Debian Stretch Openstack images changelog 9.4.7-20180709 Updates in 2 source package(s), 4 binary package(s): Source perl, binaries: perl-base:amd64 perl-base:arm64 perl (5.24.1-3+deb9u4) stretch-security; urgency=high * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability in Archive-Tar (Closes: #900834) Source libgcrypt20, binaries: libgcrypt20:amd64 libgcrypt20:arm64 libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * ecc: Add blinding for ECDSA (CVE-2018-0495) -- Steve McIntyre <93sam@debian.org> Mon, 09 Jul 2018 16:07:55 +0100 9.4.6-20180609 Updates in 3 source package(s), 12 binary package(s): Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high * CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x: CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch Closes: #886532, CVE-2017-5715 * multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch Closes: #892041, CVE-2018-7550 * vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch Closes: #887392, CVE-2018-5683 * osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch Closes: CVE-2017-18043 * virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch Closes: #883625, CVE-2017-17381 * ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch Closes: #882136, CVE-2017-16845 * cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch Closes: #880832, CVE-2017-15289 * io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch Closes: #880836, CVE-2017-15268 * nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch Closes: #883399, CVE-2017-15119 * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch Closes: #877890, CVE-2017-15038 * CVE-2017-15124 (VNC server unbounded memory usage) fixes: CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch Closes: #884806, CVE-2017-15124 Source gnupg2, binaries: gnupg:amd64 gnupg-agent:amd64 gpgv:amd64 gnupg:arm64 gnupg-agent:arm64 gpgv:arm64 gnupg2 (2.1.18-8~deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * gpg: Sanitize diagnostic with the original file name (CVE-2018-12020) Source procps, binaries: libprocps6:amd64 procps:amd64 libprocps6:arm64 procps:arm64 procps (2:3.3.12-3+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * top: Do not default to the cwd in configs_read(). (CVE-2018-1122) * ps/output.c: Fix outbuf overflows in pr_args() etc. (CVE-2018-1123) * proc/readproc.c: Fix bugs and overflows in file2strvec(). (CVE-2018-1124) * pgrep: Prevent a potential stack-based buffer overflow (CVE-2018-1125) * proc/alloc.*: Use size_t, not unsigned int. (CVE-2018-1126) -- Steve McIntyre <93sam@debian.org> Sat, 09 Jun 2018 22:55:03 +0100 9.4.5-20180513 Updates in 2 source package(s), 4 binary package(s): Source linux, binaries: linux-image-4.9.0-6-amd64:amd64 linux-image-4.9.0-6-arm64:arm64 linux (4.9.88-1+deb9u1) stretch-security; urgency=high [ Salvatore Bonaccorso ] * [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897) * [x86] kvm: fix icebp instruction handling (CVE-2018-1087) [ Ben Hutchings ] * Revert "random: fix crng_ready() test" (Closes: #897599), reopening CVE-2018-1108 Source wget, binaries: wget:amd64 wget:arm64 wget (1.18-5+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix cookie injection (CVE-2018-0494) (Closes: #898076) -- Steve McIntyre <93sam@debian.org> Sun, 13 May 2018 17:56:24 +0100 9.4.4-20180507 Updates in 2 source package(s), 4 binary package(s): Source linux, binaries: linux-image-4.9.0-6-amd64:amd64 linux-image-4.9.0-6-arm64:arm64 linux (4.9.88-1) stretch-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.83 - ext4: fix a race in the ext4 shutdown path - ext4: save error to disk in __ext4_grp_locked_error() - console/dummy: leave .con_font_get set to NULL - rtlwifi: rtl8821ae: Fix connection lost problem correctly - target/iscsi: avoid NULL dereference in CHAP auth error path - Btrfs: fix deadlock in run_delalloc_nocow - Btrfs: fix crash due to not cleaning up tree log block's dirty bits - Btrfs: fix extent state leak from tree log - Btrfs: fix unexpected -EEXIST when creating new inode - ALSA: seq: Fix racy pool initializations (CVE-2018-7566) - ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE - [s390] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls - [x86] x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (hardening for Spectre) - [x86] x86/speculation: Update Speculation