ChangeLog for: 2018-08-17 17:52:04
a/kernel-firmware-20180814_f1b95fe-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.63-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.63-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.63-x86_64-1.txz: Upgraded.
ap/jove-4.16.0.73-x86_64-5.txz: Rebuilt.
Avoid a namespace conflict with glibc's getline() function.
Increase some hardcoded buffer sizes.
Thanks to TTK.
ap/mariadb-10.3.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://mariadb.com/kb/en/mariadb-1039-release-notes/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
(* Security fix *)
d/kernel-headers-4.14.63-x86-1.txz: Upgraded.
k/kernel-source-4.14.63-noarch-1.txz: Upgraded.
l/expat-2.2.6-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p12-x86_64-1.txz: Upgraded.
This release improves on one security fix in ntpd:
LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
While fixed in ntp-4.2.8p7 and with significant additional protections for
this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
Edge-case hole reported by Martin Burnicki of Meinberg.
And fixes another security issue in ntpq and ntpdc:
LOW: Sec 3505: The openhost() function used during command-line hostname
processing by ntpq and ntpdc can write beyond its buffer limit, which
could allow an attacker to achieve code execution or escalate to higher
privileges via a long string as the argument for an IPv4 or IPv6
command-line parameter. NOTE: It is unclear whether there are any common
situations in which ntpq or ntpdc is used with a command line from an
untrusted source. Reported by Fakhri Zulkifli.
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
(* Security fix *)
n/samba-4.8.4-x86_64-1.txz: Upgraded.
This is a security update in order to patch the following defects:
Weak authentication protocol allowed.
Denial of Service Attack on DNS and LDAP server.
Insufficient input validation on client directory listing in libsmbclient.
Denial of Service Attack on AD DC DRSUAPI server.
Confidential attribute disclosure from the AD LDAP server.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/security/CVE-2018-10919.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
(* Security fix *)
x/xf86-video-v4l-0.3.0-x86_64-1.txz: Upgraded.
x/xterm-335-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.