[TriLUG] TriLUG server has been updated for CVE-2014-0092

Bill Farrow bill at arrowsreach.com
Wed Mar 5 08:45:06 EST 2014 

The TriLUG server running Ubuntu 12.04 has been updated this morning
to fix the CVE-2014-0092 issue. Here is the changelog if anyone is
interested:

ssh pilot.trilug.org
sudo apt-get update
sudo apt-get dist-upgrade


Get:1 Changelog for libgnutls26
(http://changelogs.ubuntu.com/changelogs/pool/main/g/gnutls26/gnutls26_2.12.14-5ubuntu3.7/changelog)
[56.6 kB]
gnutls26 (2.12.14-5ubuntu3.7) precise-security; urgency=medium

  * SECURITY UPDATE: certificate validation bypass
    - debian/patches/CVE-2014-0092.patch: correct return codes in
      lib/x509/verify.c.
    - CVE-2014-0092

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Mon, 03 Mar 2014
14:16:13 -0500

Get:1 Changelog for php5-common
(http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.10/changelog)
[194 kB]
php5 (5.3.10-1ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 28 Feb 2014
14:55:00 -0500

Get:1 Changelog for python2.7-minimal
(http://changelogs.ubuntu.com/changelogs/pool/main/p/python2.7/python2.7_2.7.3-0ubuntu3.5/changelog)
[104 kB]
python2.7 (2.7.3-0ubuntu3.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in socket.recvfrom_into
    - debian/patches/CVE-2014-1912.diff: check buffer length in
      Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
    - CVE-2014-1912

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Thu, 27 Feb 2014
09:17:26 -0500

Get:1 Changelog for python3.2-minimal
(http://changelogs.ubuntu.com/changelogs/pool/main/p/python3.2/python3.2_3.2.3-0ubuntu3.6/changelog)
[88.8 kB]
python3.2 (3.2.3-0ubuntu3.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in socket.recvfrom_into
    - debian/patches/CVE-2014-1912.diff: check buffer length in
      Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
    - CVE-2014-1912

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Thu, 27 Feb 2014
14:28:16 -0500

Get:1 Changelog for linux-firmware
(http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-firmware/linux-firmware_1.79.10/changelog)
[27.7 kB]
linux-firmware (1.79.10) precise; urgency=low

  * iwlwifi: add firmware for 7260 / 3160 devices
    Support for linux v3.10+
    -LP: #1265550
  * linux-firmware: Add Brocade FC/FCOE Adapter firmware files
    linux-firmware: 3.2.3.0 Firmware for Brocade Adapters
    Support for linux v3.10+
    -LP: #1265551

 -- Tim Gardner <tim.gardner at canonical.com>  Thu, 02 Jan 2014 08:23:19 -0700

More information about the TriLUG mailing list