Author: renodr
Date: Thu Mar 25 23:52:31 2021
New Revision: 1752
Log:
Security Advisories: Add 10.1-011 for High/Critical severity OpenSSL updates
Modified:
html/trunk/blfs/advisories/consolidated.html
html/trunk/lfs/advisories/10.1.html
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Wed Mar 24 21:45:39
2021 (r1751)
+++ html/trunk/blfs/advisories/consolidated.html Thu Mar 25 23:52:31
2021 (r1752)
@@ -80,6 +80,21 @@
<p>There are currently no known security vulnerabilities for the latest
releases of the books.</p>
-->
+ <a id="10.1-011">
+ <h4>10.1 011 OpenSSL (LFS) Date: 2021-03-26 Severity: Critical</h4>
+ <p>In OpenSSL-1.1.1k, two high severity security vulnerabilities were
fixed.
+ One of these allows for a complete bypass of the CA certificate check,
+ and the other is a trivial-to-exploit vulnerability that lets remote
+ attackers crash any application that uses OpenSSL on the system. Upgrading
+ to OpenSSL-1.1.1k is suggested, as soon as possible.
+ These vulnerabilities have been assigned
+ <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3450";>CVE-2021-3450</a>
and
+ <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3449";>CVE-2021-3449</a>.
+ <p>To fix these, update to OpenSSL-1.1.1k as soon as possible using the
+ instructions in
+ <a href="../../lfs/view/development/chapter08/openssl.html">OpenSSL
(sysv)</a> or
+ <a href="../../lfs/view/systemd/chapter08/openssl.html">OpenSSL
(systemd)</a>.</p>
+
<a id="10.1-010">
<h4>10.1 010 PDFBox (FOP) Date: 2021-03-25 Severity: Medium</h4>
<p>In Apache PDFBox-2.0.23, two security vulnerabilities were fixed. One of
@@ -90,7 +105,7 @@
These vulnerabilities have been assigned
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-27906";>CVE-2021-27906</a> and
<a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-27807";>CVE-2021-27807</a>.</p>
- To fix these, update the supplemental JAR files in fop to 2.0.23 using the
+ <p>To fix these, update the supplemental JAR files in fop to 2.0.23 using
the
instructions in
<a href="../view/svn/pst/fop.html">fop (sysv)</a> or
<a href="../view/systemd/pst/fop.html">fop (systemd)</a>.</p>
Modified: html/trunk/lfs/advisories/10.1.html
==============================================================================
--- html/trunk/lfs/advisories/10.1.html Wed Mar 24 21:45:39 2021 (r1751)
+++ html/trunk/lfs/advisories/10.1.html Thu Mar 25 23:52:31 2021 (r1752)
@@ -47,9 +47,21 @@
<h4>10.1 005 Linux Kernel (LFS) Date: 2021-03-15 Severity: Low</h4>
<p>In Linux 5.11.3 or earlier there are vulnerabilities in iSCSI
- subsystem which can lead to potential privilege escalation. See
+ subsystem which can lead to potential privilege escalation. See
<a href=../../blfs/advisories/consolidated.html#10.1-005>10.1-005</a></p>
+ <!-- End of Linux Kernel -->
+
+ <h3>OpenSSL</h3>
+ <h4>10.1 011 OpenSSL (LFS) Date: 2021-03-26 Severity: Critical</h4>
+ <p>In OpenSSL-1.1.1k, two high severity security vulnerabilities were fixed
+ that can lead to a complete bypass of the CA Certificate Store checks, and
+ also one that can lead to crashes for applications that use OpenSSL.
+ Updating to OpenSSL-1.1.1k is suggested as soon as possible.
+ <a href=../../blfs/advisories/consolidated.html#10.1-011>10.1-011</a>.</p>
+
+ <!-- End of OpenSSL -->
+
<!-- previous glibc text retained as comment, because it is special for
rebuilfding
<h3>Glibc</h3>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
