Author: ken
Date: Sun Feb 28 12:13:16 2021
New Revision: 1726
Log:
Consolidated advisories - further tweakign of language.
Modified:
html/trunk/blfs/advisories/Notes-re-release.txt
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/Notes-re-release.txt
==============================================================================
--- html/trunk/blfs/advisories/Notes-re-release.txt Sun Feb 28 11:53:10
2021 (r1725)
+++ html/trunk/blfs/advisories/Notes-re-release.txt Sun Feb 28 12:13:16
2021 (r1726)
@@ -46,6 +46,12 @@
These links will need to be checked after committing because the
releases are not in the same repository.
+4.5 Change all 'using the instructions from the development book for' to
+ 'using the instructions for'. After that, check for all uncommented
+ 'developmet' references and remove: Python advisories have slightly
+ different wording emphasising people should look at the BLFS book,
+ any other LFS advisories should now mention 'the LFS book'.
+
Review all except item 4.4, add new page, commit, review item 4.4 and fix
if defective.
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Sun Feb 28 11:53:10
2021 (r1725)
+++ html/trunk/blfs/advisories/consolidated.html Sun Feb 28 12:13:16
2021 (r1726)
@@ -104,7 +104,7 @@
CVEs have been assigned (CVE-2021-23968, CVE-2021-23969, CVE-20201-23978),
but details are not yet public.</p>
<p>To fix these, update to thunderbird-78.8.0 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -115,7 +115,7 @@
CVEs have been assigned (CVE-2021-23968, CVE-2021-23969, CVE-20201-23978),
but details are not yet public.</p>
<p>To fix these, update to firefox-78.8.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -141,7 +141,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23336";>CVE-2021-23336</a> and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3177";>CVE-2021-3177</a>.</p>
<p>To fix this, update to Python-3.9.2 or later using the instructions from
- the <b>BLFS</b> development book for
+ the <b>BLFS</b> book for
<a href="../view/10.1/general/python3.html">Python (sysv)</a> or
<a href="../view/10.1-systemd/general/python3.html">Python
(systemd)</a>.</p>
@@ -185,7 +185,7 @@
See also
<a
href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html";>Intel-SA-00381.</a></p>
<p>To fix this, update to at least microcode-20210216 using the
instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/firmware.html">About Firmware (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/firmware.html">About Firmware
(systemd)</a>.</p>
@@ -274,7 +274,7 @@
This has been assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-28493";>CVE-2020-28493</a>.</p>
<p>To fix this, update to at least Jinja2-2.11.3 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/python-modules.html#Jinja2">Jinja2
(sysv)</a> or
<a href="../view/10.1-systemd/general/python-modules.html#Jinja2">Jinja2
(systemd)</a>.</p>
@@ -287,7 +287,7 @@
repository. This has been assigned
<a
href="https://security.archlinux.org/CVE-2020-17525";>CVE-2020-17525</a>.</p>
<p>To fix this, update to at least Subversion-1.14.1 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/subversion.html">Subversion (sysv)</a> or
<a href="../view/10.1-systemd/general/subversion.html">Subversion
(systemd)</a>.</p>
@@ -296,7 +296,7 @@
<p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. See
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3345";>CVE-2021-3345</a>.</p>
<p>To fix this, update to at least Libgcrypt-1.9.1 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/libgcrypt.html">Libgcrypt (sysv)</a> or
<a href="../view/10.1-systemd/general/libgcrypt.html">Libgcrypt
(systemd)</a>.</p>
@@ -308,7 +308,7 @@
This has been assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3272";>CVE-2021-3272</a>.</p>
<p>To fix this, update to at least jasper-2.0.25 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/jasper.html">Jasper (sysv)</a> or
<a href="../view/10.1-systemd/general/jasper.html">Jasper
(systemd)</a>.</p>
@@ -321,7 +321,7 @@
<a href="https://security.archlinux.org/CVE-2021-21702";>Arch
CVE-2021-21702</a>
