Author: renodr
Date: Wed Jun 24 08:52:10 2020
New Revision: 1590
Log:
Errata: add errata for cURL
Errata: add errata for libjpeg-turbo
Errata: Update errata for NTP
Modified:
html/trunk/blfs/errata/9.1-systemd/index.html
html/trunk/blfs/errata/9.1/index.html
Modified: html/trunk/blfs/errata/9.1-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1-systemd/index.html Tue Jun 23 14:46:17
2020 (r1589)
+++ html/trunk/blfs/errata/9.1-systemd/index.html Wed Jun 24 08:52:10
2020 (r1590)
@@ -100,11 +100,11 @@
null pointer dereference vulnerabilities. To fix these, update to
PHP-7.4.6 or later using the instructions in
<a href="../../view/systemd/general/php.html">PHP-7.4.6</a>.</li>
- <li>After release, three security vulnerabilities were discovered in
- NTP. These include uninitialized memory readings, forged packet
- DoS attacks, and unauthenticated time source attacks. To fix these,
- update to NTP-4.2.8p14 or later using the instructions in
- <a href="../../view/systemd/basicnet/ntp.html">NTP-4.2.8p14</a>.</li>
+ <li>After release, four security vulnerabilities were discovered in
+ NTP. These include uninitialized memory readings, memory leaks,
+ forged packet DoS attacks, and unauthenticated time source attacks.
+ To fix these, update to NTP-4.2.8p15 or later using the instructions
in
+ <a href="../../view/systemd/basicnet/ntp.html">NTP-4.2.8p15</a>.</li>
<li>After release, multiple security vulnerabilities were discovered in
WebkitGTK+ that allow for arbitrary code execution. It's recommended
by the developers of WebKitGTK+ that you update as soon as possible
@@ -259,6 +259,17 @@
of all certificates in a chain. To fix these vulnerabilities, update
to
mutt-1.14.4 or higher using the instructions at
<a href="../../view/systemd/basicnet/mutt.html">mutt-1.14.5</a>.</li>
+ <li>After release, multiple security vulnerabilities were discovered in
cURL.
+ One of these security vulnerabilities involves a partial password
leak,
+ and another involves overwriting local files with a certain flag
passed
+ to cURL. To fix these vulnerabilities, please update to cURL-7.71.0
+ immediately using the instructions in
+ <a href="../../view/systemd/basicnet/curl.html">cURL-7.71.0</a>.</li>
+ <li>After release, a security vulnerability was discovered in
libjpeg-turbo
+ prior to 2.0.5 that caused a buffer overrun in cjpeg and
tjLoadImage().
+ To fix this vulnerability, update to libjpeg-turbo-2.0.5 or later
using
+ the instructions in
+ <a
href="../../view/systemd/general/libjpeg.html">libjpeg-turbo-2.0.5</a>.</li>
</ul>
Modified: html/trunk/blfs/errata/9.1/index.html
==============================================================================
--- html/trunk/blfs/errata/9.1/index.html Tue Jun 23 14:46:17 2020
(r1589)
+++ html/trunk/blfs/errata/9.1/index.html Wed Jun 24 08:52:10 2020
(r1590)
@@ -98,11 +98,11 @@
null pointer dereference vulnerabilities. To fix these, update to
PHP-7.4.6 or later using the instructions in
<a href="../../view/svn/general/php.html">PHP-7.4.6</a>.</li>
- <li>After release, three security vulnerabilities were discovered in
- NTP. These include uninitialized memory readings, forged packet
- DoS attacks, and unauthenticated time source attacks. To fix these,
- update to NTP-4.2.8p14 or later using the instructions in
- <a href="../../view/svn/basicnet/ntp.html">NTP-4.2.8p14</a>.</li>
+ <li>After release, four security vulnerabilities were discovered in
+ NTP. These include uninitialized memory readings, memory leaks,
+ forged packet DoS attacks, and unauthenticated time source attacks.
+ To fix these, update to NTP-4.2.8p15 or later using the instructions
in
+ <a href="../../view/svn/basicnet/ntp.html">NTP-4.2.8p15</a>.</li>
<li>After release, multiple security vulnerabilities were discovered in
WebkitGTK+ that allow for arbitrary code execution. It's recommended
by the developers of WebKitGTK+ that you update as soon as possible
@@ -257,6 +257,17 @@
of all certificates in a chain. To fix these vulnerabilities, update
to
mutt-1.14.4 or higher using the instructions at
<a href="../../view/svn/basicnet/mutt.html">mutt-1.14.5</a>.</li>
+ <li>After release, multiple security vulnerabilities were discovered in
cURL.
+ One of these security vulnerabilities involves a partial password
leak,
+ and another involves overwriting local files with a certain flag
passed
+ to cURL. To fix these vulnerabilities, please update to cURL-7.71.0
+ immediately using the instructions in
+ <a href="../../view/svn/basicnet/curl.html">cURL-7.71.0</a>.</li>
+ <li>After release, a security vulnerability was discovered in
libjpeg-turbo
+ prior to 2.0.5 that caused a buffer overrun in cjpeg and
tjLoadImage().
+ To fix this vulnerability, update to libjpeg-turbo-2.0.5 or later
using
+ the instructions in
+ <a
href="../../view/svn/general/libjpeg.html">libjpeg-turbo-2.0.5</a>.</li>
</ul>
<!--#include virtual="/common/footer.html" -->
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
