Debian Jessie Openstack images changelog 8.7.2-20170301 Updates in 3 source package(s), 7 binary package(s): Source linux, binaries: linux-image-3.16.0-4-amd64 linux (3.16.39-1+deb8u1) jessie-security; urgency=high [ Salvatore Bonaccorso ] * perf: Fix event->ctx locking (CVE-2016-6786 CVE-2016-6787) * perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (CVE-2017-6001) * dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074) [ Ben Hutchings ] * perf: Do not double free (dependency of fix for CVE-2017-6001) * fbdev: color map copying bounds checking (CVE-2016-8405) * sysctl: Drop reference added by grab_header in proc_sys_readdir (CVE-2016-9191) * [x86] KVM: fix emulation of "MOV SS, null selector" (CVE-2017-2583) * [x86] KVM: Introduce segmented_write_std (CVE-2017-2584) * selinux: fix off-by-one in setprocattr (CVE-2017-2618) * USB: serial: kl5kusb105: fix line-state error handling (CVE-2017-5549) * tmpfs: clear S_ISGID when setting posix ACLs (CVE-2017-5551) * ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897) * [x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596) * ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970) Source shadow, binaries: login passwd shadow (1:4.2-3+deb8u3) jessie-security; urgency=high * Fix integer overflow in getulong.c (CVE-2016-6252) (Closes: #832170) * Refresh patches * Add myself to uploaders replacing Nicolas FRANCOIS (Nekral) shadow (1:4.2-3+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * su: properly clear child PID (CVE-2017-2616) (Closes: #855943) Source bind9, binaries: libdns-export100 libirs-export91 libisc-export95 libisccfg-export90 bind9 (1:9.9.5.dfsg-9+deb8u10) jessie-security; urgency=medium * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540). * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if both DNS64 and RPZ are being used (closes: #855520). -- Steve McIntyre <93sam@debian.org> Wed, 01 Mar 2017 15:52:42 +0000 8.7.1-20170215 Updates in 2 source package(s), 6 binary package(s): Source openssl, binaries: libssl1.0.0 openssl openssl (1.0.1t-1+deb8u6) jessie-security; urgency=medium * Fix CVE-2016-8610 * Fix CVE-2017-3731 * Fix CVE-2016-7056 Source vim, binaries: vim vim-common vim-runtime vim-tiny vim (2:7.4.488-7+deb8u2) jessie-security; urgency=high * Backport patch 8.0.0322 to fix a buffer overflow if a spellfile has an invalid length in it. (Closes: #854969, CVE-2017-5953) -- Steve McIntyre <93sam@debian.org> Wed, 15 Feb 2017 13:54:50 +0000 8.7.0-20170114 First build for 8.7.0 point release -- Steve McIntyre <93sam@debian.org> Sat, 14 Jan 2017 19:46:48 +0000