Snare Central v7.4.1 was released on 22nd November 2018.

Snare Central incorporates the Agent Management Console (AMC), the v2.2.0 Reflector, and the v1.0.3 Snare Agent Manager (SAM).

Change Log

New Features

The Snare Central collection subsystem has been upgraded significantly, and should result in event collection rate increases for most customers.
The new SnareStore query backend has been implemented, and a compatibility layer activated for Snare Server objectives. A significant boost in query speed is likely to be available for most existing queries - particularly those objectives that are regenerated on a regular basis. An automatic fallback option is available for queries that are not compatible with the new infrastructure and will use the legacy query method, and a manual fallback option can be selected via the Snare Central configuration wizard.
- Customers who require per-agent time-zone shifts via the "Configure Server Time Zones" objective should disable the new SnareStore capability, as timezone manipulation is only supported by the legacy backend.
Integration with the Snare Advanced Threat Intelligence overlay is available. A new option is available in the Administrative Tools menu to enable elastic and configure access for Snare Analytics and Snare Advanced Threat Intelligence applications.
XML Log data from NCR ATM machines, can be processed with a new log type, with the support of the v5.1.2 Windows Epilog agent that supports inline XML processing.
Additional Health Checker items have been added, to check for NTP configuration problems, database cache growth and to warn when reflector disk cache is growing significantly.
A new version of elasticsearch has been added for new installations.

Enhancements

Regular expressions within the Snare Server objective templates that use specific features from the perl-compatible regular expression subset, have been translated to 'RE2' format, for increased speed.

Bug Fixes

A problem that prevented the "Check Installation Media for Defects" option in the installation menu from working correctly, has been fixed.
A synchronisation issue between SAM and AMC that prevented AMC from seeing all the agents that report to SAM, has been fixed for this version.
An issue with DiskManager that prevented the correct resizing of disks was fixed.
Non-reporting agents in the Agent Management Console have been excluded from the report timeout threshold settings, and a small bug in agent filtering has been resolved.
TLS destinations for the Snare Reflector would have trouble reestablishing after a destination was offline for more than 15 minutes.
Clearing the master configuration on the Agent Management Console would generate an error notification.
The Dynamic Search objective within the Reports area, may have been indented, and shown in red, for some customers. This fix will revert the change.
When a reflector destination is disabled through the Snare Central Server Reflector configuration user interface, event collection can stop, and not restart. Removing, or re-enabling the destination, and restarting the collection subsystem from the GUI resolves the situation, but this fix removes the problem.
A problem found in AMC that caused extremely high AMC UI render time when large number of agents are been managed was fixed.
TLS event delivery was disabled in 7.4.0, but has been fixed in 7.4.1
Database cache file growth should be reduced, in situations where high volumes of transactions occur.

Security

Updates to supporting utilities and configurations have been made in response to normal operating system and application security and functionality fixes.

Operating System Updates

Package	Previous Version	Update	Details
apache2	2.4.7-1ubuntu4.18	2.4.7-1ubuntu4.20	apache2 (2.4.7-1ubuntu4.20) trusty-security; urgency=medium * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
apparmor	2.10.95-0ubuntu2.6~14.04.1	2.10.95-0ubuntu2.6~14.04.4	apparmor (2.10.95-0ubuntu2.6~14.04.3) trusty; urgency=medium * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch: - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other profiles-14.04 patches naming pattern. - Modify the existing/renamed patch to use the dir that should be use to patch a profile. profiles-14.04/ should be use instead of profiles/ which is not use. (LP: #1717714) apparmor (2.10.95-0ubuntu2.6~14.04.4) trusty-security; urgency=medium * {,14.04-}lp1788929+1794848.patch: - disallow writes to thumbnailer dir (LP: #1788929) - disallow access to the dirs of private files (LP: #1794848)
apport	2.14.1-0ubuntu3.27	2.14.1-0ubuntu3.29	apport (2.14.1-0ubuntu3.29) trusty-security; urgency=medium * data/apport: Properly handle crashes originating from a PID namespace. (LP: #1746668) - Thanks to Sander Bos for discovering this issue. - CVE-2018-6552
apt	1.0.1ubuntu2.17	1.0.1ubuntu2.18
bind9-host	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
clamav	0.99.2+addedllvm-0ubuntu0.14.04.2	0.100.2+dfsg-1ubuntu0.14.04.2	clamav (0.100.1+dfsg-1ubuntu0.14.04.3) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch: fix in libclamav/libmspack-0.5alpha/mspack/cchmd.c. - CVE-2018-14679 - CVE-2018-14680 * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension - debian/patches/CVE-2018-14681.patch: fix in libclamav/libmspack-0.5alpha/mspack/kwajd.c. - CVE-2018-14681 * SECURITY UPDATE: Off-by-one error - debian/patches/CVE-2018-14682.patch: fix in libclamav/libmspack-0.5alpha/mspack/chmd.c. - CVE-2018-14682 clamav (0.100.2+dfsg-1ubuntu0.14.04.1) trusty-security; urgency=medium * Updated to version 0.100.2 to fix security issue. - CVE-2018-15378 * Bump to new symbol version - debian/rules: set CL_FLEVEL 93. - debian/libclamav7.symbols: updated to new version. * Removed patches included in new version: - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch - debian/patches/CVE-2018-14681.patch - debian/patches/CVE-2018-14682.patch clamav (0.100.2+dfsg-1ubuntu0.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in libclamav/libmspack-0.5alpha/mspack/chmd.c - CVE-2018-18585 * SECURITY UPDATE: One byte buffer overflow - - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large enough in libclamav/libmspack-0.5alpha/mspack/cab.h - CVE-2018-18584
cpp-4.8	4.8.4-2ubuntu1~14.04.3	4.8.4-2ubuntu1~14.04.4	gcc-4.8 (4.8.4-2ubuntu1~14.04.4) trusty-security; urgency=medium * Add retpoline support for x86 via adding -mindirect-branch=, -mindirect-branch-register, and -mfunction-return= support (LP: #1749261) - 0001-i386-Move-struct-ix86_frame-to-machine_function.diff, 0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.diff, 0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.diff, 0004-x86-Add-mindirect-branch.diff, 0005-x86-Add-mfunction-return.diff, 0006-x86-Add-mindirect-branch-register.diff, 0007-x86-Add-V-register-operand-modifier.diff, 0008-x86-Disallow-mindirect-branch-mfunction-return-with-.diff, 0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.diff: implement -mindirect-branch= with attribute support, -mindirect-branch-register, and -mfunction-return= with attribute support. Thanks to H.J. Lu.
