Closed grahamc closed 7 years ago
This one took under an hour :)
openvpn:
UPDATE, oh I was to slow :)
Thanks, @Mic92! 16.03 has 2.3.10? we should probably backport that. Would you like to do the honors?
Upgrade straight to 2.3.12? There were mostly bug fixes in this version.
@grahamc, do you know if there is an RSS/Atom feed for the LWN vulnerabilities? I couldn't find one.
@aneeshusa I don't think there is one. if you want to chat more, I'd rather talk about it over IRC? gchristensen
@Mic92 yep, straight to 2.3.12.
Here are all the vulnerabilities from https://lwn.net/Vulnerabilities since our last hunt.
Notes on the list
Instructions:
details
block below.Without further ado...
Assorted (26 issues)
#701931
(search, files) mozilla: denial of service#647618
(search, files) python-tornado: side-channel attack#679619
(search, files) OpenVPN: multiple vulnerabilities#701926
(search, files) qemu: multiple vulnerabilities#701920
(search, files) mactelnet: code execution#701727
(search, files) wordpress: multiple vulnerabilities#701931
(search, files) mozilla: denial of service#684319
(search, files) systemd: two vulnerabilities#701999
(search, files) python-django: cross-site request forgery#702118
(search, files) bind: denial of service#701923
(search, files) bash: code execution#701921
(search, files) policycoreutils: sandbox escape#616041
(search, files) rubygem-bundler: installs malicious gem files#633546
(search, files) cups: buffer overflow#701739
(search, files) shiro: access control bypass#701734
(search, files) openvas-libraries: multiple vulnerabilities#675696
(search, files) nghttp2: denial of service#680462
(search, files) putty: code execution#701735
(search, files) openvas-scanner: denial of service#676795
(search, files) poco: SSL server spoofing#701917
(search, files) imagemagick: code execution#683853
(search, files) postgresql: two vulnerabilities#701918
(search, files) dwarfutils: two vulnerabilities#698651
(search, files) borgbackup: directory traversal#680795
(search, files) proftpd: weak key usage#701997
(search, files) wireshark: denial of servicefreerdp (2 issues) Note: triage indicates Gentoo is running 1.1.0 beta? 1.0.2 doesn't seem to have a fix.
#702121
(search, files) freerdp: denial of service#604034
(search, files) freerdp: two vulnerabilitiesopenssl (2 issues)
#702000
(search, files) openssl: denial of service#701729
(search, files) openssl: multiple vulnerabilities