Debian Stretch Openstack images changelog 9.5.5-20181004 Updates in 1 source package(s), 2 binary package(s): Source linux, binaries: linux-image-4.9.0-8-amd64:amd64 linux-image-4.9.0-8-arm64:arm64 linux (4.9.110-3+deb9u5) stretch-security; urgency=high [ Salvatore Bonaccorso ] * irda: Fix memory leak caused by repeated binds of irda socket (CVE-2018-6554) * irda: Only insert new objects into the global database via setsockopt (CVE-2018-6555) * mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) * floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (CVE-2018-7755) * Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) * ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) * scsi: target: iscsi: Use hex2bin instead of a re-implementation (CVE-2018-14633) * [x86] entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678) * infiniband: fix a possible use-after-free bug (CVE-2018-14734) * [x86] speculation: Protect against userspace-userspace spectreRSB (CVE-2018-15572) * [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) [ Ben Hutchings ] * mm: Avoid ABI change for CVE-2018-17182 fix * HID: debug: check length before copy_to_user() (CVE-2018-9516) * Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) * f2fs: fix to do sanity check with reserved blkaddr of inline inode (CVE-2018-13099) * btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (CVE-2018-14609) * hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617) * USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) * cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658) -- Steve McIntyre <93sam@debian.org> Thu, 04 Oct 2018 22:29:37 +0100 9.5.4-20180929 Updates in 2 source package(s), 16 binary package(s): Source python3.5, binaries: libpython3.5-minimal:amd64 libpython3.5-stdlib:amd64 python3.5:amd64 python3.5-minimal:amd64 libpython3.5-minimal:arm64 libpython3.5-stdlib:arm64 python3.5:arm64 python3.5-minimal:arm64 python3.5 (3.5.3-1+deb9u1) stretch-security; urgency=medium * CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 Source python2.7, binaries: libpython2.7-minimal:amd64 libpython2.7-stdlib:amd64 python2.7:amd64 python2.7-minimal:amd64 libpython2.7-minimal:arm64 libpython2.7-stdlib:arm64 python2.7:arm64 python2.7-minimal:arm64 python2.7 (2.7.13-2+deb9u3) stretch-security; urgency=medium * CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647 -- Steve McIntyre <93sam@debian.org> Sun, 30 Sep 2018 20:39:56 +0100 9.5.3-20180831 Updates in 3 source package(s), 10 binary package(s): Source openssh, binaries: openssh-client:amd64 openssh-server:amd64 openssh-sftp-server:amd64 openssh-client:arm64 openssh-server:arm64 openssh-sftp-server:arm64 openssh (1:7.4p1-10+deb9u4) stretch-security; urgency=high * Non-maintainer upload by the Security Team * CVE-2018-15473: fix username enumeration issue, initially reported by Dariusz Tytko and Michal Sajdak (Closes: #906236) Source linux-latest, binaries: linux-image-amd64:amd64 linux-image-arm64:arm64 linux-latest (80+deb9u6) stretch-security; urgency=high * Lots of kernel updates - see the linux-image-4.9.0-8-* packages for more details. Source linux, binaries: linux-image-4.9.0-7-amd64:amd64 linux-image-4.9.0-7-arm64:arm64 linux (4.9.110-3+deb9u2) stretch-security; urgency=high * Revert "net: increase fragment memory usage limits" -- Steve McIntyre <93sam@debian.org> Fri, 31 Aug 2018 17:28:23 +0100 9.5.2-20180809 Updates in 1 source package(s), 2 binary package(s): Source linux, binaries: linux-image-4.9.0-7-amd64:amd64 linux-image-4.9.0-7-arm64:arm64 linux (4.9.110-3+deb9u1) stretch-security; urgency=high [ Romain Perier ] * fs: Fix up non-directory creation in SGID directories (CVE-2018-13405) [ Salvatore Bonaccorso ] * tcp: free batches of packets in tcp_prune_ofo_queue() * tcp: avoid collapses in tcp_prune_queue() if possible * tcp: detect malicious patterns in tcp_collapse_ofo_queue() * tcp: call tcp_drop() from tcp_data_queue_ofo() linux (4.9.110-3) stretch; urgency=medium [ Salvatore Bonaccorso ] * cdc_ncm: avoid padding beyond end of skb (Closes: #893393) * Revert "sit: reload iphdr in ipip6_rcv" (Closes: #903776) linux (4.9.110-2) stretch; urgency=medium [ Cyril Brulebois ] * udeb: Add virtio_console to virtio-modules (Closes: #903122). [ Ben Hutchings ] * [x86] xen: Fix boot regression in PV domains (Closes: #903767): - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read * ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Closes: #903838) * xen-netfront: Fix regressions in 4.9.104 (Closes: #903914): - Fix mismatched rtnl_unlock - Update features after registering netdev -- Steve McIntyre <93sam@debian.org> Thu, 09 Aug 2018 15:49:59 +0100 9.5.1-20180729 Update to using new version of the build-openstack-debian-image script Updates in 1 source package(s), 2 binary package(s): Source fuse, binaries: libfuse2:amd64 libfuse2:arm64 fuse (2.9.7-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Restriction bypass of the "allow_other" option when SELinux is active (CVE-2018-10906) (Closes: #904439) -- Steve McIntyre <93sam@debian.org> Sun, 29 Jul 2018 13:57:22 +0800 9.5.0-20180714 First build for 9.5.0 release -- Steve McIntyre <93sam@debian.org> Sat, 14 Jul 2018 19:00:53 +0100