advisories

renodr Wed, 14 Apr 2021 14:39:14 -0700

Author: renodr
Date: Wed Apr 14 14:29:29 2021
New Revision: 1791

Log:
Security Advisories: Modify SA-10.1-027 to be more conformant to style
Security Advisories: Modify SA-10.1-017 to mention CVE-2021-27218, which was 
fixed in glib-2.66.7/2.66.8 also.


Modified:
   html/trunk/blfs/advisories/10.1.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html        Wed Apr 14 14:16:06 2021        
(r1790)
+++ html/trunk/blfs/advisories/10.1.html        Wed Apr 14 14:29:29 2021        
(r1791)
@@ -79,9 +79,11 @@
 <!-- end of Flac -->
 
     <h3>glib2</h3>
-    <h4>10.1 017 glib2   Date: 2021-03-29  Severity: Medium</h4>
+    <h4>10.1 017 glib2   Updated: 2021-04-14  Severity: High</h4>
     <p>A medium severity security vulnerability was discovered in glib2
     that may allow for arbitrary file overwrites to happen via a symlink 
attack.
+    An additional high severity security vulnerabilty was discovered that
+    allowed for unintended length truncation.
     To fix this, update to glib2-2.66.8 or later.
     <a href="consolidated.html#sa-10.1-017">10-1-017</a></p>
 

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Wed Apr 14 14:16:06 
2021        (r1790)
+++ html/trunk/blfs/advisories/consolidated.html        Wed Apr 14 14:29:29 
2021        (r1791)
@@ -82,17 +82,19 @@
     -->
     <a id="sa-10.1-027"/>
     <h4>10.1 027 Thunderbird  Updated: 2021-04-11  Severity: Moderate</h4>
-    <p>Three Vulnerabilities have been fixed in Thunderbird 78.9.1:
-
-    <a 
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991";>CVE-2021-23991</a>,
+    <p>Three security vulnerabilities were fixed in Thunderbird-78.9.1. All
+    three of them affect systems that have OpenPGP keys configured for
+    encrypted email. These vulnerabilities have been rated Moderate, and have
+    been assigned
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23991";>CVE-2021-23991</a>,
     <a 
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#MOZ-2021-23992";>MOZ-2021-23992</a>,
-    <a 
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993";>CVE-2021-23993</a>.</p>
-    <p>To fix these, update to the BLFS 20210411 git tarball
-    using the instructions at
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-23993";>CVE-2021-23993</a>.
+    Additional information can be found at
+    <a 
href="https://www.mozilla.org/en-US/security/advisories/msfa2021-13/";>MSFA2021-13</a>.</p>
+    <p>To fix these, update to the Thunderbird-78.9.1 using the instructions at
     <a href="../view/svn/xsoft/other/thunderbird.html">Thunderbird (sysv)</a>, 
or
     <a href="../view/systemd/xsoft/other/thunderbird.html">Thunderbird 
(systemd)</a>.</p>
 
-
     <a id="sa-10.1-026"/>
     <h4>10.1 026 QtWebEngine  Updated: 2021-04-09  Severity: High</h4>
     <p>Several CVEs (from Chromium) in QtWebEngine have been fixed in the
@@ -249,21 +251,23 @@
     <a href="../view/systemd/x/webkitgtk.html">WebKitGTK (systemd)</a>.</p>
 
     <a id="sa-10.1-017"/>
-    <h4>10.1 017 glib2   Date: 2021-03-29  Severity: Medium</h4>
+    <h4>10.1 017 glib2   Updated: 2021-04-14  Severity: High</h4>
     <p>In glib-2.66.8, a medium-severity security vulnerability was fixed
     that allowed a malicious archive to create files elsewhere in the 
filesystem
     via a symlink attack. The malicious archive may also be able to overwrite
     existing files when extracted with file-roller.
-    This vulnerability has been assigned
-    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-28153";>CVE-2021-28153</a>,
+    An additional vulnerability was fixed in glib-2.66.7, which has been rated 
+    High. This vulnerability allows for unintended length truncation on buffers
+    above 4GB in size on a 64-bit platform.
+    These vulnerabilities have been assigned
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-27218";>CVE-2021-27218</a> and
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-28153";>CVE-2021-28153</a>, and
     and additional information can be found at
     <a href="https://gitlab.gnome.org/GNOME/glib/-/issues/2325";>file-roller 
symlink attack (#2325)</a>.</p>
-    <p>To fix this vulnerability, update to glib-2.66.8 or later using the
+    <p>To fix these vulnerabilities, update to glib-2.66.8 or later using the
     instructions for
     <a href="../view/svn/general/glib2.html">glib (sysv)</a> or 
     <a href="../view/systemd/general/glib2.html">glib (systemd)</a>.</p>
-    <!-- When glib-2.68.0 goes in, we should probably adjust that to pull
-         from 10.1. -->
 
     <a id="sa-10.1-016"/>
     <h4>10.1 016 Samba   Date: 2021-03-28  Severity: High</h4>
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[website] r1791 - html/trunk/blfs/advisories

Reply via email to