curl	7.35.0-1ubuntu2.13	7.35.0-1ubuntu2.19	curl (7.35.0-1ubuntu2.16) trusty-security; urgency=medium * SECURITY UPDATE: RTSP bad headers buffer over-read - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when bad response-line is parsed in lib/http.c. - CVE-2018-1000301 curl (7.35.0-1ubuntu2.19) trusty-security; urgency=medium * SECURITY UPDATE: SASL password overflow via integer overflow - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in lib/curl_sasl.c. - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c. - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c. - CVE-2018-16839 * SECURITY UPDATE: warning message out-of-buffer read - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c. - CVE number pending
dnsutils	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
dpkg	1.17.5ubuntu5.7	1.17.5ubuntu5.8	dpkg (1.17.5ubuntu5.8) trusty; urgency=medium * Add support for .deb archives with a control member not compressed (control.tar) or compressed with xz (control.tar.xz) LP: #1730627.
file	1:5.14-2ubuntu3.3	1:5.14-2ubuntu3.4	file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via large number of notes or long string - debian/patches/CVE-2014-962x-pre.patch: backport pre-requisite code changes. - debian/patches/CVE-2014-962x-1.patch: add a limit to the number of ELF notes processed in doc/file.man, doc/libmagic.man, src/apprentice.c, src/elfclass.h, src/file.c, src/file.h, src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c. - debian/patches/CVE-2014-962x-2.patch: limit string printing to 100 chars, and add flags in src/readelf.c. - CVE-2014-9620 - CVE-2014-9621 SECURITY UPDATE: denial of service via crafted ELF file - debian/patches/CVE-2014-9653.patch: bail out on partial reads in src/readelf.c. - CVE-2014-9653 * SECURITY UPDATE: memory corruption in file_check_mem. - debian/patches/CVE-2015-8865.patch: properly calculate length in src/funcs.c. - CVE-2015-8865 * SECURITY UPDATE: out-of-bounds read via crafted ELF file - debian/patches/CVE-2018-10360.patch: add bounds check to src/readelf.c. - CVE-2018-10360
gcc-4.8-base	4.8.4-2ubuntu1~14.04.3	4.8.4-2ubuntu1~14.04.4	gcc-4.8 (4.8.4-2ubuntu1~14.04.4) trusty-security; urgency=medium * Add retpoline support for x86 via adding -mindirect-branch=, -mindirect-branch-register, and -mfunction-return= support (LP: #1749261) - 0001-i386-Move-struct-ix86_frame-to-machine_function.diff, 0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.diff, 0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.diff, 0004-x86-Add-mindirect-branch.diff, 0005-x86-Add-mfunction-return.diff, 0006-x86-Add-mindirect-branch-register.diff, 0007-x86-Add-V-register-operand-modifier.diff, 0008-x86-Disallow-mindirect-branch-mfunction-return-with-.diff, 0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.diff: implement -mindirect-branch= with attribute support, -mindirect-branch-register, and -mfunction-return= with attribute support. Thanks to H.J. Lu.
gettext-base	0.18.3.1-1ubuntu3	0.18.3.1-1ubuntu3.1	gettext (0.18.3.1-1ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: Invalid free - debian/patches/CVE-2018-18751.patch: fix in gettext-tools/src/read-catalog.c, gettext-tools/tests/Makefile.am, gettext-tools/tests/xgettext-po-2. - CVE-2018-18751
ghostscript	9.10~dfsg-0ubuntu10.10	9.25~dfsg+1-0ubuntu0.14.04.2	ghostscript (9.10~dfsg-0ubuntu10.12) trusty-security; urgency=medium * SECURITY UPDATE: Heap-based buffer overflow and application crash - debian/patches/CVE-2016-10317.patch: check max_height bounds in base/gxht_thresh.c, base/gxipixel.c. - CVE-2016-10317 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10194.patch: avoid infinite number in devices/vector/gdevpdts.c. - CVE-2018-10194 ghostscript (9.25~dfsg+1-0ubuntu0.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: Multiple security issues - debian/patches/0218.patch: multiple cherry-picked upstream commits to fix security issues. Thanks to Jonas Smedegaard for cherry-picking these for Debian's 9.25~dfsg-3 package. - debian/symbols.common: added new symbol. - CVE-2018-17961 - CVE-2018-18073 - CVE-2018-18284 Fix LeadingEdge regression introduced in 9.22. (LP: #1800062) - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge logic in cups/gdevcups.c.
