|
From: | Matias Fonzo |
Subject: | [Dragora-users] Security updates: python2, libressl, sudo |
Date: | Mon, 21 Oct 2019 22:22:15 -0300 |
User-agent: | Roundcube Webmail/1.3.8 |
- Python 2.7.17 is a bug fix release in the Python 2.7.x series. It contains several fixes for assigned CVEs: CVE-2019-15903[1], CVE-2019-9740[2], CVE-2019-9948[3].
- LibreSSL 3.0.2 contains the (ported) fix for CVE-2019-1563[4] from OpenSSL 1.1.1.
- Sudo 1.8.28 fixes a potential security issue[5] where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access.
References: [1] https://nvd.nist.gov/vuln/detail/CVE-2019-15903 [2] https://nvd.nist.gov/vuln/detail/CVE-2019-9740 [3] https://nvd.nist.gov/vuln/detail/CVE-2019-9948 [4] https://nvd.nist.gov/vuln/detail/CVE-2019-1563 [5] https://www.sudo.ws/alerts/minus_1_uid.html Packages to be updated: [ Architecture: i586] http://rsync.dragora.org/current/packages/i586/devel/python2-2.7.17-i586+1.tlz http://rsync.dragora.org/current/packages/i586/devel/python2-2.7.17-i586+1.tlz.sha256 http://rsync.dragora.org/current/packages/i586/networking/libressl-3.0.2-i586+1.tlz http://rsync.dragora.org/current/packages/i586/networking/libressl-3.0.2-i586+1.tlz.sha256 http://rsync.dragora.org/current/packages/i586/tools/sudo-1.8.28-i586+1.tlz http://rsync.dragora.org/current/packages/i586/tools/sudo-1.8.28-i586+1.tlz.sha256 [ Architecture: x86_64 ] http://rsync.dragora.org/current/packages/x86_64/devel/python2-2.7.17-x86_64+1.tlz http://rsync.dragora.org/current/packages/x86_64/devel/python2-2.7.17-x86_64+1.tlz.sha256 http://rsync.dragora.org/current/packages/x86_64/networking/libressl-3.0.2-x86_64+1.tlz http://rsync.dragora.org/current/packages/x86_64/networking/libressl-3.0.2-x86_64+1.tlz.sha256 http://rsync.dragora.org/current/packages/x86_64/tools/sudo-1.8.28-x86_64+1.tlz http://rsync.dragora.org/current/packages/x86_64/tools/sudo-1.8.28-x86_64+1.tlz.sha256
[Prev in Thread] | Current Thread | [Next in Thread] |