where the severity is rated as Medium.</p>
<p>To fix this, update to PHP-8.0.2 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/php.html">PHP (sysv)</a> or
<a href="../view/10.1-systemd/general/php.html">PHP (systemd)</a>.</p>
@@ -378,7 +378,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2018-19543";>CVE-2018-19543</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-27828";>CVE-2020-27828</a>.</p>
<p>To fix this, update to at least JasPer-2.0.24 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/jasper.html">JasPer (sysv)</a> or
<a href="../view/10.1-systemd/general/jasper.html">JasPer
(systemd)</a>.</p>
@@ -391,7 +391,7 @@
<a
href="https://gitlab.gnome.org/GNOME/glib/-/issues/2319";>GHSL-2021-045</a>
.</p>
<p>To fix this, update to at least Glib-2.66.6 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/glib2.html">Glib (sysv)</a> or
<a href="../view/10.1-systemd/general/glib2.html">Glib (systemd)</a>.</p>
@@ -402,7 +402,7 @@
CVEs have been assigned (CVE-2021-23953, CVE-2021-23954, CVE-2021-23960,
CVE-2021-23964) but details are not yet public.</p>
<p>To fix this, update to Thunderbird-78.7.0 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -422,7 +422,7 @@
According to Redhat these have been allocated CVE-2021-22173 and
CVE-2021-22174
but these are currently 'Reserved'.</p>
<p>To fix these, update to wireshark-3.4.3 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/wireshark.html">Wireshark (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/wireshark.html">Wireshark
(systemd)</a>.</p>
@@ -434,7 +434,7 @@
<a
href="https://www.videolan.org/security/sb-vlc3012.html";>VideoLAN-SB-VLC-3012
</a>.</p>
<p>To fix this, update to VLC-3.0.12 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/multimedia/vlc.html">VLC (sysv)</a> or
<a href="../view/10.1-systemd/multimedia/vlc.html">VLC (systemd)</a>.</p>
@@ -446,7 +446,7 @@
execution.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-0308";>CVE-2021-0308</a>.</p>
<p>To fix this, update to GPTfdisk-1.0.6 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/gptfdisk.html">GPTfdisk (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/gptfdisk.html">GPTfdisk
(systemd)</a>.</p>
@@ -456,7 +456,7 @@
escalation, see
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3156";>CVE-2021-3156</a>.</p>
<p>To fix this, update to Sudo-1.9.5p2 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/sudo.html">Sudo (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/sudo.html">Sudo (systemd)</a>.</p>
@@ -468,7 +468,7 @@
Summary details are at
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/";>mfsa2021-04</a>.</p>
<p>To fix this, update to JS-78.7.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/js78.html">JS78 (sysv)</a> or
<a href="../view/10.1-systemd/general/js78.html">JS78 (systemd)</a>.</p>
@@ -484,7 +484,7 @@
CVEs have been assigned (CVE-2021-23953, CVE-2021-23954, CVE-20201-23960,
CVE-2021-23964) but details are not yet public.</p>
<p>To fix these, update to firefox-78.7.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -495,7 +495,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2014-9639";>CVE-2014-9639</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2017-11331";>CVE-2017-11331</a>.</p>
<p>To fix these, update to Vorbis Tools 1.4.2 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/multimedia/vorbistools.html">Vorbis Tools (sysv)</a>
or
<a href="../view/10.1-systemd/multimedia/vorbistools.html">Vorbis Tools
(systemd)</a>.</p>
@@ -515,7 +515,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26978";>CVE-2020-26978</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-35113";>CVE-2020-35113</a>.</p>
<p>To fix these, update to Seamonkey-2.53.6 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/seamonkey.html">Seamonkey (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/seamonkey.html">Seamonkey
(systemd)</a>.</p>
@@ -530,7 +530,7 @@
<a
href="http://www.linuxfromscratch.org/patches/downloads/mutt/mutt-2.0.4-memleak-1.patch";>mutt-2.0.4-memleak-1.patch</a>,
but the 2.05 release followed a few days later with slightly more fixes.