git	1:1.9.1-1ubuntu0.7	1:1.9.1-1ubuntu0.9	git (1:1.9.1-1ubuntu0.8) trusty-security; urgency=medium * SECURITY UPDATE: arbitrary code execution via submodule names in .gitsubmodules. - 0005-submodule-config-verify-submodule-names-as-paths.patch - 0018-fsck-simplify-.git-check.patch - 0020-fsck-actually-fsck-blob-data.patch - 0025-fsck-detect-gitmodules-files.patch - 0026-fsck-check-.gitmodules-content.patch - 0027-fsck-call-fsck_finish-after-fscking-objects.patch - 0028-unpack-objects-call-fsck_finish-after-fscking-objects.patch - 0029-index-pack-check-.gitmodules-files-with-strict.patch - CVE-2018-11235 (LP: #1774061) * SECURITY UPDATE: out-of-bounds memory access when sanity-checking pathnames on NTFS - 0006-is_ntfs_dotgit-use-a-size_t-for-traversing-string.patch - CVE-2018-11233 * Do not allow .gitmodules to be a symlink: * debian/rules: ensure added tests are executable. - 0001-apply-reject-input-that-touches-outside-the-working-a.patch - 0002-apply-do-not-read-from-the-filesystem-under-index.patch - 0003-apply-do-not-read-from-beyond-a-symbolic-link.patch - 0004-apply-do-not-touch-a-file-beyond-a-symbolic-link.patch - 0007-is_hfs_dotgit-match-other-.git-files.patch - 0008-is_ntfs_dotgit-match-other-.git-files.patch - 0009-skip_prefix-add-case-insensitive-variant.patch - 0010-verify_path-drop-clever-fallthrough.patch - 0011-verify_dotfile-mention-case-insensitivity-in-comment.patch - 0012-update-index-stat-updated-files-earlier.patch - 0013-verify_path-disallow-symlinks-in-.gitmodules.patch - 0014-sha1_file-add-read_loose_object-function.patch - 0015-fsck-drop-inode-sorting-code.patch - 0016-fsck-parse-loose-object-paths-directly.patch - 0017-index-pack-make-fsck-error-message-more-specific.patch - 0019-fsck_object-allow-passing-object-data-separately-from.patch - 0021-add-a-hashtable-implementation-that-supports-O-1-rem.patch - 0022-hashmap.h-use-unsigned-int-for-hash-codes-everywhere.patch - 0023-hashmap-factor-out-getting-a-hash-code-from-a-SHA1.patch - 0024-hashmap-add-simplified-hashmap_get_from_hash-API.patch - 0030-fsck-complain-when-.gitmodules-is-a-symlink.patch * move patches from debian/diff to quilt debian/patch/, to avoid conflicts and overlooking already added patches * Thanks to Jonathan Nieder of Debian for backporting to 2.1.x. git (1:1.9.1-1ubuntu0.9) trusty-security; urgency=medium * SECURITY UPDATE: arbitrary code execution via submodule URLs and paths in .gitsubmodules.
gnupg	1.4.16-1ubuntu2.4	1.4.16-1ubuntu2.6	gnupg (1.4.16-1ubuntu2.6) trusty-security; urgency=medium * SECURITY UPDATE: full RSA key recovery via side-channel attack - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-2.patch: use same computation for square and multiply in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow - debian/patches/CVE-2017-7526-4.patch: add exponent blinding in cipher/rsa.c. - debian/patches/CVE-2017-7526-5.patch: allow different build directory - CVE-2017-7526
grub2-common	2.02~beta2-9ubuntu1.14	2.02~beta2-9ubuntu1.15	grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium * util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively. (LP: #1708245) - debian/patches/install_signed.patch * debian/control: Breaks shim << 13 due to the renamed MokManager binary.
grub-common	2.02~beta2-9ubuntu1.14	2.02~beta2-9ubuntu1.15	grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium * util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively. (LP: #1708245) - debian/patches/install_signed.patch * debian/control: Breaks shim << 13 due to the renamed MokManager binary.
grub-efi-amd64-bin	2.02~beta2-9ubuntu1.14	2.02~beta2-9ubuntu1.15	grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium * util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively. (LP: #1708245) - debian/patches/install_signed.patch * debian/control: Breaks shim << 13 due to the renamed MokManager binary.
grub-efi-amd64-signed	1.34.16+2.02~beta2-9ubuntu1.14
grub-pc-bin	2.02~beta2-9ubuntu1.14	2.02~beta2-9ubuntu1.15	grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium * util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively. (LP: #1708245) - debian/patches/install_signed.patch * debian/control: Breaks shim << 13 due to the renamed MokManager binary.
grub-pc	2.02~beta2-9ubuntu1.14	2.02~beta2-9ubuntu1.15	grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium * util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively. (LP: #1708245) - debian/patches/install_signed.patch * debian/control: Breaks shim << 13 due to the renamed MokManager binary.
hhvm	3.18.5~trusty	3.29.1-1~trusty	hhvm (3.27.2-1~trusty) trusty; urgency=medium hhvm (3.29.1-1~trusty) trusty; urgency=medium
ifupdown	0.7.47.2ubuntu4.4	0.7.47.2ubuntu4.5
imagemagick-common	8:6.7.7.10-6ubuntu3.9	8:6.7.7.10-6ubuntu3.13	imagemagick (8:6.7.7.10-6ubuntu3.12) trusty-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage - debian/patches/CVE-2018-12599.patch: use proper lengths in coders/bmp.c. - CVE-2018-12599 * SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage - debian/patches/CVE-2018-12600.patch: use proper lengths in coders/dib.c. - CVE-2018-12600 * SECURITY UPDATE: memory leak in XMagickCommand - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c. - CVE-2018-13153 imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium [ Steve Beattie ] * SECURITY UPDATE: code execution vulnerabilities in ghostscript asinvoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml * SECURITY UPDATE: information leak in ReadXBMImage - debian/patches/CVE-2018-16323.patch: don't leave data uninitialized with negative pixels - CVE-2018-16323 * SECURITY UPDATE: memory leak of colormap in WriteMPCImage - debian/patches/CVE-2018-14434.patch: free colormap on bad color depth - CVE-2018-14434 * SECURITY UPDATE: memory leak in DecodeImage - debian/patches/CVE-2018-14435.patch: free memory when given a bad plane - CVE-2018-14435 * SECURITY UPDATE: memory leak in ReadMIFFImage - debian/patches/CVE-2018-14436.patch: free memory when given a bad depth - CVE-2018-14436 * SECURITY UPDATE: memory leak in parse8BIM - debian/patches/CVE-2018-14437-prereq.patch: check for negative values - debian/patches/CVE-2018-14437.patch: free strings in error conditions - CVE-2018-14437 * SECURITY UPDATE: memory leak in ReadOneJNGImage - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG() - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG() - debian/patches/CVE-2018-16640.patch: free memory on error - CVE-2018-16640 * SECURITY UPDATE: denial of service due to out-of-bounds write in InsertRow - debian/patches/CVE-2018-16642.patch: improve checking for errors - CVE-2018-16642 * SECURITY UPDATE: denial of service due to missing fputc checks - debian/patches/CVE-2018-16643.patch: check fputc calls for error - CVE-2018-16643 * SECURITY UPDATE: denial of service in ReadDCMImage and ReadPICTImage - debian/patches/CVE-2018-16644-prereq-1.patch: make ReadRectangle() a boolean returning function and use it. - debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF when reading from file - debian/patches/CVE-2018-16644-prereq-3.patch: define ThrowPICTException() macro and use it - debian/patches/CVE-2018-16644-1.patch, debian/patches/CVE-2018-16644-2.patch: check for invalid length - CVE-2018-16644 * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage - debian/patches/CVE-2018-16645.patch: ensure number_colors is not too large - CVE-2018-16645 * SECURITY UPDATE: denial of service in ReadOneJNGImage - debian/patches/CVE-2018-16749.patch; check for NULL color_image - CVE-2018-16749 * SECURITY UPDATE: memory leak in formatIPTCfromBuffer - debian/patches/CVE-2018-16750.patch: free memory on error - CVE-2018-16750 [ Marc Deslauriers ] * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485) - debian/patches/0297-CVE-2017-13144.patch: removed pending further investigation. - debian/patches/CVE-2017-12430.patch: refreshed.
