Debian Stretch Openstack images changelog 9.8.3-20190409 Updates in 3 source package(s), 16 binary package(s): Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (232-25+deb9u11) stretch-security; urgency=high * pam-systemd: use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) systemd (232-25+deb9u10) stretch; urgency=medium * journald: fix assertion failure on journal_file_link_data (Closes: #916880) * tmpfiles: fix "e" to support shell style globs (Closes: #918400) * mount-util: accept that name_to_handle_at() might fail with EPERM. Container managers frequently block name_to_handle_at(), returning EACCES or EPERM when this is issued. Accept that, and simply fall back to fdinfo-based checks. (Closes: #917122) * automount: ack automount requests even when already mounted. Fixes a race condition in systemd which could result in automount requests not being serviced and processes using them to hang, causing denial of service. (CVE-2018-1049) * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) Fixes improper serialization on upgrade which can influence systemd execution environment and lead to root privilege escalation. (CVE-2018-15686, Closes: #912005) Source wget, binaries: wget:amd64 wget:arm64 wget (1.18-5+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389) Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2019a-0+deb9u1) stretch; urgency=medium * New upstream version, affecting the following past and future timestamps: - Palestine will not start DST until 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 at 02:00. -- Steve McIntyre <93sam@debian.org> Tue, 09 Apr 2019 11:30:58 +0100 9.8.2-20190303 Updates in 3 source package(s), 10 binary package(s): Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2r-1~deb9u1) stretch-security; urgency=medium [ Kurt Roeckx ] * New upstream version - Fixes CVE-2019-1559 [ Sebastian Andrzej Siewior ] * Use openssl.cnf from the build directory for the testsuite. Source linux, binaries: linux-image-4.9.0-8-amd64:amd64 linux-image-4.9.0-8-arm64:arm64 linux (4.9.144-3.1) stretch; urgency=high * Non-maintainer upload. * Fix boot breakage on 32-bit arm (closes: #922478). Thanks to Adrian Bunk for spotting the mistake. Source openssh, binaries: openssh-client:amd64 openssh-server:amd64 openssh-sftp-server:amd64 openssh-client:arm64 openssh-server:arm64 openssh-sftp-server:arm64 openssh (1:7.4p1-10+deb9u6) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream patch to make scp handle shell-style brace expansions when checking that filenames sent by the server match what the client requested (closes: #923486). -- Steve McIntyre <93sam@debian.org> Sun, 03 Mar 2019 17:03:55 +0000 9.8.1-20190220 Updates in 1 source package(s), 12 binary package(s): Source systemd, binaries: libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd:amd64 systemd-sysv:amd64 udev:amd64 libpam-systemd:arm64 libsystemd0:arm64 libudev1:arm64 systemd:arm64 systemd-sysv:arm64 udev:arm64 systemd (232-25+deb9u9) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit (CVE-2019-6454) * Allocate temporary strings to hold dbus paths on the heap (CVE-2019-6454) * sd-bus: if we receive an invalid dbus message, ignore and proceeed (CVE-2019-6454) -- Steve McIntyre <93sam@debian.org> Wed, 20 Feb 2019 18:07:46 +0000 9.8.0 First build for 9.8.0 release -- Steve McIntyre <93sam@debian.org> Sat, 16 Feb 2019 21:10:23 +0000