To fix this update to mutt-2.0.5 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/mutt.html">Mutt (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/mutt.html">Mutt (systemd)</a>.</p>
@@ -546,7 +546,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-27560";>CVE-2020-27560</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-29599";>CVE-2020-29599</a>.</p>
<p>To fix this, update to ImageMagick-7.0.10-57 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/general/imagemagick.html">ImageMagick (sysv)</a> or
<a href="../view/10.1-systemd/general/imagemagick.html">ImageMagick
(systemd)</a>.</p>
@@ -559,7 +559,7 @@
This has been allocated CVE-2020-16044 but for the moment no details are
available.</p>
<p>To fix this, update to Thunderbird-78.6.1 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -572,7 +572,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23239";>CVE-2021-20239</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23240";>CVE-2021-23240</a>,.</p>
<p>To fix this, update to Sudo-1.9.5p1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/sudo.html">Sudo (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/sudo.html">Sudo (systemd)</a>.</p>
@@ -584,7 +584,7 @@
<a href="https://security.archlinux.org/ASA-202101-9";>ASA-202101-9</a>
(Arch linux).</p>
<p>To fix this, update to PHP-8.0.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/php.html">PHP (sysv)</a> or
<a href="../view/10.1-systemd/general/php.html">PHP (systemd)</a>.</p>
@@ -597,7 +597,7 @@
This has been allocated CVE-2020-16044 but for the moment no details are
available.</p>
<p>To fix this, update to firefox-78.6.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -611,7 +611,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8287";>CVE-2020-8287</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-1971";>CVE-2020-1971</a>.</p>
<p>To fix these, update to Node.js-14.15.4 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/nodejs.html">Node.js (sysv)</a> or
<a href="../view/10.1-systemd/general/nodejs.html">Node.js (systemd)</a>.
Alternatively, if you are still using the v12 series, you may prefer to
@@ -635,7 +635,7 @@
<p>A workaround is to disable imap hibernation by ensuring
imap_hibernate_timeout is either set to 0 or unset.</p>
<p>To fix this, update to dovecot-2.3.13 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/server/dovecot.html">Dovecot (sysv)</a> or
<a href="../view/10.1-systemd/server/dovecot.html">Dovecot
(systemd)</a>.</p>
@@ -645,7 +645,7 @@
<a href="https://www.tcpdump.org/libpcap-changes.txt";>tcpdump.org</a>
mentions various security fixes.</p>
<p>To fix these, update to Libpcap-1.10.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/libpcap.html">Libpcap (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/libpcap.html">Libpcap
(systemd)</a>.</p>
@@ -658,7 +658,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-6851";>CVE-2020-6851</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8112";>CVE-2020-8112</a>.</p>
<p>To fix these, update to OpenJPEG-2.4.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/openjpeg2.html">OpenJPEG2 (sysv)</a> or
<a href="../view/10.1-systemd/general/openjpeg2.html">OpenJPEG2
(systemd)</a>.</p>
@@ -685,7 +685,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26978";>CVE-2020-26978</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-35113";>CVE-2020-35113</a>.</p>
<p>To fix this, update to Thunderbird-78.6.0 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -703,7 +703,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26575";>CVE-2020-26575</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-28030";>CVE-2020-28030</a>.</p>
<p>To fix these, update to wireshark-3.4.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/wireshark.html">Wireshark (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/wireshark.html">Wireshark
(systemd)</a>.</p>
@@ -715,7 +715,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-29362";>CVE-2020-29362</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-29363";>CVE-2020-29363</a>.</p>