initramfs-tools	0.103ubuntu4.9	0.103ubuntu4.11
iproute2	3.12.0-2ubuntu1.1	3.12.0-2ubuntu1.2	iproute2 (3.12.0-2ubuntu1.2) trusty; urgency=medium * Fix ip maddr show (LP: #1732032): - d/p/1003-ip-maddr-fix-igmp-parsing.patch: fix igmp parsing when iface is long - d/p/1004-ip-maddr-avoid-uninitialized-data.patch: avoid accessing uninitialized data - d/p/1005-ip-maddr-fix-filtering-by-device.patch: fix filtering by device
isc-dhcp-client	4.2.4-7ubuntu12.10	4.2.4-7ubuntu12.13	isc-dhcp (4.2.4-7ubuntu12.13) trusty; urgency=medium * dhclient-script.linux: handle empty case also when waiting for ipv6 link local DAD. (LP: #1718568)
isc-dhcp-common	4.2.4-7ubuntu12.10	4.2.4-7ubuntu12.13	isc-dhcp (4.2.4-7ubuntu12.13) trusty; urgency=medium * dhclient-script.linux: handle empty case also when waiting for ipv6 link local DAD. (LP: #1718568)
kmod	15-0ubuntu6	15-0ubuntu7	kmod (15-0ubuntu7) trusty; urgency=medium * depmod-ignore-powerpc64-abiv2-toc-symbol.patch: Ignore the TOC symbol in depmod on PPC64 as it does not need to be relocated (LP: #1696710)
landscape-common	14.12-0ubuntu6.14.04.1	14.12-0ubuntu6.14.04.3	landscape-client (14.12-0ubuntu6.14.04.3) trusty; urgency=medium * d/p/detect-cloudstack-kvm-1754073.patch: Detect CloudStack kvm hypervisor (LP: #1754073)
php5	5.5.9+dfsg-1ubuntu4.22	5.5.9+dfsg-1ubuntu4.26	php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium * SECURITY UPDATE: opcache access controls bypass - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h, sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2018-10545 * SECURITY UPDATE: infinite loop in iconv stream filter - debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt. - debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in ext/iconv/iconv.c. - CVE-2018-10546 * SECURITY UPDATE: XSS on PHAR error pages - debian/patches/CVE-2018-10547.patch: remove potential unfiltered outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/. - CVE-2018-10547 SECURITY UPDATE: DoS via ldap_get_dn return value mishandling - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c, add test to ext/ldap/tests/bug76248.phpt. - CVE-2018-10548 php5 (5.5.9+dfsg-1ubuntu4.26) trusty-security; urgency=medium * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
libasprintf0c2	0.18.3.1-1ubuntu3	0.18.3.1-1ubuntu3.1	gettext (0.18.3.1-1ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: Invalid free - debian/patches/CVE-2018-18751.patch: fix in gettext-tools/src/read-catalog.c, gettext-tools/tests/Makefile.am, gettext-tools/tests/xgettext-po-2. - CVE-2018-18751
libarchive13	3.1.2-7ubuntu2.4	3.1.2-7ubuntu2.6	libarchive (3.1.2-7ubuntu2.6) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-10209.patch: fix in libarchive/archive_string.c. - CVE-2016-10209 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-10349-and-CVE-2016-10350.patch: fix in libarchive/archive_read_support_format_cab.c. - CVE-2016-10349 - CVE-2016-10350 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14166.patch: fix in libarchive/archive_read_support_format_xar.c. - CVE-2017-14166 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2017-14501.patch: fix in libarchive/archive_read_support_format_iso9660.c. - CVE-2017-14501 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2017-14503.patch: fix in libarchive/archive_read_support_format_lha.c. - CVE-2017-14503
libavahi-client3	0.6.31-4ubuntu1.1	0.6.31-4ubuntu1.2	avahi (0.6.31-4ubuntu1.2) trusty; urgency=medium * d/p/Remove-default-rlimit-nproc-3.patch, * d/p/Remove-default-rlimits-from-avahi-daemon.conf.patch: - Remove all overly restrictive default rlimit restrictions in avahi-daemon.conf which can cause avahi to fail to start due to too many running process or crash out of memory. (LP: #1661869)
libavahi-common3	0.6.31-4ubuntu1.1	0.6.31-4ubuntu1.2	avahi (0.6.31-4ubuntu1.2) trusty; urgency=medium * d/p/Remove-default-rlimit-nproc-3.patch, * d/p/Remove-default-rlimits-from-avahi-daemon.conf.patch: - Remove all overly restrictive default rlimit restrictions in avahi-daemon.conf which can cause avahi to fail to start due to too many running process or crash out of memory. (LP: #1661869)
libavahi-common-data	0.6.31-4ubuntu1.1	0.6.31-4ubuntu1.2	avahi (0.6.31-4ubuntu1.2) trusty; urgency=medium * d/p/Remove-default-rlimit-nproc-3.patch, * d/p/Remove-default-rlimits-from-avahi-daemon.conf.patch: - Remove all overly restrictive default rlimit restrictions in avahi-daemon.conf which can cause avahi to fail to start due to too many running process or crash out of memory. (LP: #1661869)
libbind9-90	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libc6	2.19-0ubuntu6.13	2.19-0ubuntu6.14	eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium * SECURITY UPDATE: Memory leak in dynamic loader (ld.so) - debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff: Compute correct array size in _dl_init_paths - CVE-2017-1000408 * SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so) - debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff: Count components of the expanded path in _dl_init_path - CVE-2017-1000409 * SECURITY UPDATE: One-byte overflow in glob - debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte overflow in glob - CVE-2017-15670 * SECURITY UPDATE: Buffer overflow in glob - debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow during GLOB_TILDE unescaping - CVE-2017-15804 * SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH - debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for empty tokens before dynamic string token expansion - CVE-2017-16997 * SECURITY UPDATE: Buffer underflow in realpath() - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff: Make getcwd(3) fail if it cannot obtain an absolute path - CVE-2018-1000001
libc-bin	2.19-0ubuntu6.13	2.19-0ubuntu6.14	eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium * SECURITY UPDATE: Memory leak in dynamic loader (ld.so) - debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff: Compute correct array size in _dl_init_paths - CVE-2017-1000408 * SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so) - debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff: Count components of the expanded path in _dl_init_path - CVE-2017-1000409 * SECURITY UPDATE: One-byte overflow in glob - debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte overflow in glob - CVE-2017-15670 * SECURITY UPDATE: Buffer overflow in glob - debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow during GLOB_TILDE unescaping - CVE-2017-15804 * SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH - debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for empty tokens before dynamic string token expansion - CVE-2017-16997 * SECURITY UPDATE: Buffer underflow in realpath() - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff: Make getcwd(3) fail if it cannot obtain an absolute path - CVE-2018-1000001
