Author: renodr
Date: Sun Feb 21 22:53:18 2021
New Revision: 1720
Log:
Security Advisories: Update 10.0-093 (BIND) to use a sed instead of upgrading
to bind-9.16.12. This is due to regressions in 9.16.12, see BLFS ticket #14683.
Security Advisories: Add 10.0-097 for Python3
Modified:
html/trunk/blfs/advisories/10.0.html
html/trunk/blfs/advisories/consolidated.html
html/trunk/lfs/advisories/10.0.html
Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html Fri Feb 19 13:28:08 2021
(r1719)
+++ html/trunk/blfs/advisories/10.0.html Sun Feb 21 22:53:18 2021
(r1720)
@@ -42,10 +42,10 @@
<h3>BIND</h3>
- <h4>10.0 093 BIND Date: 2021-02-18 Severity: High</h4>
+ <h4>10.0 093 BIND Date: 2021-02-18 Updated: 2021-02-22 Severity:
High</h4>
<p>A security vulnerability was found in BIND that could result in a crash
or potentially remote code execution if the server uses GSSAPI/SPNEGO.
- Update to BIND-9.16.12 or later.
+ Apply the sed in the page linked in the advisory and rebuild BIND.
<a href="consolidated.html#10.0-093">10.0-093</a></p>
<h4>10.0 005 BIND Date: 2020-09-05 Severity: High</h4>
@@ -528,6 +528,12 @@
<h3>Python</h3>
+ <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4>
+ <p>Python-3.9.2 fixes two security vulnerabilities, one marked as critical
+ and the other as medium. The critical vulnerability can result in remote
+ code execution. Update to Python-3.9.2 or later.
+ <a href=consolidated.html#10.0-097>10.0-097</a></p>
+
<h4>10.0 051 Python (LFS and BLFS) Date: 2020-12-15 Severity: High</h4>
<p>Python-3.9.1 includes three security fixes. Update to Python-3.9.1
or later.
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Fri Feb 19 13:28:08
2021 (r1719)
+++ html/trunk/blfs/advisories/consolidated.html Sun Feb 21 22:53:18
2021 (r1720)
@@ -75,6 +75,21 @@
the longer term who knows what will happen to packages (e.g. getting
replaced or archived). See the gstreamer links re 1.16 for an example of
linking to a released book (old 10.0) -->
+ <a id="10.0-097">
+ <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4>
+ <p>Python-3.9.2 contained two security fixes, one rated as 9.8 CRITICAL,
+ and the other marked as Medium. The critical vulnerability can result in
+ remote code execution in some Python-based programs, and the Medium-level
+ vulnerability can result in web cache poisoning.
+ These vulnerabilities have been assigned
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23336";>CVE-2021-23336</a> and
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3177";>CVE-2021-3177</a>.</p>
+ To fix this, update to Python-3.9.2 or later using the instructions from
+ the <b>BLFS</b> development book for
+ <a href="../view/svn/general/python3.html">Python (sysv)</a> or
+ <a href="../view/systemd/general/python3.html">Python (systemd)</a>.</p>
+
+
<a id="10.0-096">
<h4>10.0 096 Screen Date: 2021-02-19 Severity: Critical</h4>
<p>In Screen-4.8.0, a security vulnerability was fixed that allows for a
@@ -119,14 +134,14 @@
<a href="../view/systemd/postlfs/firmware.html">About Firmware
(systemd)</a>.</p>
<a id="10.0-093">
- <h4>10.0 093 BIND Date: 2021-02-18 Severity: High</h4>
+ <h4>10.0 093 BIND Date: 2021-02-18 Updated: 2021-02-22 Severity:
High</h4>
<p>In bind-9.16.12, a security vulnerability was fixed that could allow
remote unauthenticated users to crash the named process if the server
is configured to use SPNEGO/GSSAPI. This is classified as a buffer
overflow vulnerability.
This has been assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8625";>CVE-2020-8625</a>.</p>
- <p>To fix this, update to at least BIND-9.16.12 using the instructions in
+ <p>To fix this, apply the sed found in the page below and rebuild BIND.
<a href="../view/svn/server/bind.html">BIND (sysv)</a> or
<a href="../view/systemd/server/bind.html">BIND (systemd)</a>.</p>
Modified: html/trunk/lfs/advisories/10.0.html
==============================================================================
--- html/trunk/lfs/advisories/10.0.html Fri Feb 19 13:28:08 2021 (r1719)
+++ html/trunk/lfs/advisories/10.0.html Sun Feb 21 22:53:18 2021 (r1720)
@@ -80,6 +80,13 @@
<h3>Python</h3>
+ <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4>
+ <p>Python-3.9.2 contains fixes for a critical security vulnerability as
well
+ as a medium-level security vulnerability. The critical vulnerability can
+ lead to remote code execution. Update to Python-3.9.2 or later
+ <i>using the BLFS instructions</i>.
+ <a href=../../blfs/advisories/consolidated.html#10.0-097>10.0-097</a></p>
+
<h4>10.0 051 Python (LFS and BLFS) Date: 2020-12-15 Severity: High</h4>
<p>Python-3.9.1 includes three security fixes. Update to Python-3.9.1
or later <i>using the BLFS instructions</i>.
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