<p>To fix this, update to p11-kit-0.23.22 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/p11-kit.html">P11-Kit (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/p11-kit.html">P11-Kit
(systemd)</a>.</p>
@@ -734,7 +734,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26978";>CVE-2020-26978</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-35113";>CVE-2020-35113</a>.</p>
<p>To fix these, update to firefox-78.5.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -748,7 +748,7 @@
with fuller details at
<a href="https://www.openssl.org/news/secadv/20201208.txt";>OpenSSL</a>.</p>
<p>To fix this, update to at least OpenSSL-1.1.1i using the instructions
- from the LFS development book for
+ from the LFS book for
<a href="../../lfs/view/10.1/chapter08/openssl.html">OpenSSL (sysv)</a> or
<a href="../../lfs/view/10.1-systemd/chapter08/openssl.html">OpenSSL
(systemd)</a>.</p>
@@ -759,7 +759,7 @@
<a href="https://bugs.python.org/issue42051";>bpo-42051</a>,
<a href="https://bugs.python.org/issue42103";>bpo-42103</a>.</p>
<p>To fix this, update to at least Python-3.9.1 using the instructions
- from the <b>BLFS</b> development book for
+ from the <b>BLFS</b> book for
<a href="../view/10.1/general/python3.html">Python (sysv)</a> or
<a href="../view/10.1-systemd/general/python3.html">Python
(systemd)</a>.</p>
@@ -773,7 +773,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8285";>CVE-2020-8285</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8286";>CVE-2020-8286</a>.</p>
<p>To fix these, update to cURL-7.74.0 or later following the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/curl.html">cURL (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/curl.html">cURL (systemd)</a>.</p>
@@ -784,7 +784,7 @@
image with LZW compression.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-29385";>CVE-2020-29385</a>.</p>
<p>To fix this, update to Gdk-Pixbuf-2.42.2 or later following the
instructions
- from the development book for
+ for
<a href="../view/10.1/x/gdk-pixbuf.html">Gdk-Pixbuf (sysv)</a> or
<a href="../view/10.1-systemd/x/gdk-pixbuf.html">Gdk-Pixbuf
(systemd)</a>.</p>
@@ -799,7 +799,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25712";>CVE-2020-25712</a>
.</p>
<p>To fix this, update to at least Xorg-Server-1.20.10 using the
instructions
- from the development book for
+ for
<a href="../view/10.1/x/xorg-server.html">Xorg-Server (sysv)</a> or
<a href="../view/10.1-systemd/x/xorg-server.html">Xorg-Server
(systemd)</a>.</p>
@@ -810,7 +810,7 @@
availability of analysis.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-28935";>CVE-2020-28935</a>.</p>
<p>To fix this, update to Unbound-1.13.0 or later following the
instructions
- from the development book for
+ for
<a href="../view/10.1/server/unbound.html">Unbound (sysv)</a> or
<a href="../view/10.1-systemd/server/unbound.html">Unbound
(systemd)</a>.</p>
@@ -821,7 +821,7 @@
TLS.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-28896";>CVE-2020-28896</a>.</p>
<p>To fix this, update to mutt-2.0.2 or later following the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/mutt.html">Mutt (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/mutt.html">Mutt (systemd)</a>.</p>
@@ -838,7 +838,7 @@
released, or apply the patch
<a
href="http://www.linuxfromscratch.org/patches/downloads/libexif/libexif-0.6.22-security_fixes-1.patch";>libexif-0.6.22-security_fixes-1.patch</a>
following the instructions
- from the development book for
+ for
<a href="../view/10.1/general/libexif.html">LibEXIF (sysv)</a> or
<a href="../view/10.1-systemd/general/libexif.html">LibEXIF
(systemd)</a>.</p>
@@ -854,7 +854,7 @@
<p>To fix these, apply the patch
<a
href="http://www.linuxfromscratch.org/patches/downloads/libxml2/libxml2-2.9.10-security_fixes-1.patch";>libxml2-2.9.10-security_fixes-1.patch</a>
following the instructions
- from the development book for
+ for
<a href="../view/10.1/general/libxml2.html">LibXML2 (sysv)</a> or
<a href="../view/10.1-systemd/general/libxml2.html">LibXML2 (systemd)</a>,
or update to a later version if one is released.</p>
