Author: renodr Date: Sun Feb 21 22:53:18 2021 New Revision: 1720 Log: Security Advisories: Update 10.0-093 (BIND) to use a sed instead of upgrading to bind-9.16.12. This is due to regressions in 9.16.12, see BLFS ticket #14683. Security Advisories: Add 10.0-097 for Python3
Modified: html/trunk/blfs/advisories/10.0.html html/trunk/blfs/advisories/consolidated.html html/trunk/lfs/advisories/10.0.html Modified: html/trunk/blfs/advisories/10.0.html ============================================================================== --- html/trunk/blfs/advisories/10.0.html Fri Feb 19 13:28:08 2021 (r1719) +++ html/trunk/blfs/advisories/10.0.html Sun Feb 21 22:53:18 2021 (r1720) @@ -42,10 +42,10 @@ <h3>BIND</h3> - <h4>10.0 093 BIND Date: 2021-02-18 Severity: High</h4> + <h4>10.0 093 BIND Date: 2021-02-18 Updated: 2021-02-22 Severity: High</h4> <p>A security vulnerability was found in BIND that could result in a crash or potentially remote code execution if the server uses GSSAPI/SPNEGO. - Update to BIND-9.16.12 or later. + Apply the sed in the page linked in the advisory and rebuild BIND. <a href="consolidated.html#10.0-093">10.0-093</a></p> <h4>10.0 005 BIND Date: 2020-09-05 Severity: High</h4> @@ -528,6 +528,12 @@ <h3>Python</h3> + <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4> + <p>Python-3.9.2 fixes two security vulnerabilities, one marked as critical + and the other as medium. The critical vulnerability can result in remote + code execution. Update to Python-3.9.2 or later. + <a href=consolidated.html#10.0-097>10.0-097</a></p> + <h4>10.0 051 Python (LFS and BLFS) Date: 2020-12-15 Severity: High</h4> <p>Python-3.9.1 includes three security fixes. Update to Python-3.9.1 or later. Modified: html/trunk/blfs/advisories/consolidated.html ============================================================================== --- html/trunk/blfs/advisories/consolidated.html Fri Feb 19 13:28:08 2021 (r1719) +++ html/trunk/blfs/advisories/consolidated.html Sun Feb 21 22:53:18 2021 (r1720) @@ -75,6 +75,21 @@ the longer term who knows what will happen to packages (e.g. getting replaced or archived). See the gstreamer links re 1.16 for an example of linking to a released book (old 10.0) --> + <a id="10.0-097"> + <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4> + <p>Python-3.9.2 contained two security fixes, one rated as 9.8 CRITICAL, + and the other marked as Medium. The critical vulnerability can result in + remote code execution in some Python-based programs, and the Medium-level + vulnerability can result in web cache poisoning. + These vulnerabilities have been assigned + <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23336">CVE-2021-23336</a> and + <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3177">CVE-2021-3177</a>.</p> + To fix this, update to Python-3.9.2 or later using the instructions from + the <b>BLFS</b> development book for + <a href="../view/svn/general/python3.html">Python (sysv)</a> or + <a href="../view/systemd/general/python3.html">Python (systemd)</a>.</p> + + <a id="10.0-096"> <h4>10.0 096 Screen Date: 2021-02-19 Severity: Critical</h4> <p>In Screen-4.8.0, a security vulnerability was fixed that allows for a @@ -119,14 +134,14 @@ <a href="../view/systemd/postlfs/firmware.html">About Firmware (systemd)</a>.</p> <a id="10.0-093"> - <h4>10.0 093 BIND Date: 2021-02-18 Severity: High</h4> + <h4>10.0 093 BIND Date: 2021-02-18 Updated: 2021-02-22 Severity: High</h4> <p>In bind-9.16.12, a security vulnerability was fixed that could allow remote unauthenticated users to crash the named process if the server is configured to use SPNEGO/GSSAPI. This is classified as a buffer overflow vulnerability. This has been assigned <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8625">CVE-2020-8625</a>.</p> - <p>To fix this, update to at least BIND-9.16.12 using the instructions in + <p>To fix this, apply the sed found in the page below and rebuild BIND. <a href="../view/svn/server/bind.html">BIND (sysv)</a> or <a href="../view/systemd/server/bind.html">BIND (systemd)</a>.</p> Modified: html/trunk/lfs/advisories/10.0.html ============================================================================== --- html/trunk/lfs/advisories/10.0.html Fri Feb 19 13:28:08 2021 (r1719) +++ html/trunk/lfs/advisories/10.0.html Sun Feb 21 22:53:18 2021 (r1720) @@ -80,6 +80,13 @@ <h3>Python</h3> + <h4>10.0 097 Python (LFS and BLFS) Date: 2021-02-22 Severity: Critical</h4> + <p>Python-3.9.2 contains fixes for a critical security vulnerability as well + as a medium-level security vulnerability. The critical vulnerability can + lead to remote code execution. Update to Python-3.9.2 or later + <i>using the BLFS instructions</i>. + <a href=../../blfs/advisories/consolidated.html#10.0-097>10.0-097</a></p> + <h4>10.0 051 Python (LFS and BLFS) Date: 2020-12-15 Severity: High</h4> <p>Python-3.9.1 includes three security fixes. Update to Python-3.9.1 or later <i>using the BLFS instructions</i>. -- http://lists.linuxfromscratch.org/listinfo/website FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page