libcups2	1.7.2-0ubuntu1.8	1.7.2-0ubuntu1.10	cups (1.7.2-0ubuntu1.10) trusty-security; urgency=medium * SECURITY UPDATE: scheduler crash via DBUS notifications - debian/patches/CVE-2017-18248.patch: validate requesting-user-name in scheduler/ipp.c. - CVE-2017-18248 * SECURITY UPDATE: privilege escalation in dnssd backend - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to override standard variables in man/cups-files.conf.man.in, man/cupsd.conf.man.in, scheduler/conf.c. - CVE-2018-4180 * SECURITY UPDATE: local file read via Include directive - debian/patches/CVE-2018-418x.patch: remove Include directive handling in scheduler/conf.c. - CVE-2018-4181 * SECURITY UPDATE: AppArmor sandbox bypass - debian/local/apparmor-profile: also confine /usr/lib/cups/backend/mdns. - CVE-2018-6553
libcupsfilters1	1.0.52-0ubuntu1.7	1.0.52-0ubuntu1.8	cups-filters (1.0.52-0ubuntu1.8) trusty-security; urgency=medium * Rebuild against new qpdf security update. - debian/control: Bump libqpdf-dev Build-Depends to 8.0~
libcupsimage2	1.7.2-0ubuntu1.8	1.7.2-0ubuntu1.10	cups (1.7.2-0ubuntu1.10) trusty-security; urgency=medium * SECURITY UPDATE: scheduler crash via DBUS notifications - debian/patches/CVE-2017-18248.patch: validate requesting-user-name in scheduler/ipp.c. - CVE-2017-18248 * SECURITY UPDATE: privilege escalation in dnssd backend - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to override standard variables in man/cups-files.conf.man.in, man/cupsd.conf.man.in, scheduler/conf.c. - CVE-2018-4180 * SECURITY UPDATE: local file read via Include directive - debian/patches/CVE-2018-418x.patch: remove Include directive handling in scheduler/conf.c. - CVE-2018-4181 * SECURITY UPDATE: AppArmor sandbox bypass - debian/local/apparmor-profile: also confine /usr/lib/cups/backend/mdns. - CVE-2018-6553
libdns100	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libelf1	0.158-0ubuntu5.2	0.158-0ubuntu5.3	elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading an ELF file for sanity checks. Based on upstream patch. - CVE-2016-10254 * SECURITY UPDATE: Denial of service via memory consumption when handling crafted ELF files - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before trying to malloc and read data. Based on upstream patch. - CVE-2016-10255 * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents before processing. Based on upstream patch. - debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in handle_gnu_hash. Based on upstream patch. - CVE-2017-7607 * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2017-7608.patch: Use the empty string for note names with zero size. Based on upstream patch. - CVE-2017-7608 * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2017-7610.patch: Don't check section group without flags word. Based on upstream patch. - CVE-2017-7610 * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2017-7611.patch: Check symbol table data is big enough before checking. Based on upstream patch. - CVE-2017-7611 * SECURITY UPDATE: Denial of service via invalid memory read when handling crafted ELF files - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking hash sections. Based on upstream patch. - CVE-2017-7612 * SECURITY UPDATE: Denial of service via memory consumption when handling crafted ELF files - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and shdrs available. Based on upstream patch. - CVE-2017-7613
libgcrypt11	1.5.3-2ubuntu4.5	1.5.3-2ubuntu4.6	libgcrypt11 (1.5.3-2ubuntu4.6) trusty-security; urgency=medium * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in cipher/ecc. - CVE-2018-0495
libgd3	2.1.0-3ubuntu0.8	2.1.0-3ubuntu0.10	libgd2 (2.1.0-3ubuntu0.10) trusty-security; urgency=medium * SECURITY UPDATE: Double free - debian/patches/CVE-2018-1000222.patch: fix in src/gd_bmp.c. - CVE-2018-1000222 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2018-5711.patch: fix in src/gd_gif_in.c. - CVE-2018-5711
libgdk-pixbuf2.0-0	2.30.7-0ubuntu1.7	2.30.7-0ubuntu1.8	gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow in gif_get_lzw function - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c. - CVE-2017-1000422 * SECURITY UPDATE: DoS and integer overflow in io-ico.c - debian/patches/CVE-2017-6312.patch: fix potential integer overflow in gdk-pixbuf/io-ico.c. - CVE-2017-6312 * SECURITY UPDATE: DoS and integer underflow in load_resources function - debian/patches/CVE-2017-6313.patch: protect against too short blocklen in gdk-pixbuf/io-icns.c. - CVE-2017-6313 * SECURITY UPDATE: DoS (infinite loop) - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size computation in gdk-pixbuf/io-tiff.c. - CVE-2017-6314
libgdk-pixbuf2.0-common	2.30.7-0ubuntu1.7	2.30.7-0ubuntu1.8	gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow in gif_get_lzw function - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c. - CVE-2017-1000422 * SECURITY UPDATE: DoS and integer overflow in io-ico.c - debian/patches/CVE-2017-6312.patch: fix potential integer overflow in gdk-pixbuf/io-ico.c. - CVE-2017-6312 * SECURITY UPDATE: DoS and integer underflow in load_resources function - debian/patches/CVE-2017-6313.patch: protect against too short blocklen in gdk-pixbuf/io-icns.c. - CVE-2017-6313 * SECURITY UPDATE: DoS (infinite loop) - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size computation in gdk-pixbuf/io-tiff.c. - CVE-2017-6314
libglib2.0-0	2.40.2-0ubuntu1	2.40.2-0ubuntu1.1	glib2.0 (2.40.2-0ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: NULL pointer deference - debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c, glib/tests/Makefile.am, glib/tests/markups/fail-51.expected, glib/tests/markups/fail-51.gmarkup. - CVE-2018-16428 * SECURITY UPDATE: Read out-of-bounds - debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and glib/tests/Makefile.am, glib/tests/markups/fail-50.expected, glib/tests/markups/fail-50.gmarkup. - CVE-2018-16429 * Fixing tests in gdatetime invented timezone - debian/patches/User_a_real_rather_than_invented_timezone.patch: fix in glib/tests/gdatetime.c.