@@ -870,7 +870,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9983";>CVE-2020-9983</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-13584";>CVE-2020-13584</a>.</p>
<p>To fix this, update to at least webkitgtk-2.30.3 using the instructions
- from the development book for
+ for
<a href="../view/10.1/x/webkitgtk.html">WebKitGTK (sysv)</a> or
<a href="../view/10.1-systemd/x/webkitgtk.html">WebKitGTK
(systemd)</a>.</p>
@@ -884,7 +884,7 @@
For the other parts of Qt5 see
<a href="https://wiki.qt.io/Qt_5.15.2_Change_Files";>Qt-5.15.2
Changes</a>.</p>
To fix these, update to at least Qt-5.15.2 and QtWebEngine-5.15.1 using the
- instructions from the development book for
+ instructions for
<a href="../view/10.1/x/qt5.html">Qt5 (sysv)</a> and
<a href="../view/10.1/x/qtwebengine.html">QtWebEngine (sysv)</a>, or
<a href="../view/10.1-systemd/x/qt5.html">Qt5 (systemd)</a> and
@@ -898,7 +898,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26951";>CVE-2020-26951</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26968";>CVE-2020-26968</a>.<p>
<p>To fix this, update to Thunderbird-78.5.0 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -908,7 +908,7 @@
Service to be triggered when decoding Kerberos protocol messages. See
<a href="https://web.mit.edu/kerberos/krb5-1.18/";>Release Notes</a>.</p>
<p>To fix this, update to krb-5.18.3 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/mitkrb.html">Kerberos (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/mitkrb.html">Kerberos
(systemd)</a>.</p>
@@ -920,7 +920,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8277";>CVE-2020-8277</a>
which was initially raised against Node.js.</p>
<p>To fix this, update to C-Ares-1.17.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/c-ares.html">C-Ares (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/c-ares.html">C-Ares
(systemd)</a>.</p>
@@ -932,7 +932,7 @@
This also applies to C-Ares, which is shipped with Node.js.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8277";>CVE-2020-8277</a>.</p>
<p>To fix this, update to Node.js-14.15.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/nodejs.html">Node.js (sysv)</a> or
<a href="../view/10.1-systemd/general/nodejs.html">Node.js (systemd)</a>.
Alternatively, if you are still using the v12 series, you may prefer to
@@ -945,7 +945,7 @@
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/";>mfsa2020-51</a>
.</p>
<p>To fix this, update to JS-78.5.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/js78.html">JS78 (sysv)</a> or
<a href="../view/10.1-systemd/general/js78.html">JS78 (systemd)</a>.</p>
@@ -958,7 +958,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26951";>CVE-2020-26951</a> and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26968";>CVE-2020-26968</a>.</p>
<p>To fix this, update to firefox-78.5.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -972,7 +972,7 @@
<p>To fix this, patch raptor-2.0.15 using
<a
href="http://www.linuxfromscratch.org/patches/downloads/raptor/raptor-2.0.15-security_fixes-1.patch";>raptor-2.0.15-security_fixes-1.patch</a>
and the instructions
- from the development book for
+ for
<a href="../view/10.1/general/raptor.html">Raptor (sysv)</a> or
<a href="../view/10.1-systemd/general/raptor.html">Raptor
(systemd)</a>.</p>
@@ -986,7 +986,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25695";>CVE-2020-25695</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25696";>CVE-2020-25696</a>.</p>
<p>To fix this, update to PostgreSQL-13.1 or later, using the instructions
- from the development book for
+ for
<a href="../view/10.1/server/postgresql.html">PostgreSQL (sysv)</a> or
<a href="../view/10.1-systemd/server/postgresql.html">PostgrSQL
(systemd)</a>.</p>
@@ -998,7 +998,7 @@
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26950";>CVE-2020-26950</a>.
<p>To fix this, update to Thunderbird-78.4.2 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -1011,7 +1011,7 @@
but was later revised to use Seamonkey-2.53.5 when that became available.
And then Seamonkey-2.53.5.1 had further fixes for this.
