Closed grahamc closed 7 years ago
I've got a jasper update in the works. Checking to see if 2.0.6 is BC with 1.900.x or not.
kernel: #708869 (search, files) kernel: denial of service
This needs a patch from https://bugzilla.kernel.org/show_bug.cgi?id=189851 I am not home, so I can't do it until late tonight.
All the other kernel vulns are covered by the kernel versions we have.
Thank you, @NeQuissimus, I'll apply that patch.
Let's also mention #21135 (firefox: 50.0.2 -> 50.1.0, firefox-esr: 45.5.1esr -> 45.6.0esr) in here, even though I don't see it on the list.
Good idea, https://github.com/NixOS/nixpkgs/pull/21134 (firefox-bin: 50.0.2 -> 50.1.0) too.
Hung up on https://github.com/NixOS/nixpkgs/issues/21145 which is blocking channels from moving forward.
Xen and SystemD are good.
Looks like unzip
needs both the CVEs patched
I am going to send a PR for subversion
once it has built on my machine.
It's a straight forward update.
@domenkozar are you available to look in to upgrading our openstack components?
Actually, @NeQuissimus, can you apply that kernel patch?
@makefu can you look in to updating XStatic-jquery-ui?
@grahamc ^
Thank you!
I started looking at atomic-openshift
. Both code and files searches failed to show any results. Past roundups mentioned atomic-openshift
a few times, but I couldn't locate the corresponding commits/patches that fixed it.
The derivations for openshift
and rhc
are both simple. Should I be looking at their commits to see if the fixes have been included? Are they the right repos? How do I find out the corresponding repo and package, in general?
Pointers? How do I proceed?
oh I don't think we have Atomic, and the one that says cinder
is also for glance
which we do have: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/openstack/glance.nix.
Updating openstack is quite some work as you need to bump all components. It's better to look into patching existing versions, if they're still supported upstream.
@bachp can you make that PR?
@NeQuissimus bump on that kernel patch. Can you do it?
I think my patches to release 16.09 are bad... will investigate in a few hours.
I think my patches were good, but the nix / hydra issues are hurting us again.
@grahamc I might find some time to do it this weekend.
I bumped the kernels just now
@grahamc PR created #21216
@bachp: Excellent, thank you!
@NeQuissimus Looks great, thank you!
@domenkozar That is part of what I feared, touching Openstack in general spooks me. It looks like there are patch releases within these major releases, 11.0.0 -> 11.0.2... 7.0.0 -> 7.0.2. Are these safe, do you think? Do they all need to go up in lock-step for these patch releases.
Minor bumps would work, but it's quite some python packages to update (sorry, I don't have time now).
Here are all the vulnerabilities from https://lwn.net/Vulnerabilities since our last roundup.
cc: @NeQuissimus @vcunat @joachifm.
Note: The list of people CC'd on this issue participated in the last roundup. If you participate on this roundup, I'll cc you on the next one. If you don't participate in the next one, you won't be CC'd on the one after that. If you would like to be CC'd on the next roundup, add a comment to the most recent vulnerability roundup. If you would like to be CC'd on all roundups, leave a comment and tell @grahamc so.
Permanent CC's: @joepie91, @phanimahesh, @NixOS/security-notifications (if you no longer want to be CC'd, ask to be removed from this list)
Notes on the list
Instructions:
details
block below.Upon Completion ...
reformat
one last timeWithout further ado...
Assorted (36 issues)
#708522
(search, files) atomic-openshift: information disclosure#708996
(search, files) golang: denial of service#708652
(search, files) python-XStatic-jquery-ui: cross-site scripting#709009
(search, files) zabbix: two vulnerabilities#708876
(search, files) perl-DBD-MySQL: use after free#708883
(search, files) subversion: denial of service#708995
(search, files) unzip: buffer overflows#709007
(search, files) webkit-gtk: multiple vulnerabilities#708524
(search, files) gst-plugins-bad: code execution#708525
(search, files) gst-plugins-base: code execution#708873
(search, files) gstreamer-plugins-bad-free: two vulnerabilities#708657
(search, files) httpd: denial of service#708871
(search, files) libgsf: denial of service#595998
(search, files) libmms: code execution#708359
(search, files) mapserver: information leak#708363
(search, files) mingw-nsis: DLL hijacking#708528
(search, files) openjpeg: code execution#708875
(search, files) openjpeg2: denial of service#588035
(search, files) xstream: code execution#708523
(search, files) openstack-cinder, openstack-glance: denial of service#629686
(search, files) coreutils: code execution#595046
(search, files) elfutils: code execution#662905
(search, files) exfat-utils: two vulnerabilities#708523
(search, files) openstack-cinder, openstack-glance: denial of service#708365
(search, files) pecl-http: code execution#709010
(search, files) php: unknown#708527
(search, files) php-php-gettext: code execution#708997
(search, files) php-simplesamlphp-saml2: incorrect signature verification#708993
(search, files) php5: multiple vulnerabilities#658600
(search, files) pixman: buffer overflow#664215
(search, files) powerdns: denial of service#708655
(search, files) roundcube: code execution#627589
(search, files) sox: code execution#708656
(search, files) spip: cross-site scripting#708529
(search, files) sqlite: code execution#529991
(search, files) squashfs-tools: two code execution flawsjasper (2 issues)
#708870
(search, files) jasper: buffer overflow#708654
(search, files) jasper: multiple vulnerabilitieskernel (8 issues)
#708869
(search, files) kernel: denial of service#708367
(search, files) kernel: two vulnerabilities#708530
(search, files) kernel: two vulnerabilities#708659
(search, files) kernel: multiple vulnerabilities#708532
(search, files) kernel: two vulnerabilities#708531
(search, files) kernel: multiple vulnerabilities#708884
(search, files) kernel: privilege escalation#708874
(search, files) kernel: two vulnerabilitiessystemd (2 issues)
#709006
(search, files) systemd: denial of service#570330
(search, files) systemd: multiple vulnerabilitiesxen (2 issues)
#708886
(search, files) xen: information disclosure#708533
(search, files) xen: privilege escalation