ChangeLog for: 2017-06-29 21:55:09
a/mkinitrd-1.4.10-x86_64-1.txz: Upgraded.
Added support for -P option and MICROCODE_ARCH in mkinitrd.conf to specify
a microcode archive to be prepended to the initrd for early CPU microcode
patching by the kernel. Thanks to SeB.
ap/nano-2.8.5-x86_64-1.txz: Upgraded.
ap/screen-4.6.0-x86_64-1.txz: Upgraded.
d/llvm-4.0.1-x86_64-1.txz: Upgraded.
l/pcre-8.40-x86_64-1.txz: Upgraded.
l/readline-7.0.003-x86_64-1.txz: Upgraded.
n/bind-9.11.1_P2-x86_64-1.txz: Upgraded.
This update fixes a high severity security issue:
An error in TSIG handling could permit unauthorized zone transfers
or zone updates.
For more information, see:
https://kb.isc.org/article/AA-01503/0
https://kb.isc.org/article/AA-01504/0
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143
(* Security fix *)
n/httpd-2.4.26-x86_64-1.txz: Upgraded.
This update fixes security issues which may lead to an authentication bypass
or a denial of service:
important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167
important: mod_ssl Null Pointer Dereference CVE-2017-3169
important: mod_http2 Null Pointer Dereference CVE-2017-7659
important: ap_find_token() Buffer Overread CVE-2017-7668
important: mod_mime Buffer Overread CVE-2017-7679
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
(* Security fix *)
n/libgcrypt-1.7.8-x86_64-1.txz: Upgraded.
Mitigate a local flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster".
For more information, see:
https://eprint.iacr.org/2017/627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
(* Security fix *)
xfce/xfdesktop-4.12.4-x86_64-1.txz: Upgraded.