<p>To fix these, update to Seamonkey-2.53.5.1 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/seamonkey.html">Seamonkey (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/seamonkey.html">Seamonkey
(systemd)</a>.</p>
@@ -1024,7 +1024,7 @@
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26950";>CVE-2020-26950</a>.
<p>To fix this, update to JS-78.4.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/js78.html">JS78 (sysv)</a> or
<a href="../view/10.1-systemd/general/js78.html">JS78 (systemd)</a>.</p>
@@ -1037,7 +1037,7 @@
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26950";>CVE-2020-26950</a>.
<p>To fix this, update to firefox-78.4.1 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -1051,7 +1051,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14776";>CVE-2020-14776</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14789";>CVE-2020-14789</a>.</p>
<p>To fix this, update to at least mariadb-10.5.7 using the instructions
- from the development book for
+ for
<a href="../view/10.1/server/mariadb.html">MariaDB (sysv)</a> or
<a href="../view/10.1-systemd/server/mariadb.html">MariaDB
(systemd)</a>.</p>
@@ -1063,7 +1063,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14323";>CVE-2020-14323</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14383";>CVE-2020-14383</a>.</p>
<p>To fix this, update to at least samba-4.13.1 using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/samba.html">Samba (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/samba.html">Samba (systemd)</a>.</p>
@@ -1072,7 +1072,7 @@
<p>There was a signed integer overflow in libass-0.14.0. See
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-26682";>CVE-2020-26682</a>.</p>
<p>To fix this, update to at least libass-0.15.0 using the instructions
- from the development book for
+ for
<a href="../view/10.1/multimedia/libass.html">Libass (sysv)</a> or
<a href="../view/10.1-systemd/multimedia/libass.html">Libass
(systemd)</a>.</p>
@@ -1094,7 +1094,7 @@
<i> et seq.</i></p>
<p>On systems running Gstreamer 1.18 versions, update to the
gstreamer-1.18.1 or later packages (gstreamer, -libav, -plugins, -vaapi)
- using the instructions from the development book for
+ using the instructions for
<a href="../view/10.1/multimedia/gstreamer10.html">Gstreamer 1.18
(sysv)</a>i
<i>et seq.</i> or
<a href="../view/10.1-systemd/multimedia/gstreamer10.html">Gstreamer 1.18
(systemd)</a>
@@ -1106,7 +1106,7 @@
Details are at
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/";>mfsa2020-47</a>.</p>
<p>To fix this, update to Thunderbird-78.4.0 or later using the
instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -1122,7 +1122,7 @@
<a
href="https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/";>Sourceforge
- Changes in 2.10.4</a>
.</p>
<p>To fix this, update to freetype-2.10.4 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/freetype2.html">FreeType (sysv)</a> or
<a href="../view/10.1-systemd/general/freetype2.html">FreeType
(systemd)</a>.</p>
@@ -1136,7 +1136,7 @@
<a
href="https://www.cybersecurity-help.cz/vdb/SB2020120602";>cybersecurity-help.cz</a>.</p>
<p>This was thought to be fixed in LXML-4.6.1, but that fix was inadequate.
To fix this, update to LXML-4.6.2 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/python-modules.html#lxml">LXML (sysv)</a> or
<a href="../view/10.1-systemd/general/python-modules.html#lxml">LXML
(systemd)</a>.</p>
@@ -1147,7 +1147,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25613";>CVE-2020-25613</a>
.</p>
<p>To fix this, update to at least NSS-3.58 using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/nss.html">NSS (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/nss.html">NSS (systemd)</a>.</p>
@@ -1157,7 +1157,7 @@
"verifyChain = yes". See
<a href="https://www.stunnel.org/NEWS.html";>Stunnel NEWS</a>.</p>
<p>To fix this, update to at least stunnel-5.57 using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/stunnel.html">Stunnel (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/stunnel.html">Stunnel
(systemd)</a>.</p>
@@ -1166,7 +1166,7 @@
<p>Ruby before 2.7.2 had a vulnerability in its WEBrick HTTP server.
