Sun Aug 19 23:59:17 UTC 2018
a/e2fsprogs-1.44.4-x86_64-1.txz: Upgraded.
a/kernel-generic-4.14.65-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.65-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.65-x86_64-1.txz: Upgraded.
ap/jove-4.16.0.73-x86_64-6.txz: Rebuilt.
Fixed getline() namespace collision patch.
ap/sudo-1.8.24-x86_64-1.txz: Upgraded.
d/icecream-20180808-x86_64-1.txz: Upgraded.
Use sources from git, which avoids timeouts and hangs that have been
observed with version 1.1, and adds additional support for clang.
d/kernel-headers-4.14.65-x86-1.txz: Upgraded.
k/kernel-source-4.14.65-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
Sat Aug 18 02:09:51 UTC 2018
a/kernel-generic-4.14.64-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.64-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.64-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.64-x86-1.txz: Upgraded.
k/kernel-source-4.14.64-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
Fri Aug 17 16:52:04 UTC 2018
a/kernel-firmware-20180814_f1b95fe-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.63-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.63-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.63-x86_64-1.txz: Upgraded.
ap/jove-4.16.0.73-x86_64-5.txz: Rebuilt.
Avoid a namespace conflict with glibc's getline() function.
Increase some hardcoded buffer sizes.
Thanks to TTK.
ap/mariadb-10.3.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://mariadb.com/kb/en/mariadb-1039-release-notes/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
(* Security fix *)
d/kernel-headers-4.14.63-x86-1.txz: Upgraded.
k/kernel-source-4.14.63-noarch-1.txz: Upgraded.
EFI_VARS m -> y
EFI_VARS_PSTORE m -> y
+HOTPLUG_SMT y
l/expat-2.2.6-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p12-x86_64-1.txz: Upgraded.
This release improves on one security fix in ntpd:
LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
While fixed in ntp-4.2.8p7 and with significant additional protections for
this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in
the new noepeer support. Originally reported by Matt Van Gundy of Cisco.
Edge-case hole reported by Martin Burnicki of Meinberg.
And fixes another security issue in ntpq and ntpdc:
LOW: Sec 3505: The openhost() function used during command-line hostname
processing by ntpq and ntpdc can write beyond its buffer limit, which
could allow an attacker to achieve code execution or escalate to higher
privileges via a long string as the argument for an IPv4 or IPv6
command-line parameter. NOTE: It is unclear whether there are any common
situations in which ntpq or ntpdc is used with a command line from an
untrusted source. Reported by Fakhri Zulkifli.
For more information, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
(* Security fix *)
n/samba-4.8.4-x86_64-1.txz: Upgraded.
This is a security update in order to patch the following defects:
Weak authentication protocol allowed.
Denial of Service Attack on DNS and LDAP server.
Insufficient input validation on client directory listing in libsmbclient.
Denial of Service Attack on AD DC DRSUAPI server.
Confidential attribute disclosure from the AD LDAP server.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/security/CVE-2018-10919.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
(* Security fix *)
x/xf86-video-v4l-0.3.0-x86_64-1.txz: Upgraded.
x/xterm-335-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
Tue Aug 14 22:56:09 UTC 2018
a/kernel-firmware-20180814_fdd3468-noarch-1.txz: Upgraded.
a/openssl-solibs-1.1.0i-x86_64-1.txz: Upgraded.
d/strace-4.24-x86_64-1.txz: Upgraded.
l/harfbuzz-1.8.8-x86_64-1.txz: Upgraded.
n/iproute2-4.18.0-x86_64-1.txz: Upgraded.
n/openssl-1.1.0i-x86_64-1.txz: Upgraded.
This update fixes two low severity security issues:
Client DoS due to large DH parameter.
Cache timing vulnerability in RSA Key Generation.
For more information, see:
https://www.openssl.org/news/secadv/20180612.txt
https://www.openssl.org/news/secadv/20180416.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
(* Security fix *)
x/mesa-18.1.6-x86_64-1.txz: Upgraded.
xap/xscreensaver-5.40-x86_64-1.txz: Upgraded.
+--------------------------+
Tue Aug 14 00:10:54 UTC 2018
a/etc-15.0-x86_64-8.txz: Rebuilt.
/etc/passwd: Added icecc (UID 49).
/etc/group: Added icecc (GID 49).
a/pciutils-3.6.2-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-2.1-noarch-17.txz: Rebuilt.
rc.M: start rc.icecc-scheduler and rc.iceccd.
d/icecream-1.1-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger for the SBo reference build script.
n/libmbim-1.16.2-x86_64-1.txz: Upgraded.
n/libqmi-1.20.2-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.13-x86_64-1.txz: Upgraded.
x/xterm-334-x86_64-1.txz: Upgraded.
