href="../../view/systemd/server/mariadb.html">MariaDB-10.4.13</a>.</li>
</ul>
Modified: html/trunk/blfs/errata/9.1/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1/index.html Tue May 12 12:21:13 2020
(r1559)
+++ html/trunk/blfs/errata/9.1/index.html Sat May 16 08:47:01 2020
(r1560)
@@ -163,8 +163,16 @@
<li>Various security vulnerabilities have been found in the old
version of fontforge we were using. These can be fixed by updating
to fontforge-20200314 using the instructions in
- <a href="../../view/svn/xsoft/fontforge.html">fontforge-20200314</a>.
- </li>
+ <a
href="../../view/svn/xsoft/fontforge.html">fontforge-20200314</a>.</li>
+ <li>After release, several security vulnerabilities were patched in p7zip
+ while fixing the book to support GCC-10. To fix these
vulnerabilities,
+ apply the patch in the page below and rebuild p7zip:
+ <a href="../../view/svn/general/p7zip.html">p7zip-16.02</a>.</li>
+ <li>After release, four security vulnerabilities were discovered
+ in MariaDB. These four vulnerabilities are marked "Medium" in the
+ NVD database. If you wish to fix them, update to MariaDB-10.4.13
+ or later using the instructions in
+ <a
href="../../view/svn/server/mariadb.html">MariaDB-10.4.13</a>.</li>
</ul>
Modified: html/trunk/lfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1-systemd/index.html Tue May 12 12:21:13
2020 (r1559)
+++ html/trunk/lfs/errata/9.1-systemd/index.html Sat May 16 08:47:01
2020 (r1560)
@@ -30,7 +30,16 @@
<ul>
<li>CVE-2020-1967: Crash in OpenSSL during or after a TLS 1.3
handshake.
To patch it, upgrade to OpenSSL-1.1.1g using the instructions in
- <a
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1g</a>.</li>
+ <a
href="../../view/systemd/chapter06/openssl.html">OpenSSL-1.1.1g</a>.</li>
+ <li>CVE-2019-18348: potential for malicious HTTP header injection
if the
+ attacker controls the url parameter followed by an HTTP header.
+ To patch it, upgrade to Python-3.8.3 using the instructions in
+ <a
href="../../view/systemd/chapter06/python.html">Python-3.8.3</a>.</li>
+ <li>CVE-2020-8492: Inefficient regular expression in urllib can be
exploited
+ to cause a denial of service. The regex was fixed in
Python-3.8.3 and
+ prevents "catastrophic backtracking".
+ To patch it, upgrade to Python-3.8.3 using the instructions in
+ <a
href="../../view/systemd/chapter06/python.html">Python-3.8.3</a>.</li>
</ul>
<!--
Modified: html/trunk/lfs/errata/9.1/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1/index.html Tue May 12 12:21:13 2020
(r1559)
+++ html/trunk/lfs/errata/9.1/index.html Sat May 16 08:47:01 2020
(r1560)
@@ -32,6 +32,15 @@
<li>CVE-2020-1967: Crash in OpenSSL during or after a TLS 1.3
handshake.
To patch it, upgrade to OpenSSL-1.1.1g using the instructions in
<a
href="../../view/development/chapter06/openssl.html">OpenSSL-1.1.1g</a>.</li>
+ <li>CVE-2019-18348: potential for malicious HTTP header injection
if the
+ attacker controls the url parameter followed by an HTTP header.
+ To patch it, upgrade to Python-3.8.3 using the instructions in
+ <a
href="../../view/development/chapter06/python.html">Python-3.8.3</a>.</li>
+ <li>CVE-2020-8492: Inefficient regular expression in urllib can be
exploited
+ to cause a denial of service. The regex was fixed in
Python-3.8.3 and
+ prevents "catastrophic backtracking".
+ To patch it, upgrade to Python-3.8.3 using the instructions in
+ <a
href="../../view/development/chapter06/python.html">Python-3.8.3</a>.</li>
</ul>
<h2>Miscellaneous Errata</h2>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