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25613";>CVE-2020-25613</a>.</p>
<p>To fix this, update to at least Ruby-2.7.2 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/ruby.html">Ruby (sysv)</a> or
<a href="../view/10.1-systemd/general/ruby.html">Ruby (systemd)</a>.</p>
@@ -1176,7 +1176,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1472";>CVE-2020-1472</a>
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-1472";>CVE-2020-1472</a>.</p>
<p>To fix this, update to at least PHP-7.4.11 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/php.html">PHP (sysv)</a> or
<a href="../view/10.1-systemd/general/php.html">PHP (systemd)</a>.</p>
@@ -1187,7 +1187,7 @@
<a href="https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.1";>Release
Notes</a>
.</p>
<p>To fix this, update to at least Glib-2.66.1 using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/glib2.html">Glib (sysv)</a> or
<a href="../view/10.1-systemd/general/glib2.html">Glib (systemd)</a>.</p>
@@ -1200,7 +1200,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25863";>CVE-2020-25863</a>,
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25863";>CVE-2020-25866</a>.</p>
<p>To fix these, update to wireshark-3.2.7 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/wireshark.html">Wireshark (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/wireshark.html">Wireshark
(systemd)</a>.</p>
@@ -1212,7 +1212,7 @@
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/";>mfsa2020-44</a>.</p>
<p>But users of that version of thunderbird reported numerous crashes.
To fix the vulnerabilities and the crashes update to thunderbird-78.3.1 or
- later using the instructions from the development book for
+ later using the instructions for
<a href="../view/10.1/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
@@ -1223,7 +1223,7 @@
Seamonkey-2.53.4. Please see
<a href="https://www.seamonkey-project.org/releases/seamonkey2.53.4/";>The
Release Notes</a>.</p>
<p>To fix these, update to Seamonkey-2.53.4 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/seamonkey.html">Seamonkey (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/seamonkey.html">Seamonkey
(systemd)</a>.</p>
@@ -1233,7 +1233,7 @@
including a memory safety bug rated as High. Details are at
<a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/";>mfsa2020-43</a>.</p>
<p>To fix these, update to firefox-78.3.0 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/xsoft/firefox.html">Firefox (sysv)</a> or
<a href="../view/10.1-systemd/xsoft/firefox.html">Firefox
(systemd)</a>.</p>
@@ -1245,7 +1245,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1472";>CVE-2020-1472</a>
has been assigned.</p>
<p>To fix this, update to Samba-4.12.7 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/samba.html">Samba (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/samba.html">Samba (systemd)</a>.</p>
@@ -1256,7 +1256,7 @@
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8201";>CVE-2020-8201</a>
and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8252";>CVE-2020-8252</a>.</p>
<p>To fix this, update to Node.js-12.18.4 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/nodejs.html">Node.js (sysv)</a> or
<a href="../view/10.1-systemd/general/nodejs.html">Node.js
(systemd)</a>.</p>
@@ -1268,7 +1268,7 @@
which had CVEs assigned at the time of the update, see
<a href="http://wiki.linuxfromscratch.org/blfs/ticket/14026";>BLFS ticket
#14026</a>.</p>
To fix this, update to at least Qt-5.15.1 and QtWebEngine-5.15.1 using the
- instructions from the development book for
+ instructions for
<a href="../view/10.1/x/qt5.html">Qt5 (sysv)</a> and
<a href="../view/10.1/x/qtwebengine.html">QtWebEngine (sysv)</a>, or
<a href="../view/10.1-systemd/x/qt5.html">Qt5 (systemd)</a> and
@@ -1280,7 +1280,7 @@
See
<a
href="https://www.openwall.com/lists/oss-security/2020/09/08/4";>oss-security</a>.</p>