Control microcode blacklist - [x86] x86/speculation: Correct Speculation Control microcode blacklist again - [x86] KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods - [x86] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs - vfs: don't do RCU lookup of empty pathnames - media: r820t: fix r820t_write_reg for KASAN https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.84 - cfg80211: check dev_set_name() return value - xfrm: skip policies marked as dead while rehashing - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. - xfrm: Fix stack-out-of-bounds read on socket policy lookup. - xfrm: check id proto in validate_tmpl() - sctp: set frag_point in sctp_setsockopt_maxseg correctly - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all - selinux: ensure the context is NUL terminated in security_context_to_sid_core() - [x86] KVM: x86: fix escape of guest dr6 to the host - netfilter: x_tables: fix int overflow in xt_alloc_table_info() - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() - netfilter: on sockopt() acquire sock lock only in the required scope - netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1() - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert - crypto: hash - prevent using keyed hashes without setting key - [arm*] ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune - net_sched: red: Avoid devision by zero - net_sched: red: Avoid illegal values - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree - 509: fix printing uninitialized stack memory when OID is empty - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved - clk: fix a panic error caused by accessing NULL pointer - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. - drm/armada: fix leak of crtc structure - [x86] mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep - [x86] x86/mm/kmmio: Fix mmiotrace for page unaligned addresses - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close - [powerpc*] powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL - [powerpc*] powerpc/64s: Simple RFI macro conversions - [powerpc*] powerpc/64s: Improve RFI L1-D cache flush fallback - crypto: talitos - fix Kernel Oops on hashing an empty file - ALSA: hda/ca0132 - fix possible NULL pointer use - [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.85 - netfilter: drop outermost socket lock in getsockopt() - X.509: fix BUG_ON() when hash algorithm is unsupported - PKCS#7: fix certificate chain verification - RDMA/uverbs: Protect from command mask overflow - iio: buffer: check if a buffer has been set up when poll is called - iio: adis_lib: Initialize trigger before requesting interrupt - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() - ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() - ]arm64] arm64: Disable unhandled signal log messages by default - Revert "usb: musb: host: don't start next rx urb if current one failed" - X.509: fix NULL dereference when restricting key with unsupported_sig - mm: avoid spurious 'bad pmd' warning messages - [x86] x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.86 - i2c: designware: must wait for enable - f2fs: fix a bug caused by NULL extent tree (CVE-2017-18193) - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM - mtd: nand: brcmnand: Zero bitflip is not an error - [arm*] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch - sget(): handle failures of register_shrinker() - drm/nouveau/pci: do a msi rearm on init - mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl - tipc: error path leak fixes in tipc_enable_bearer() - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path - tg3: Add workaround to restrict 5762 MRRS to 2048 - tg3: Enable PHY reset in MTU change path for 5720 - bnx2x: Improve reliability in case of nested PCI errors - IB/mlx5: Fix mlx5_ib_alloc_mr error flow - genirq: Guard handle_bad_irq log messages - IB/mlx4: Fix mlx4_ib_alloc_mr error flow - IB/ipoib: Fix race condition in neigh creation - xfs: quota: fix missed destroy of qi_tree_lock - xfs: quota: check result of register_shrinker() - macvlan: Fix one possible double free - e1000: fix disabling already-disabled warning - drm/ttm: check the return value of kzalloc - nl80211: Check for the required netlink attribute presence - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. - xen-netfront: