Author: ken
Date: Tue Jun 23 08:34:51 2020
New Revision: 1587
Log:
Errata updates part2: remove version in the links, because at least perl will
soon have a newer verision, and because of the changes in what will be LFS-10
use the current versions but the old instructions.
Modified:
html/trunk/lfs/errata/9.1-systemd/index.html
html/trunk/lfs/errata/9.1/index.html
Modified: html/trunk/lfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1-systemd/index.html Tue Jun 23 08:10:22
2020 (r1586)
+++ html/trunk/lfs/errata/9.1-systemd/index.html Tue Jun 23 08:34:51
2020 (r1587)
@@ -29,36 +29,47 @@
<h2>Known Security Vulnerabilities</h2>
<ul>
<li>CVE-2020-1967: Crash in OpenSSL during or after a TLS 1.3
handshake.
- To patch it, upgrade to OpenSSL-1.1.1g using the instructions in
- <a
href="../../view/systemd/chapter08/openssl.html">OpenSSL-1.1.1g</a>.</li>
+ To patch it, upgrade to OpenSSL-1.1.1g or later using the
instructions
+ from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/openssl.html">OpenSSL</a>
+ from the development book.</li>
<li>CVE-2019-18348: potential for malicious HTTP header injection
if the
attacker controls the url parameter followed by an HTTP header.
- To patch it, upgrade to Python-3.8.3 using the instructions in
- <a
href="../../view/systemd/chapter08/Python.html">Python-3.8.3</a>.</li>
+ To patch it, upgrade to Python-3.8.3 or later using the
instructions
+ from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/Python.html">Python</a>
+ from the development book.</li>
<li>CVE-2020-8492: Inefficient regular expression in urllib can be
exploited
to cause a denial of service. The regex was fixed in
Python-3.8.3 and
prevents "catastrophic backtracking".
- To patch it, upgrade to Python-3.8.3 using the instructions in
- <a
href="../../view/systemd/chapter08/Python.html">Python-3.8.3</a>.</li>
+ To patch it, upgrade to Python-3.8.3 or later using the
instructions
+ from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/Python.html">Python</a>
+ from the development book.</li>
<li>CVE-2020-10543: Buffer overflow caused by a crafted regular
- expression in Perl. To patch it, upgrade to Perl-5.30.3 using
- the instructions in
- <a
href="../../view/systemd/chapter08/perl.html">Perl-5.30.3</a>.</li>
+ expression in Perl. To patch it, upgrade to Perl-5.30.3 or
later using
+ the instructions from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/perl.html">Perl</a>
+ from the development book.</li>
<li>CVE-2020-10878: Integer overflow via malformed bytecode produced
by a crafted regular expression. To patch it, upgrade to
- Perl-5.30.3 using the instructions in
- <a
href="../../view/systemd/chapter08/perl.html">Perl-5.30.3</a>.</li>
+ Perl-5.30.3 or later using the instructions from the 9.1 book
with
+ the version of
+ <a href="../../view/systemd/chapter08/perl.html">Perl</a>
+ from the development book.</li>
<li>CVE-2020-12723: Buffer overflow caused by a crafed regular
- expression. To patch it, upgrade to Perl-5.30.3 using the
- instructions in
- <a
href="../../view/systemd/chapter08/perl.html">Perl-5.30.3</a>.</li>
+ expression. To patch it, upgrade to Perl-5.30.3 or later using
the
+ instructions from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/perl.html">Perl</a>
+ from the development book.</li>
<li>CVE-2020-12049: Denial of service problem caused by overloading
file descriptors in D-Bus. A local attacker could cause the
system D-Bus daemon to run out of file descriptors by repeatedly
connecting to the server and sending FDs that would get leaked.
- To patch this vulnerability, upgrade ot D-Bus-1.12.18 using the
- instructions in
- <a
href="../../view/systemd/chapter08/dbus.html">D-Bus-1.12.18</a>.</li>
+ To patch this vulnerability, upgrade to D-Bus-1.12.18 or later
+ using the instructions from the 9.1 book with the version of
+ <a href="../../view/systemd/chapter08/dbus.html">D-Bus</a>
+ from the development book.</li>
</ul>
<!--
Modified: html/trunk/lfs/errata/9.1/index.html
==============================================================================
--- html/trunk/lfs/errata/9.1/index.html Tue Jun 23 08:10:22 2020
(r1586)
+++ html/trunk/lfs/errata/9.1/index.html Tue Jun 23 08:34:51 2020
(r1587)
@@ -30,29 +30,39 @@
<h2>Known Security Vulnerabilities</h2>
<ul>
<li>CVE-2020-1967: Crash in OpenSSL during or after a TLS 1.3
handshake.
- To patch it, upgrade to OpenSSL-1.1.1g using the instructions in
- <a
href="../../view/development/chapter08/openssl.html">OpenSSL-1.1.1g</a>.</li>
+ To patch it, upgrade to OpenSSL-1.1.1g or later using the
instructions
+ from the 9.1 book with the version of
+ <a
href="../../view/development/chapter08/openssl.html">OpenSSL</a>
+ from the development book.</li>
<li>CVE-2019-18348: potential for malicious HTTP header injection
if the
attacker controls the url parameter followed by an HTTP header.
- To patch it, upgrade to Python-3.8.3 using the instructions in
- <a
href="../../view/development/chapter08/Python.html">Python-3.8.3</a>.</li>
+ To patch it, upgrade to Python-3.8.3 or later using the
instructions
+ from the 9.1 book with the version of
+ <a
href="../../view/development/chapter08/Python.html">Python</a>
+ from the development book.</li>
<li>CVE-2020-8492: Inefficient regular expression in urllib can be
exploited
to cause a denial of service. The regex was fixed in
Python-3.8.3 and
prevents "catastrophic backtracking".
- To patch it, upgrade to Python-3.8.3 using the instructions in
- <a
href="../../view/development/chapter08/Python.html">Python-3.8.3</a>.</li>
+ To patch it, upgrade to Python-3.8.3 or later using the
instructions
+ from the 9.1 book with the version of
+ <a
href="../../view/development/chapter08/Python.html">Python</a>
+ from the development book.</li>
<li>CVE-2020-10543: Buffer overflow caused by a crafted regular
- expression in Perl. To patch it, upgrade to Perl-5.30.3 using
- the instructions in
- <a
href="../../view/development/chapter08/perl.html">Perl-5.30.3</a>.</li>
+ expression in Perl. To patch it, upgrade to Perl-5.30.3 or
later using
+ the instructions from the 9.1 book with the version of
+ <a href="../../view/development/chapter08/perl.html">Perl</a>
+ from the development book.</li>
<li>CVE-2020-10878: Integer overflow via malformed bytecode produced
by a crafted regular expression. To patch it, upgrade to
- Perl-5.30.3 using the instructions in
- <a
href="../../view/development/chapter06/perl.html">Perl-5.30.3</a>.</li>
+ Perl-5.30.3 or later using the instructions from the 9.1 book
with
+ the version of
+ <a href="../../view/development/chapter06/perl.html">Perl</a>
+ from the development book.</li>
<li>CVE-2020-12723: Buffer overflow caused by a crafed regular
- expression. To patch it, upgrade to Perl-5.30.3 using the
- instructions in
- <a
href="../../view/development/chapter08/perl.html">Perl-5.30.3</a>.</li>
+ expression. To patch it, upgrade to Perl-5.30.3 or later using
the
+ instructions from the 9.1 book with the version of
+ <a
href="../../view/development/chapter08/perl.html">Perl-5.30</a>
+ from the development book.</li>
</ul>
<!--
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