libglib2.0-data	2.40.2-0ubuntu1	2.40.2-0ubuntu1.1	glib2.0 (2.40.2-0ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: NULL pointer deference - debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c, glib/tests/Makefile.am, glib/tests/markups/fail-51.expected, glib/tests/markups/fail-51.gmarkup. - CVE-2018-16428 * SECURITY UPDATE: Read out-of-bounds - debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and glib/tests/Makefile.am, glib/tests/markups/fail-50.expected, glib/tests/markups/fail-50.gmarkup. - CVE-2018-16429 * Fixing tests in gdatetime invented timezone - debian/patches/User_a_real_rather_than_invented_timezone.patch: fix in glib/tests/gdatetime.c.
libgomp1	4.8.4-2ubuntu1~14.04.3	4.8.4-2ubuntu1~14.04.4	gcc-4.8 (4.8.4-2ubuntu1~14.04.4) trusty-security; urgency=medium * Add retpoline support for x86 via adding -mindirect-branch=, -mindirect-branch-register, and -mfunction-return= support (LP: #1749261) - 0001-i386-Move-struct-ix86_frame-to-machine_function.diff, 0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.diff, 0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.diff, 0004-x86-Add-mindirect-branch.diff, 0005-x86-Add-mfunction-return.diff, 0006-x86-Add-mindirect-branch-register.diff, 0007-x86-Add-V-register-operand-modifier.diff, 0008-x86-Disallow-mindirect-branch-mfunction-return-with-.diff, 0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.diff: implement -mindirect-branch= with attribute support, -mindirect-branch-register, and -mfunction-return= with attribute support. Thanks to H.J. Lu.
libgudev-1.0-0	1:204-5ubuntu20.25	1:204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
libicu52	52.1-3ubuntu0.7	52.1-3ubuntu0.8	icu (52.1-3ubuntu0.8) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in Persian Cal - debian/patches/CVE-2017-15422.patch: use int64_t math for one operation to avoid overflow, add tests in source/i18n/gregoimp.cpp, source/i18n/gregoimp.h, source/i18n/persncal.cpp, source/test/intltest/calregts.cpp, source/test/intltest/calregts.h. - CVE-2017-15422
libisc95	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libisccc90	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libisccfg90	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libjasper1	1.900.1-14ubuntu3.4	1.900.1-14ubuntu3.5	jasper (1.900.1-14ubuntu3.5) trusty-security; urgency=medium * SECURITY UPDATE: double-free in jasper_image_stop_load - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and double free in src/libjasper/base/jas_image.c, src/libjasper/include/jasper/jas_math.h. (Thanks to Red Hat for the patch!) - CVE-2015-5203 * SECURITY UPDATE: use-after-free in mif_process_cmpt - debian/patches/CVE-2015-5221.patch: fix use-after-free in src/libjasper/mif/mif_cod.c. - CVE-2015-5221 * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent null pointer dereference in src/libjasper/include/jasper/jas_seq.h, src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c. - CVE-2016-10248 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-10250.patch: fix cleanup in src/libjasper/jp2/jp2_cod.c. - CVE-2016-10250 * SECURITY UPDATE: denial of service in jpc_dec_tiledecode - debian/patches/CVE-2016-8883.patch: remove asserts in src/libjasper/jpc/jpc_dec.c. - CVE-2016-8883 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c. - CVE-2016-8887 * SECURITY UPDATE: integer overflow in jpc_dec_process_siz - debian/patches/CVE-2016-9387-1.patch: fix overflow in src/libjasper/jpc/jpc_dec.c. - debian/patches/CVE-2016-9387-2.patch: add more checks to src/libjasper/jpc/jpc_dec.c. - CVE-2016-9387 * SECURITY UPDATE: denial of service in ras_getcmap - debian/patches/CVE-2016-9388.patch: remove assertions in src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c. - CVE-2016-9388 * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions - debian/patches/CVE-2016-9389.patch: add check to src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c, src/libjasper/include/jasper/jas_image.h. - CVE-2016-9389 * SECURITY UPDATE: denial of service in jas_seq2d_create - debian/patches/CVE-2016-9390.patch: check tiles in src/libjasper/jpc/jpc_cs.c. - CVE-2016-9390 * SECURITY UPDATE: denial of service in jpc_bitstream_getbits - debian/patches/CVE-2016-9391.patch: add tests to src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c. - CVE-2016-9391 * SECURITY UPDATE: multiple denial of service issues - debian/patches/CVE-2016-9392-3-4.patch: add more checks to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN - debian/patches/CVE-2016-9396.patch: add check to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9396 * SECURITY UPDATE: denial of service via crafted image - debian/patches/CVE-2016-9600.patch: add more checks to src/libjasper/jp2/jp2_enc.c. - CVE-2016-9600 * SECURITY UPDATE: NULL pointer exception in jp2_encode - debian/patches/CVE-2017-1000050.patch: check number of components in src/libjasper/jp2/jp2_enc.c. - CVE-2017-1000050 * SECURITY UPDATE: denial of service in jp2_cdef_destroy - debian/patches/CVE-2017-6850.patch: initialize data in src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c. - CVE-2017-6850
