dragora-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dragora-users] Security updates: python2, libressl, sudo


From: Matias Fonzo
Subject: [Dragora-users] Security updates: python2, libressl, sudo
Date: Mon, 21 Oct 2019 22:22:15 -0300
User-agent: Roundcube Webmail/1.3.8

New security updates are available, if you are using or have installed Dragora-3.0 beta1 it is highly recommended to update the packages below:

- Python 2.7.17 is a bug fix release in the Python 2.7.x series. It contains several fixes for assigned CVEs: CVE-2019-15903[1], CVE-2019-9740[2], CVE-2019-9948[3].

- LibreSSL 3.0.2 contains the (ported) fix for CVE-2019-1563[4] from OpenSSL 1.1.1.

- Sudo 1.8.28 fixes a potential security issue[5] where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access.

References:

[1] https://nvd.nist.gov/vuln/detail/CVE-2019-15903
[2] https://nvd.nist.gov/vuln/detail/CVE-2019-9740
[3] https://nvd.nist.gov/vuln/detail/CVE-2019-9948
[4] https://nvd.nist.gov/vuln/detail/CVE-2019-1563
[5] https://www.sudo.ws/alerts/minus_1_uid.html

Packages to be updated:

[ Architecture: i586]
http://rsync.dragora.org/current/packages/i586/devel/python2-2.7.17-i586+1.tlz
http://rsync.dragora.org/current/packages/i586/devel/python2-2.7.17-i586+1.tlz.sha256

http://rsync.dragora.org/current/packages/i586/networking/libressl-3.0.2-i586+1.tlz
http://rsync.dragora.org/current/packages/i586/networking/libressl-3.0.2-i586+1.tlz.sha256

http://rsync.dragora.org/current/packages/i586/tools/sudo-1.8.28-i586+1.tlz
http://rsync.dragora.org/current/packages/i586/tools/sudo-1.8.28-i586+1.tlz.sha256

[ Architecture: x86_64 ]
http://rsync.dragora.org/current/packages/x86_64/devel/python2-2.7.17-x86_64+1.tlz
http://rsync.dragora.org/current/packages/x86_64/devel/python2-2.7.17-x86_64+1.tlz.sha256

http://rsync.dragora.org/current/packages/x86_64/networking/libressl-3.0.2-x86_64+1.tlz
http://rsync.dragora.org/current/packages/x86_64/networking/libressl-3.0.2-x86_64+1.tlz.sha256

http://rsync.dragora.org/current/packages/x86_64/tools/sudo-1.8.28-x86_64+1.tlz
http://rsync.dragora.org/current/packages/x86_64/tools/sudo-1.8.28-x86_64+1.tlz.sha256




reply via email to

[Prev in Thread] Current Thread [Next in Thread]