enable device after manual module load - mdio-sun4i: Fix a memory leak - xen/gntdev: Fix off-by-one error when unmapping with holes - xen/gntdev: Fix partial gntdev_mmap() cleanup - sctp: make use of pre-calculated len - net: gianfar_ptp: move set_fipers() to spinlock protecting area https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87 - [x86] tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm: constify transmit data pointers - [x86] tpm-dev-common: Reject too short writes - ALSA: usb-audio: Add a quirck for B&W PX headphones - ALSA: hda: Add a power_save blacklist - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock - timers: Forward timer base before migrating timers - [hppa] parisc: Fix ordering of cache and TLB flushes - dax: fix vma_is_fsdax() helper - [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend - [x86] platform/intel-mid: Handle Intel Edison reboot correctly - media: m88ds3103: don't call a non-initalized function - nospec: Allow index argument to have const-qualified type - [armel,armhf] mvebu: Fix broken PL310_ERRATA_753970 selects - KVM: mmu: Fix overlap between public and private memslots - [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL - [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() - PCI/ASPM: Deal with missing root ports in link state handling - dm io: fix duplicate bio completion due to missing ref count - [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux - [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux - [x86] mm: Give each mm TLB flush generation a unique ID - [x86] speculation: Use Indirect Branch Prediction Barrier in context switch - md: only allow remove_and_add_spares when no sync_thread running. - netlink: put module reference if dump start fails - [x86] apic/vector: Handle legacy irq data correctly - bridge: check brport attr show in brport_show - fib_semantics: Don't match route with mismatching tclassid - hdlc_ppp: carrier detect ok, don't turn off negotiation - ipv6 sit: work around bogus gcc-8 -Wrestrict warning - net: fix race on decreasing number of TX queues - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68 - netlink: ensure to loop over all netns in genlmsg_multicast_allns() - ppp: prevent unregistered channels from connecting to PPP units - udplite: fix partial checksum initialization - sctp: fix dst refcnt leak in sctp_v4_get_dst - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT - tcp: Honor the eor bit in tcp_mtu_probe - rxrpc: Fix send in rxrpc_send_data_packet() - tcp_bbr: better deal with suboptimal GSO - sctp: fix dst refcnt leak in sctp_v6_get_dst() - [s390x] qeth: fix underestimated count of buffer elements - [s390x] qeth: fix SETIP command handling - [s390x] qeth: fix overestimated count of buffer elements - [s390x] qeth: fix IP removal on offline cards - [s390x] qeth: fix double-free on IP add/remove race - [s390x] qeth: fix IP address lookup for L3 devices - [s390x] qeth: fix IPA command submission race - sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803) - net: mpls: Pull common label check into helper - mpls, nospec: Sanitize array index in mpls_label_ok() - bpf: fix wrong exposure of map_flags into fdinfo for lpm - bpf: fix mlock precharge on arraymaps - bpf, x64: implement retpoline for tail call - bpf, arm64: fix out of bounds access in tail call - bpf: add schedule points in percpu arrays management - bpf, ppc64: fix out of bounds access in tail call - btrfs: preserve i_mode if __btrfs_set_acl() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88 - RDMA/ucma: Limit possible option size - RDMA/ucma: Check that user doesn't overflow QP state - RDMA/mlx5: Fix integer overflow while resizing CQ - [x86] drm/i915: Try EDID bitbanging on HDMI after failed read - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS - [x86] drm/i915: Always call to intel_display_set_init_power() in resume_early. - workqueue: Allow retrieval of current task's work struct - drm: Allow determining if current task is output poll worker - drm/nouveau: Fix deadlock on runtime suspend - drm/radeon: Fix deadlock on runtime suspend - drm/amdgpu: Fix deadlock on runtime suspend - drm/amdgpu: Notify sbios device ready before send request - drm/radeon: fix KV harvesting - drm/amdgpu: fix KV harvesting - drm/amdgpu:Correct max uvd handles - drm/amdgpu:Always