libjpeg-turbo8	1.3.0-0ubuntu2	1.3.0-0ubuntu2.1	libjpeg-turbo (1.3.0-0ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via JPEG file - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c. - CVE-2014-9092 * SECURITY UPDATE: denial of service via crafted file - debian/patches/CVE-2016-3616.patch: check range of integer values in PPM text file in cderror.h, rdppm.c. - CVE-2016-3616 - CVE-2018-11213 - CVE-2018-11214 * SECURITY UPDATE: divide-by-zero via crafted file - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c. - CVE-2018-11212 * SECURITY UPDATE: division by zero via BMP image - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c. - CVE-2018-1152
liblcms2-2	2.5-0ubuntu4.1	2.5-0ubuntu4.2	cms2 (2.5-0ubuntu4.2) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-10165.patch: fix in src/cmstypes.c. - CVE-2016-10165 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-16435.patch: fix in src/cmscgats.c. - CVE-2018-16435
liblwres90	1:9.9.5.dfsg-3ubuntu0.16	1:9.9.5.dfsg-3ubuntu0.18	bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium * SECURITY UPDATE: assertion failure via improper cleanup - lib/dns/resolver.c: fix cleanup handling. - Patch backported from 9.9.11-P1. - CVE-2017-3145 bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - lib/dns/resolver.c: explicit DNAME query could trigger a crash if deny-answer-aliases was set - Patch backported from 9.9.13-P1. - CVE-2018-5740
libmagickcore5	8:6.7.7.10-6ubuntu3.9	8:6.7.7.10-6ubuntu3.13	imagemagick (8:6.7.7.10-6ubuntu3.12) trusty-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage - debian/patches/CVE-2018-12599.patch: use proper lengths in coders/bmp.c. - CVE-2018-12599 * SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage - debian/patches/CVE-2018-12600.patch: use proper lengths in coders/dib.c. - CVE-2018-12600 * SECURITY UPDATE: memory leak in XMagickCommand - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c. - CVE-2018-13153 imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium [ Steve Beattie ] * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml * SECURITY UPDATE: information leak in ReadXBMImage - debian/patches/CVE-2018-16323.patch: don't leave data uninitialized with negative pixels - CVE-2018-16323 * SECURITY UPDATE: memory leak of colormap in WriteMPCImage - debian/patches/CVE-2018-14434.patch: free colormap on bad color depth - CVE-2018-14434 * SECURITY UPDATE: memory leak in DecodeImage - debian/patches/CVE-2018-14435.patch: free memory when given a bad plane - CVE-2018-14435 * SECURITY UPDATE: memory leak in ReadMIFFImage - debian/patches/CVE-2018-14436.patch: free memory when given a bad depth - CVE-2018-14436 * SECURITY UPDATE: memory leak in parse8BIM - debian/patches/CVE-2018-14437-prereq.patch: check for negative values - debian/patches/CVE-2018-14437.patch: free strings in error conditions - CVE-2018-14437 * SECURITY UPDATE: memory leak in ReadOneJNGImage - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG() - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG() - debian/patches/CVE-2018-16640.patch: free memory on error - CVE-2018-16640 * SECURITY UPDATE: denial of service due to out-of-bounds write in InsertRow - debian/patches/CVE-2018-16642.patch: improve checking for errors - CVE-2018-16642 * SECURITY UPDATE: denial of service due to missing fputc checks - debian/patches/CVE-2018-16643.patch: check fputc calls for error - CVE-2018-16643 * SECURITY UPDATE: denial of service in ReadDCMImage andReadPICTImage - debian/patches/CVE-2018-16644-prereq-1.patch: make ReadRectangle() a boolean returning function and use it. - debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF when reading from file - debian/patches/CVE-2018-16644-prereq-3.patch: define ThrowPICTException() macro and use it - debian/patches/CVE-2018-16644-1.patch, debian/patches/CVE-2018-16644-2.patch: check for invalid length - CVE-2018-16644 * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage - debian/patches/CVE-2018-16645.patch: ensure number_colors is not too large - CVE-2018-16645 * SECURITY UPDATE: denial of service in ReadOneJNGImage - debian/patches/CVE-2018-16749.patch; check for NULL color_image - CVE-2018-16749 * SECURITY UPDATE: memory leak in formatIPTCfromBuffer - debian/patches/CVE-2018-16750.patch: free memory on error - CVE-2018-16750 [ Marc Deslauriers ] * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485) - debian/patches/0297-CVE-2017-13144.patch: removed pending further investigation. - debian/patches/CVE-2017-12430.patch: refreshed.
