Author: ken Date: Wed Feb 10 12:41:52 2021 New Revision: 1711 Log: Add advisory re libgcrypt-1.9.0
For some reason I managed to convince myself that we did not include this package in the book when I was first aware of this. Modified: html/trunk/blfs/advisories/10.0.html html/trunk/blfs/advisories/consolidated.html Modified: html/trunk/blfs/advisories/10.0.html ============================================================================== --- html/trunk/blfs/advisories/10.0.html Tue Feb 9 10:31:46 2021 (r1710) +++ html/trunk/blfs/advisories/10.0.html Wed Feb 10 12:41:52 2021 (r1711) @@ -306,6 +306,12 @@ <!-- end of LibEXIF --> + <h3>Libgcrypt</h3> + <h4>10.0 085 Libgcrypt Date: 2021-02-10 Severity: High</h4> + <p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. To fix this, + update to libgcrypt-1.9.1 or later. + <a href=consolidated.html#10.0-085>10.0-085</a></p> + <h3>Libpcap</h3> <h4>10.0 059 Libpcap Date: 2021-01-04 Severity: High</h4> Modified: html/trunk/blfs/advisories/consolidated.html ============================================================================== --- html/trunk/blfs/advisories/consolidated.html Tue Feb 9 10:31:46 2021 (r1710) +++ html/trunk/blfs/advisories/consolidated.html Wed Feb 10 12:41:52 2021 (r1711) @@ -76,6 +76,14 @@ replaced or archived). See the gstreamer links re 1.16 for an example of linking to a released book (old 10.0) --> + <h4>10.0 085 Libgcrypt Date: 2021-02-10 Severity: High</h4> + <p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. See + <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3345">CVE-2021-3345</a>.</p> + <p>To fix this, update to at least Libgcrypt-1.9.1 using the instructions + from the development book for + <a href="../view/svn/general/libgcrypt.html">Libgcrypt (sysv)</a> or + <a href="../view/systemd/general/libgcrypt.html">Libgcrypt (systemd)</a>.</p> + <a id="10.0-084"> <h4>10.0 084 Jasper Updated: 2021-02-09 Severity: High</h4> <p>In Jasper 2.0.24, jp2_decode in jp2/jp2_dec.c in libjasper has a -- http://lists.linuxfromscratch.org/listinfo/website FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page