Author: renodr
Date: Mon Feb 8 11:43:33 2021
New Revision: 1707
Log:
Advisories: Minor text fixes, primarily typos
For the Samba advisory for ZeroLogon, call it ZeroLogon instead of NetLogon
(NetLogon is the protocol used on Windows for authentication)
Fix cifs-utils' advisory number
Modified:
html/trunk/blfs/advisories/10.0.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html Mon Feb 8 10:20:10 2021
(r1706)
+++ html/trunk/blfs/advisories/10.0.html Mon Feb 8 11:43:33 2021
(r1707)
@@ -32,7 +32,7 @@
information is available, 'High' will normally be assumed.</p>
<!-- After a release, copy for next book version, leave just template stuff
- ad initially say "There are no known vulnerabilities." -->
+ and initially say "There are no known vulnerabilities." -->
<!-- start of list: Order is Alphabetic by package name (create multiple
entries
if more than one package is involved, e.g. for those firefox updates which
@@ -63,7 +63,7 @@
<h4>10.0 039 C-Ares Date: 2020-11-19 Severity: High</h4>
<p>An application using C-Ares versions from 1.16.0 to 1.17.1 allows an
- attacker to trigger a Denial of service by getting the
+ attacker to trigger a Denial Of Service by getting the
application to resolve a DNS record with an unexpectedly larger number
of responses.
<a href=consolidated.html#10.0-039>10.0-039</a></p>
@@ -72,7 +72,7 @@
<h3>CIFS-utils</h3>
- <h4>10.0 008 Cryptsetup Date: 2020-09-06 Severity: High</h4>
+ <h4>10.0 004 CIFS-utils Date: 2020-09-05 Severity: High</h4>
<p>The mount.cifs program was invoking a shell when requesting the Samba
password, which could be used to inject arbitrary commands. An attacker
able to invoke mount.cifs with special permission, such as via sudo rules,
@@ -526,7 +526,7 @@
<h4>10.0 013 Samba Date: 2020-09-26 Severity: Critical</h4>
<p>A critical security vulnerability in Samba was discovered, dubbed
- "NetLogon". This vulnerability classifies as an authentication bypass, and
is
+ "ZeroLogon". This vulnerability classifies as an authentication bypass,
and is
rated a 10.0 on the CVSSv3 scale. Update to Samba-4.12.7 or later.
<a href=consolidated.html#10.0-013>10.0-013</a></p>
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Mon Feb 8 10:20:10
2021 (r1706)
+++ html/trunk/blfs/advisories/consolidated.html Mon Feb 8 11:43:33
2021 (r1707)
@@ -26,10 +26,10 @@
<p><i>This page is ordered like the Changelog of the books, with newest
items first.</i></p>
- <p>The severity ratings are best estimates unlessi either upstream
+ <p>The severity ratings are best estimates unless either upstream
or NVD has assigned a rating. If no other analysis is available,
High will usually be assumed and similarly if a crash can be triggered
- LFS and BLFS will normallt rate that as High. If in doubt, read the
links.</p>
+ LFS and BLFS will normally rate that as High. If in doubt, read the
links.</p>
<!-- Editors: Commented entry to copy, and reminder about patches
@@ -163,7 +163,7 @@
<h4>10.0 078 Thunderbird Date: 2021-01-31 Severity: High</h4>
<p>In thunderbird before 78.7.0 there were various vulnerabilities rated
as High. See
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/";>mfsa2021-05</a>
- CVEs have been assigned (CVE-2021-23953, CVE-2021-23954, CVE-20201-23960,
+ CVEs have been assigned (CVE-2021-23953, CVE-2021-23954, CVE-2021-23960,
CVE-2021-23964) but details are not yet public.</p>
<p>To fix this, update to Thunderbird-78.7.0 or later using the
instructions
from the development book for
@@ -172,7 +172,7 @@
<a id="10.0-077">
<h4>10.0 077 Perl (using cpan) Date: 2021-01-30 Severity: High</h4>
- <p>If you use the 'cpan'i command to build perl modules, the perl.com
domain
+ <p>If you use the 'cpan' command to build perl modules, the perl.com domain
was stolen and is currently hosted at an address associated with malware.
Anyone who uses the 'cpan' command should ensure that www.cpan.org is used
to provide the urllist, see the details at
@@ -487,7 +487,7 @@
<h4>10.0 053 Firefox Date: 2020-12-15 Severity: Critical</h4>
<p>Several vulnerabilities were found in firefox before 78.6.0, of which
one
was rated as critical and four as high by upstream, as well as one rated
low
- (but ratedas Medium by NVD) where internal network hosts and services on
the
+ (but rated as Medium by NVD) where internal network hosts and services on
the
user's machine could have been probed by a malicious webpage. Details are
at
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/";>mfsa2020-55</a>
and
@@ -790,7 +790,7 @@
<p>To fix this, update to JS-78.4.1 or later using the instructions
from the development book for
<a href="../view/svn/general/js78.html">JS78 (sysv)</a> or
- <a href="../view/systemd/general/js78.html">JS78 (systemd)</a>.</p>
+ <a href="../view/systemd/general/js78.html">JS78 (systemd)</a>.</p>
<a id="10.0-030">
<h4>10.0 030 Firefox Date: 2020-11-09 Severity: Critical</h4>
@@ -808,7 +808,7 @@
<a id="10.0-029">
<h4>10.0 029 MariaDB Date: 2020-11-04 Severity: Medium</h4>
<p>Four CVE vulnerabilities were identified in MariaDB before version
10.5.7,
- as well as a high security vulnerability only applicable to windows.
+ as well as a high security vulnerability only applicable to Windows.
See <a
href="https://mariadb.com/kb/en/mariadb-1057-release-notes/";>Release Notes</a>
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14812";>CVE-2020-14812</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14765";>CVE-2020-14765</a>,
@@ -976,8 +976,7 @@
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/";>mfsa2020-44</a>.</p>
<p>But users of that version of thunderbird reported numerous crashes.
To fix the vulnerabilities and the crashes update to thunderbird-78.3.1 or
- later using the instructions
- from the development book for
+ later using the instructions from the development book for
<a href="../view/svn/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -1005,7 +1004,7 @@
<a id="10.0-013">
<h4>10.0 013 Samba Date: 2020-09-26 Severity: Critical</h4>
<p>A critical security vulnerability in Samba was discovered, dubbed
- "NetLogon". This vulnerability classifies as an authentication bypass, and
is
+ "ZeroLogon". This vulnerability classifies as an authentication bypass,
and is
rated a 10.0 on the CVSSv3 scale.
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1472";>CVE-2020-1472</a>
has been assigned.</p>
@@ -1132,7 +1131,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-24659";>CVE-2020-24659</a>,
see also
<a
href="https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04";>GNUTLS-SA-2020-09-04</a>.</p>
- <p>To fix this, update to at least Gnu-TLS-3.6.15 using the instructions
+ <p>To fix this, update to at least GnuTLS-3.6.15 using the instructions
from the development book for
<a href="../view/svn/postlfs/gnutls.html">GnuTLS (sysv)</a> or
<a href="../view/systemd/postlfs/gnutls.html">GnuTLS (systemd)</a>.</p>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
