Debian Stretch Openstack images changelog 9.3.4-20180118 Updates in 2 source package(s), 6 binary package(s): Source libxml2, binaries: libxml2:amd64 libxml2:arm64 libxml2 (2.9.4+dfsg1-2.2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790) Source bind9, binaries: libdns-export162:amd64 libisc-export160:amd64 libdns-export162:arm64 libisc-export160:arm64 bind9 (1:9.10.3.dfsg.P4-12.3+deb9u4) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Addresses could be referenced after being freed in resolver.c, causing an assertion failure. (CVE-2017-3145) -- Steve McIntyre <93sam@debian.org> Fri, 05 Jan 2018 22:39:10 +0000 9.3.3-20180105 Updates in 1 source package(s), 2 binary package(s): Source linux-latest, binaries: linux-image-amd64:amd64 linux-image-arm64:arm64 linux-latest (80+deb9u3) stretch-security; urgency=high * Update to 4.9.0-5 (Main reason: KAISER/KPTI changes, see the linux-image-4.9.0-5-* changelog for more) -- Steve McIntyre <93sam@debian.org> Fri, 05 Jan 2018 22:39:10 +0000 9.3.2-20171224 Updates in 1 source package(s), 2 binary package(s): Source linux, binaries: linux-image-4.9.0-4-amd64:amd64 linux-image-4.9.0-4-arm64:arm64 linux (4.9.65-3+deb9u1) stretch-security; urgency=high * dccp: CVE-2017-8824: use-after-free in DCCP code * media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (CVE-2017-16538) * media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (CVE-2017-16538) * media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644) * bpf/verifier: Fix multiple security issues: - adjust insn_aux_data when patching insns - fix branch pruning logic - reject out-of-bounds stack pointer calculation - fix incorrect sign extension in check_alu_op() (CVE-2017-16995) - Fix states_equal() comparison of pointer and UNKNOWN * netfilter: nfnetlink_cthelper: Add missing permission checks (CVE-2017-17448) * netlink: Add netns check on taps (CVE-2017-17449) * netfilter: xt_osf: Add missing permission checks (CVE-2017-17450) * USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558) * net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712) * [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio (CVE-2017-17741) * crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805) * crypto: hmac - require that the underlying hash algorithm is unkeyed (CVE-2017-17806) * KEYS: add missing permission check for request_key() destination (CVE-2017-17807) * [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (CVE-2017-1000407) * bluetooth: Prevent stack info leak from the EFS element. (CVE-2017-1000410) -- Steve McIntyre <93sam@debian.org> Sun, 24 Dec 2017 17:59:42 +0000 9.3.1-20171223 Updates in 2 source package(s), 4 binary package(s): Source sensible-utils, binaries: sensible-utils:amd64 sensible-utils:arm64 sensible-utils (0.0.9+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Argument injection in sensible-browser (CVE-2017-17512) Thanks to Gabriel Corona (Closes: #881767) Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high * CVE-2017-3737 (Read/write after SSL object in error state) * Add a testcase for CVE-2017-3737 * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) -- Steve McIntyre <93sam@debian.org> Sat, 23 Dec 2017 13:56:09 +0000 9.3.0-20171209 First build for 9.3.0 release -- Steve McIntyre <93sam@debian.org> Sun, 10 Dec 2017 02:56:41 +0000