From fc35afb36c8162cb44fa7d9b72b8e3bed0cfe491 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 28 Apr 2020 20:18:40 +0000 Subject: Tue Apr 28 20:18:40 UTC 2020 ap/cups-2.3.3-x86_64-1.txz: Upgraded. This update fixes two security issues: The ppdOpen function did not handle invalid UI constraint. ppdcSource::get_resolution function did not handle invalid resolution strings. The ippReadIO function may under-read an extension. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842 (* Security fix *) l/imagemagick-7.0.10_10-x86_64-1.txz: Upgraded. n/samba-4.12.2-x86_64-1.txz: Upgraded. This update fixes two security issues: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 (* Security fix *) testing/packages/PAM/cups-2.3.3-x86_64-1_pam.txz: Upgraded. This update fixes two security issues: The ppdOpen function did not handle invalid UI constraint. ppdcSource::get_resolution function did not handle invalid resolution strings. The ippReadIO function may under-read an extension. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842 (* Security fix *) testing/packages/PAM/samba-4.12.2-x86_64-1_pam.txz: Upgraded. This update fixes two security issues: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 (* Security fix *) --- ChangeLog.txt | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'ChangeLog.txt') diff --git a/ChangeLog.txt b/ChangeLog.txt index 00cd36840..785939b3a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,44 @@ +Tue Apr 28 20:18:40 UTC 2020 +ap/cups-2.3.3-x86_64-1.txz: Upgraded. + This update fixes two security issues: + The ppdOpen function did not handle invalid UI constraint. + ppdcSource::get_resolution function did not handle invalid resolution strings. + The ippReadIO function may under-read an extension. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842 + (* Security fix *) +l/imagemagick-7.0.10_10-x86_64-1.txz: Upgraded. +n/samba-4.12.2-x86_64-1.txz: Upgraded. + This update fixes two security issues: + A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a + use-after-free in Samba's AD DC LDAP server. + A deeply nested filter in an un-authenticated LDAP search can exhaust the + LDAP server's stack memory causing a SIGSEGV. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 + (* Security fix *) +testing/packages/PAM/cups-2.3.3-x86_64-1_pam.txz: Upgraded. + This update fixes two security issues: + The ppdOpen function did not handle invalid UI constraint. + ppdcSource::get_resolution function did not handle invalid resolution strings. + The ippReadIO function may under-read an extension. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842 + (* Security fix *) +testing/packages/PAM/samba-4.12.2-x86_64-1_pam.txz: Upgraded. + This update fixes two security issues: + A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a + use-after-free in Samba's AD DC LDAP server. + A deeply nested filter in an un-authenticated LDAP search can exhaust the + LDAP server's stack memory causing a SIGSEGV. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 + (* Security fix *) ++--------------------------+ Mon Apr 27 20:27:30 UTC 2020 a/mkinitrd-1.4.11-x86_64-15.txz: Rebuilt. Use the standard mktemp utility from GNU coreutils, not the old tempfile. -- cgit v1.2.3