save uvd vcpu_bo in VM Mode - [mips*/octeon] irq: Check for null return on kzalloc allocation - loop: Fix lost writes caused by missing flag - virtio_ring: fix num_free handling in error case - [s390x] KVM: fix memory overwrites when not using SCA entries - kbuild: Handle builtin dtb file names containing hyphens - IB/mlx5: Fix incorrect size of klms in the memory region - bcache: fix crashes in duplicate cache device register - bcache: don't attach backing with duplicate UUID - [x86] MCE: Serialize sysfs changes (CVE-2018-7995) - perf tools: Fix trigger class trigger_on() - [x86] spectre_v2: Don't check microcode versions when running under hypervisors - ALSA: hda/realtek: Limit mic boost on T480 - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 - ALSA: seq: Don't allow resizing pool in use - ALSA: seq: More protection for concurrent write and ioctl races - ALSA: hda: add dock and led support for HP EliteBook 820 G3 - ALSA: hda: add dock and led support for HP ProBook 640 G2 - nospec: Kill array_index_nospec_mask_check() - nospec: Include dependency - Revert "x86/retpoline: Simplify vmexit_fill_RSB()" - [x86] speculation: Use IBRS if available before calling into firmware - [x86] retpoline: Support retpoline builds with Clang - [x86] speculation, objtool: Annotate indirect calls/jumps for objtool - [x86] boot, objtool: Annotate indirect jump in secondary_startup_64() - [x86] speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - [x86] paravirt, objtool: Annotate indirect calls - watchdog: hpwdt: SMBIOS check - watchdog: hpwdt: Check source of NMI - watchdog: hpwdt: fix unused variable warning - watchdog: hpwdt: Remove legacy NMI sourcing. - [armhf] omap2: hide omap3_save_secure_ram on non-OMAP3 builds - Input: tca8418_keypad - remove double read of key event register - tc358743: fix register i2c_rd/wr function fix - netfilter: add back stackpointer size checks (CVE-2018-1065) - netfilter: x_tables: fix missing timer initialization in xt_LED - netfilter: nat: cope with negative port range - netfilter: IDLETIMER: be syzkaller friendly - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (CVE-2018-1068) - netfilter: bridge: ebt_among: add missing match size checks - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt - netfilter: x_tables: pass xt_counters struct instead of packet counter - netfilter: x_tables: pass xt_counters struct to counter allocator - netfilter: x_tables: pack percpu counter allocations - ext4: inplace xattr block update fails to deduplicate blocks - ubi: Fix race condition between ubi volume creation and udev - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport - NFS: Fix an incorrect type in struct nfs_direct_req - NFS: Fix unstable write completion - [x86] module: Detect and skip invalid relocations - [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32 - serial: sh-sci: prevent lockup on full TTY buffers - tty/serial: atmel: add new version check for usart - uas: fix comparison for error code - [x86] staging: comedi: fix comedi_nsamples_left. - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h - usbip: vudc: fix null pointer dereference on udc->lock - usb: quirks: add control message delay for 1b1c:1b20 - usb: usbmon: Read text within supplied buffer size - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device - serial: core: mark port as initialized in autoconfig - earlycon: add reg-offset to physical address before mapping - PCI: dwc: Fix enumeration end when reaching root subordinate [Yves-Alexis Perez] * [powerpc*] drop RFI patches, now included upstream [ Salvatore Bonaccorso ] * [rt] Refresh 0001-timer-make-the-base-lock-raw.patch context * [rt] Update to 4.9.84-rt62 * blkcg: fix double free of new_blkg in blkcg_init_queue (CVE-2018-7480) * CIFS: Enable encryption during session setup phase (CVE-2018-1066) * staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822) * [arm64] net: hns: Fix a skb used after free bug (CVE-2017-18218) * media: usbtv: prevent double free in error case (CVE-2017-17975) * [arm64] net: hns: fix ethtool_get_strings overflow in hns driver * [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222) * scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757) * ext4: add validity checks for bitmap block numbers (CVE-2018-1093) * ext4: fix bitmap position validation * ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092) * random: fix crng_ready() test (CVE-2018-1108) * random: set up the NUMA crng instances after the CRNG is fully initialized * random: crng_reseed() should lock the crng instance that it is modifying * random: fix possible sleeping allocation from irq context * perf/hwbp: Simplify the perf-hwbp code, fix documentation (CVE-2018-1000199) [ Ben Hutchings ] * [x86] Revert "x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping" to avoid an ABI change * [x86] mm: Avoid ABI change for addition of ctx_id * [x86] cpu: Avoid ABI change in 4.9.83 * crypto: hash: Avoid ABI change in 4.9.84 * fs: Avoid ABI change in 4.9.85 * [x86] nospec: Ignore ABI change for removal of __clear_rsb and __fill_rsb, previously exported for use by KVM * [x86] Ignore ABI change for cpu_tlbstate, apparently not used externally * jbd2: Ignore ABI changes * tpm_tis: Ignore ABI changes * ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (CVE-2017-18216) * ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224) * f2fs: fix a panic caused by NULL flush_cmd_control (CVE-2017-18241) * f2fs: fix a dead loop in f2fs_fiemap() (CVE-2017-18257) * mm/hugetlb.c: don't call region_abort if region_chg fails * hugetlbfs: fix offset overflow in hugetlbfs mmap * hugetlbfs: check for pgoff value overflow (CVE-2018-7740) * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087) * drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781) * xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323) * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security with a simple revision Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2018e-0+deb9u1) stretch; urgency=medium [ Aurelien Jarno ] * New upstream version, affecting the following future timestamp: - North Korea switches back to +09 on 2018-05-05. -- Steve McIntyre <93sam@debian.org> Mon, 07 May 2018 23:30:48 +0100 9.4.3-20180416 Updates in 2 source package(s), 4 binary package(s): Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2018d-0+deb9u1) stretch; urgency=medium * New upstream version. Main change: Palestine starts DST a week earlier in 2018 Source perl, binaries: perl-base:amd64 perl-base:arm64 perl (5.24.1-3+deb9u3) stretch-security; urgency=high * [SECURITY] CVE-2018-6797: buffer overflow related to regex unicode semantics. * [SECURITY] CVE-2018-6798: heap buffer overflow when matching malformed UTF-8 characters. * [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks. -- Steve McIntyre <93sam@debian.org> Mon, 16 Apr 2018 23:50:18 +0100 9.4.2-20180330 Updates in 3 source package(s), 18 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) * CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC) * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) * Add patches to pass the testsuite: - Fix-a-Proxy-race-condition.patch - Fix-race-condition-in-TLSProxy.patch Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (232-25+deb9u3) stretch; urgency=medium [ Cyril Brulebois ] * networkd-ndisc: Handle missing mtu gracefully. The previous upload made networkd respect the MTU field in IPv6 RA but unfortunately broke setups where there's no such field. (Closes: #892794) Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2l-2+deb9u3) stretch-security; urgency=high * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) -- Steve McIntyre <93sam@debian.org> Fri, 30 Mar 2018 18:09:52 +0100 9.4.1-20180325 Updates in 2 source package(s), 18 binary package(s): Source util-linux, binaries: bsdutils:amd64 libblkid1:amd64 libfdisk1:amd64 libmount1:amd64 libsmartcols1:amd64 libuuid1:amd64 mount:amd64 util-linux:amd64 bsdutils:arm64 libblkid1:arm64 libfdisk1:arm64 libmount1:arm64 libsmartcols1:arm64 libuuid1:arm64 mount:arm64 util-linux:arm64 util-linux (2.29.2-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * bash-completion: (umount) use findmnt, escape a space in paths (CVE-2018-7738) (Closes: #892179) Source icu, binaries: libicu57:amd64 libicu57:arm64 icu (57.1-6+deb9u2) stretch-security; urgency=high * Backport upstream security fix for CVE-2017-15422: Persian calendar integer overflow (closes: #892766). -- Steve McIntyre <93sam@debian.org> Mon, 26 Mar 2018 12:45:08 +0100 9.4.0-20180310 First build for 9.4.0 release -- Steve McIntyre <93sam@debian.org> Sun, 11 Mar 2018 00:25:26 +0000