Author: renodr
Date: Wed Jun 3 19:46:47 2020
New Revision: 1576
Log:
Errata: Add errata for D-Bus vulnerability in LFS
Errata: Add errata for Perl vulnerabilities in LFS
Errata: Add errata for D-Bus vulnerabiility in BLFS
Errata: Update errata for node.js and nghttp2 in systemd so that it uses the
correct book variant
Modified:
html/trunk/blfs/errata/9.1-systemd/index.html
html/trunk/blfs/errata/9.1/index.html
html/trunk/lfs/errata/9.1-systemd/index.html
html/trunk/lfs/errata/9.1/index.html
Modified: html/trunk/blfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1-systemd/index.html Wed Jun 3 12:42:14
2020 (r1575)
+++ html/trunk/blfs/errata/9.1-systemd/index.html Wed Jun 3 19:46:47
2020 (r1576)
@@ -232,9 +232,17 @@
nghttp2 and node-js. To fix these vulnerabilities, update to
node-v12.18.0 or higher and nghttp2-1.41.0 or higher using the
instructions in
- <a href="../../view/svn/basicnet/nghttp2.html">nghttp2-1.41.0</a>
- and <a href="../../view/svn/general/nodejs.html">Node.js-12.18.0</a>,
+ <a href="../../view/systemd/basicnet/nghttp2.html">nghttp2-1.41.0</a>
+ and <a
href="../../view/systemd/general/nodejs.html">Node.js-12.18.0</a>,
respectively.</li>
+ <li>After release, a security vulnerability was identified in D-Bus that
+ could allow for a local attacker to run the D-Bus Daemon out of file
+ descriptors by repeatedly connecting to the system-wide D-Bus Daemon
+ and sending file descriptors that would get leaked. To fix this
+ vulnerability, update to dbus-1.12.18 or higher using the
+ instructions in
+ <a href="../../view/systemd/general/dbus.html">dbus-1.12.18</a>.</li>
+
</ul>
Modified: html/trunk/blfs/errata/9.1/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1/index.html Wed Jun 3 12:42:14 2020
(r1575)
+++ html/trunk/blfs/errata/9.1/index.html Wed Jun 3 19:46:47 2020
(r1576)
@@ -233,7 +233,13 @@
<a href="../../view/svn/basicnet/nghttp2.html">nghttp2-1.41.0</a>
and <a href="../../view/svn/general/nodejs.html">Node.js-12.18.0</a>,
respectively.</li>
-
+ <li>After release, a security vulnerability was identified in D-Bus that
+ could allow for a local attacker to run the D-Bus Daemon out of file
+ descriptors by repeatedly connecting to the system-wide D-Bus Daemon
+ and sending file descriptors that would get leaked. To fix this
+ vulnerability, update to dbus-1.12.18 or higher using the
+ instructions in
+ <a href="../../view/svn/general/dbus.html">dbus-1.12.18</a>.</li>
</ul>
<!--#include virtual="/common/footer.html" -->
Modified: html/trunk/lfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1-systemd/index.html Wed Jun 3 12:42:14
2020 (r1575)
+++ html/trunk/lfs/errata/9.1-systemd/index.html Wed Jun 3 19:46:47
2020 (r1576)
@@ -40,6 +40,25 @@
prevents "catastrophic backtracking".
To patch it, upgrade to Python-3.8.3 using the instructions in
<a
href="../../view/systemd/chapter06/python.html">Python-3.8.3</a>.</li>
+ <li>CVE-2020-10543: Buffer overflow caused by a crafted regular
+ expression in Perl. To patch it, upgrade to Perl-5.30.3 using
+ the instructions in
+ <a
href="../../view/systemd/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ <li>CVE-2020-10878: Integer overflow via malformed bytecode produced
+ by a crafted regular expression. To patch it, upgrade to
+ Perl-5.30.3 using the instructions in
+ <a
href="../../view/systemd/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ <li>CVE-2020-12723: Buffer overflow caused by a crafed regular
+ expression. To patch it, upgrade to Perl-5.30.3 using the
+ instructions in
+ <a
href="../../view/systemd/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ <li>CVE-2020-12049: Denial of service problem caused by overloading
+ file descriptors in D-Bus. A local attacker could cause the
+ system D-Bus daemon to run out of file descriptors by repeatedly
+ connecting to the server and sending FDs that would get leaked.
+ To patch this vulnerability, upgrade ot D-Bus-1.12.18 using the
+ instructions in
+ <a
href="../../view/systemd/chapter06/dbus.html">D-Bus-1.12.18</a>.</li>
</ul>
<!--
Modified: html/trunk/lfs/errata/9.1/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1/index.html Wed Jun 3 12:42:14 2020
(r1575)
+++ html/trunk/lfs/errata/9.1/index.html Wed Jun 3 19:46:47 2020
(r1576)
@@ -41,6 +41,18 @@
prevents "catastrophic backtracking".
To patch it, upgrade to Python-3.8.3 using the instructions in
<a
href="../../view/development/chapter06/python.html">Python-3.8.3</a>.</li>
+ <li>CVE-2020-10543: Buffer overflow caused by a crafted regular
+ expression in Perl. To patch it, upgrade to Perl-5.30.3 using
+ the instructions in
+ <a
href="../../view/development/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ <li>CVE-2020-10878: Integer overflow via malformed bytecode produced
+ by a crafted regular expression. To patch it, upgrade to
+ Perl-5.30.3 using the instructions in
+ <a
href="../../view/development/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ <li>CVE-2020-12723: Buffer overflow caused by a crafed regular
+ expression. To patch it, upgrade to Perl-5.30.3 using the
+ instructions in
+ <a
href="../../view/development/chapter06/perl.html">Perl-5.30.3</a>.</li>
</ul>
<h2>Miscellaneous Errata</h2>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