<p>To fix this, update to linux-5.8.9 or later using the instructions
- from the LFS development book for
+ from the LFS book for
<a href="../../lfs/view/10.1/chapter10/kernel.html">Linux Kernel
(sysv)</a> or
<a href="../../lfs/view/10.1-systemd/chapter10/kernel.html">Linux Kernel
(systemd)</a>.</p>
@@ -1290,7 +1290,7 @@
generated code should not be affected. See
<a
href="https://lists.gnu.org/archive/html/info-gnu/2020-09/msg00003.html";>The
Release Announcement</a>.</p>
<p>To fix this, update to bison-3.7.2 or later using the instructions
- from the LFS development book for
+ from the LFS book for
<a href="../../lfs/view/10.1/chapter08/bison.html">Bison (sysv)</a> or
<a href="../../lfs/view/10.1-systemd/chapter08/bison.html">Bison
(systemd)</a>.</p>
@@ -1301,7 +1301,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14382";>CVE-2020-14382</a>
has been assigned.</p>
<p>To fix this, update to at least cryptsetup-2.3.4 using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/cryptsetup.html">Cryptsetup (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/cryptsetup.html">Cryptsetup
(systemd)</a>.</p>
@@ -1313,7 +1313,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-25125";>CVE-2020-25125</a>
has been assigned.</p>
<p>To fix this, update to GnuPG-2.2.23 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/gnupg.html">GnuPG (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/gnupg.html">GnuPG (systemd)</a>.</p>
@@ -1323,7 +1323,7 @@
This was assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-8927";>CVE-2020-8927</a>.</p>
<p>To fix this, update to brotli-1.0.9 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/general/brotli.html">Brotli (sysv)</a> or
<a href="../view/10.1-systemd/general/brotli.html">Brotli
(systemd)</a>.</p>
@@ -1341,7 +1341,7 @@
See also
<a href="https://kb.isc.org/docs/aa-00913";>BIND 9 Security Vulnerabilty
Matrix #114-8</a>.</p>
<p>To fix this, update to BIND-9.6.16 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/server/bind.html">BIND (sysv)</a> or
<a href="../view/10.1-systemd/server/bind.html">BIND (systemd)</a>.</p>
@@ -1356,7 +1356,7 @@
more details at
<a
href="https://lists.samba.org/archive/samba-technical/2020-September/135747.html";>samba-technical</a>.</p>
<p>To fix this, update to cifs-utils-6.11 or later using the instructions
- from the development book for
+ for
<a href="../view/10.1/basicnet/cifsutils.html">CIFS-utils (sysv)</a> or
<a href="../view/10.1-systemd/basicnet/cifsutils.html">CIFS-utils
(systemd)</a>.</p>
@@ -1368,7 +1368,7 @@
see also
<a
href="https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04";>GNUTLS-SA-2020-09-04</a>.</p>
<p>To fix this, update to at least GnuTLS-3.6.15 using the instructions
- from the development book for
+ for
<a href="../view/10.1/postlfs/gnutls.html">GnuTLS (sysv)</a> or
<a href="../view/10.1-systemd/postlfs/gnutls.html">GnuTLS
(systemd)</a>.</p>
@@ -1383,7 +1383,7 @@
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14361";>CVE-2020-14361</a>
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14361";>CVE-2020-14362</a>.</p>
<p>To fix this, update to at least Xorg-Server-1.20.9 using the
instructions
- from the development book for
+ for
<a href="../view/10.1/x/xorg-server.html">Xorg-Server (sysv)</a> or
<a href="../view/10.1-systemd/x/xorg-server.html">Xorg-Server
(systemd)</a>.</p>
@@ -1394,7 +1394,7 @@
was found, which could lead to provilege escalation. This has been assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-14363";>CVE-2020-14363</a>.</p>
<p>To fix this, update to at least libX11-1.6.12 using the instructions
- from the development book for
+ for
<a href="../view/10.1/x/x7lib.html">Xorg Libraries (sysv)</a> or
<a href="../view/10.1-systemd/x/x7lib.html">Xorg Libraries
(systemd)</a>.</p>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
