Debian Jessie Openstack images changelog

8.9.8-20171105

Updates in 1 source package(s), 2 binary package(s):

  Source openssl, binaries: libssl1.0.0:amd64 openssl:amd64  
  openssl (1.0.1t-1+deb8u7) jessie-security; urgency=medium
  
    * Fix CVE-2017-3735.patch

-- Steve McIntyre <93sam@debian.org>  Sun, 05 Nov 2017 21:45:26 +0000

8.9.7-20171030

Updates in 2 source package(s), 2 binary package(s):

  Source tzdata, binaries: tzdata:amd64  
  tzdata (2017c-0+deb8u1) jessie; urgency=medium
  
    * New upstream version, affecting the following future timestamp:
      - Northern Cyprus resumed EU rules starting 2017-10-29.
      - Namibia will switch from +01 with DST to +02 all year, affecting
        UT offsets starting 2018-04-01.
      - Sudan will switch from +03 to +02 on 2017-11-01.
      - Tonga will not observe DST on 2017-11-05.
      - Turks & Caicos will switch from -04 all year to -05 with US DST,
        affecting UT offset starting 2018-11-04.

  Source wget, binaries: wget:amd64  
  wget (1.16-1+deb8u4) jessie-security; urgency=medium
  
    * CVE-2017-13089 / CVE-2017-13090

-- Steve McIntyre <93sam@debian.org>  Mon, 30 Oct 2017 21:45:54 +0000

8.9.6-20170921

Updates in 2 source package(s), 2 binary package(s):

  Source perl, binaries: perl-base:amd64  
  perl (5.20.2-3+deb8u9) jessie-security; urgency=high
  
    * Update upstream base.pm no-dot-in-inc fix patch description.
    * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
      expression compiler. (Closes: #875596)
    * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
      expression parser.   (Closes: #875597)
      + also includes a separate upstream fix from the 5.23 cycle

  Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
  linux (3.16.43-2+deb8u5) jessie-security; urgency=medium
  
    * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
  
  linux (3.16.43-2+deb8u4) jessie-security; urgency=high
  
    * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
    * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
      CVE-2017-1000371)
    * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
    * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
      (CVE-2017-1000380)
    * timerfd: Protect the might cancel mechanism proper (CVE-2017-10661)
    * xfrm: policy: check policy direction value (CVE-2017-11600)
    * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
    * ipv6: Should use consistent conditional judgement for ip6 fragment
      between __ip6_append_data and ip6_finish_output
    * udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
    * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
    * nl80211: check for the required netlink attributes presence (CVE-2017-12153)
    * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
    * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
    * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
    * Sanitize 'move_pages()' permission checks (CVE-2017-14140)
    * video: fbdev: aty: do not leak uninitialized padding in clk to userspace
      (CVE-2017-14156)
    * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
      (CVE-2017-14340)
    * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
      (CVE-2017-14489)
    * Bluetooth: Properly check L2CAP config option output buffer length
      (CVE-2017-1000251) (Closes: #875881)

-- Steve McIntyre <93sam@debian.org>  Thu, 21 Sep 2017 21:05:31 +0100

8.9.5-20170910

Updates in 1 source package(s), 4 binary package(s):

  Source bind9, binaries: libdns-export100:amd64 libirs-export91:amd64 libisc-export95:amd64 libisccfg-export90:amd64  
  bind9 (1:9.9.5.dfsg-9+deb8u14) jessie; urgency=high
  
    [ Bernhard Schmidt ]
    * Import upcoming DNSSEC KSK-2017 from 9.10.5
  
    [ Ondřej Surý ]
    * Non-maintainer upload.

-- Steve McIntyre <93sam@debian.org>  Sun, 10 Sep 2017 23:35:59 +0100

8.9.4-20170903

Updates in 1 source package(s), 2 binary package(s):

  Source gnupg, binaries: gnupg:amd64 gpgv:amd64  
  gnupg (1.4.18-7+deb8u4) jessie-security; urgency=high
  
    * Backport fixes for CVE-2017-7526 from STABLE-BRANCH-1-4 branch

-- Steve McIntyre <93sam@debian.org>  Sun, 03 Sep 2017 08:48:29 +0100

8.9.3-20170825

Updates in 1 source package(s), 1 binary package(s):

  Source libxml2, binaries: libxml2:amd64  
  libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
      Incorrect limit was used for port values. (Closes: #870865)
    * Prevent unwanted external entity reference (CVE-2017-7375)
      Missing validation for external entities in xmlParsePEReference.
      (Closes: #870867)
    * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
      - Heap-based buffer over-read in function xmlDictComputeFastKey
        (CVE-2017-9049).
      - Heap-based buffer over-read in function xmlDictAddString
        (CVE-2017-9050).
      (Closes: #863019, #863018)
    * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
      CVE-2017-9048)
      - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
      - Stack-based buffer overflow in function xmlSnprintfElementContent
        (CVE-2017-9048).
      (Closes: #863022, #863021)
    * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
      Heap buffer overflow in xmlAddID. (Closes: #870870)

-- Steve McIntyre <93sam@debian.org>  Fri, 25 Aug 2017 18:19:34 +0100

8.9.2-20170822

Updates in 1 source package(s), 1 binary package(s):

  Source linux, binaries: linux-image-3.16.0-4-amd64:amd64  
  linux (3.16.43-2+deb8u3) jessie-security; urgency=high
  
    * regulator: core: Fix regualtor_ena_gpio_free not to access pin after
      freeing (CVE-2014-9940)
    * [x86] drm/vmwgfx: limit the number of mip levels in
      vmw_gb_surface_define_ioctl() (CVE-2017-7346)
    * rxrpc: Fix several cases where a padded len isn't checked in ticket decode
      (CVE-2017-7482)
    * brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
      (CVE-2017-7541)
    * ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
    * [x86] mm: Tighten x86 /dev/mem with zeroing reads (CVE-2017-7889)
    * [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
    * xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
    * mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
    * char: lp: fix possible integer overflow in lp_setup() (CVE-2017-1000363)
    * fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
  
    [ Ben Hutchings ]
    * dentry name snapshots (CVE-2017-7533)

-- Steve McIntyre <93sam@debian.org>  Wed, 23 Aug 2017 02:01:34 +0100

8.9.1-20170725

Updates in 1 source package(s), 4 binary package(s):

  Source bind9, binaries: libdns-export100:amd64 libirs-export91:amd64 libisc-export95:amd64 libisccfg-export90:amd64  
  bind9 (1:9.9.5.dfsg-9+deb8u13) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Add patch to fix regression introduced by patch for CVE-2017-3042.
                                                                  closes: #868952

-- Steve McIntyre <93sam@debian.org>  Tue, 25 Jul 2017 13:48:20 +0100

8.9.0-20170723

  First build for 8.9.0 point release

-- Steve McIntyre <93sam@debian.org>  Sun, 23 Jul 2017 16:12:05 +0100