libmagickwand5	8:6.7.7.10-6ubuntu3.9	8:6.7.7.10-6ubuntu3.13	imagemagick (8:6.7.7.10-6ubuntu3.12) trusty-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage - debian/patches/CVE-2018-12599.patch: use proper lengths in coders/bmp.c. - CVE-2018-12599 * SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage - debian/patches/CVE-2018-12600.patch: use proper lengths in coders/dib.c. - CVE-2018-12600 * SECURITY UPDATE: memory leak in XMagickCommand - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c. - CVE-2018-13153 imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium [ Steve Beattie ] * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml * SECURITY UPDATE: information leak in ReadXBMImage - debian/patches/CVE-2018-16323.patch: don't leave data uninitialized with negative pixels - CVE-2018-16323 * SECURITY UPDATE: memory leak of colormap in WriteMPCImage - debian/patches/CVE-2018-14434.patch: free colormap on bad color depth - CVE-2018-14434 * SECURITY UPDATE: memory leak in DecodeImage - debian/patches/CVE-2018-14435.patch: free memory when given a bad plane - CVE-2018-14435 * SECURITY UPDATE: memory leak in ReadMIFFImage - debian/patches/CVE-2018-14436.patch: free memory when given a bad depth - CVE-2018-14436 * SECURITY UPDATE: memory leak in parse8BIM - debian/patches/CVE-2018-14437-prereq.patch: check for negative values - debian/patches/CVE-2018-14437.patch: free strings in error conditions - CVE-2018-14437 * SECURITY UPDATE: memory leak in ReadOneJNGImage - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG() - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG() - debian/patches/CVE-2018-16640.patch: free memory on error - CVE-2018-16640 * SECURITY UPDATE: denial of service due to out-of-bounds write in InsertRow - debian/patches/CVE-2018-16642.patch: improve checking for errors - CVE-2018-16642 * SECURITY UPDATE: denial of service due to missing fputc checks - debian/patches/CVE-2018-16643.patch: check fputc calls for error - CVE-2018-16643 * SECURITY UPDATE: denial of service in ReadDCMImage andReadPICTImage - debian/patches/CVE-2018-16644-prereq-1.patch: make ReadRectangle() a boolean returning function and use it. - debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF when reading from file - debian/patches/CVE-2018-16644-prereq-3.patch: define ThrowPICTException() macro and use it - debian/patches/CVE-2018-16644-1.patch, debian/patches/CVE-2018-16644-2.patch: check for invalid length - CVE-2018-16644 * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage - debian/patches/CVE-2018-16645.patch: ensure number_colors is not too large - CVE-2018-16645 * SECURITY UPDATE: denial of service in ReadOneJNGImage - debian/patches/CVE-2018-16749.patch; check for NULL color_image - CVE-2018-16749 * SECURITY UPDATE: memory leak in formatIPTCfromBuffer - debian/patches/CVE-2018-16750.patch: free memory on error - CVE-2018-16750 [ Marc Deslauriers ] * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485) - debian/patches/0297-CVE-2017-13144.patch: removed pending further investigation. - debian/patches/CVE-2017-12430.patch: refreshed.
libmysqlclient18	5.5.58-0ubuntu0.14.04.1	5.5.62-0ubuntu0.14.04.1	mysql-5.5 (5.5.61-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.5.61 to fix security issues - CVE-2018-2767, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066, CVE-2018-3070, CVE-2018-3081 mysql-5.5 (5.5.62-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.5.61 to fix security issues - CVE-2018-3133, CVE-2018-3174, CVE-2018-3282
libonig2	5.9.1-1ubuntu1	5.9.1-1ubuntu1.1	libonig (5.9.1-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: Fix multiple invalid pointer dereference, out-of-bounds write memory corruption and stack buffer overflow. - debian/patches/CVE-2017-9224-and-CVE-2017-9226-to-9229.patch: fixes in regexec.c and regparse.c - CVE-2017-9224 - CVE-2017-9926 - CVE-2017-9927 - CVE-2017-9228 - CVE-2017-9229
libpam-systemd	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
perl	5.18.2-2ubuntu1.3	5.18.2-2ubuntu1.6	perl (5.18.2-2ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: Directory traversal vulnerability - debian/patches/fixes/CVE-2018-12015.patch: fix ing cpan/Archive-Tar/lib/Archive/Tar.pm. - CVE-2018-12015
plymouth	0.8.8-0ubuntu17.1	0.8.8-0ubuntu17.2	plymouth (0.8.8-0ubuntu17.2) trusty; urgency=medium *debian/patches/misc-changes.patch: Drop call to stop_animation as it would unreference a bunch of variables and cause a crash writing a NULL VMA. (LP: #927636)
libpng12-0	1.2.50-1ubuntu2.14.04.2	1.2.50-1ubuntu2.14.04.3	libpng (1.2.50-1ubuntu2.14.04.3) trusty-security; urgency=medium * SECURITY UPDATE: Null pointer dereference - debian/patches/CVE-2016-10087.patch: fix in png.c. - CVE-2016-10087
policykit-1	0.105-4ubuntu3.14.04.1	0.105-4ubuntu3.14.04.2	policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: DoS via invalid object path - debian/patches/CVE-2015-3218.patch: handle invalid object paths in src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2015-3218 * SECURITY UPDATE: privilege escalation via duplicate action IDs - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in src/polkitbackend/polkitbackendactionpool.c. - CVE-2015-3255 * SECURITY UPDATE: privilege escalation via duplicate cookie values - debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values in configure.ac, src/polkitagent/polkitagenthelper-pam.c, src/polkitagent/polkitagenthelper-shadow.c, src/polkitagent/polkitagenthelperprivate.c, src/polkitagent/polkitagenthelperprivate.h, src/polkitagent/polkitagentsession.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitbackend/polkitbackendauthority.c, src/polkitbackend/polkitbackendauthority.h, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-3.patch: update docs in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitagent/polkitagentlistener.c, src/polkitbackend/polkitbackendauthority.c. - CVE-2015-4625 * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116
libpq5	9.3.20-0ubuntu0.14.04	9.3.24-0ubuntu0.14.04	postgresql-9.3 (9.3.24-0ubuntu0.14.04) trusty-security; urgency=medium * New upstream release (LP: #1786938) - Fix failure to reset libpq's state fully between connection attempts . An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915) - d/libecpg-dev.install: Add new pgtypes header. - d/libpgtypes3.symbols: Add new pgtypes symbol. - Details about these and other changes can be found at https://www.postgresql.org/docs/9.3/static/release-9-3-24.html
procps	1:3.3.9-1ubuntu2.2	1:3.3.9-1ubuntu2.3	procps (1:3.3.9-1ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: top configuration file read from current directory - debian/patches/CVE-2018-1122.patch: do not default to the cwd in top/top.c. - CVE-2018-1122 * SECURITY UPDATE: ps output buffer overflow - debian/patches/CVE-2018-1123.patch: check sizes in ps/output.c. - CVE-2018-1123 * SECURITY UPDATE: integer overflow in file2strvec() - debian/patches/CVE-2018-1124.patch: prevent overflow in proc/readproc.c. - CVE-2018-1124 * SECURITY UPDATE: stack overflow in pgrep - debian/patches/CVE-2018-1125.patch: check length in pgrep.c. - CVE-2018-1125 * SECURITY UPDATE: truncated sizes and possible integer overflow - debian/patches/CVE-2018-1126.patch: use size_t, not unsigned int in proc/alloc.. - CVE-2018-1126 debian/patches/pmap_new_kernel.patch: fix compatibility with newer kernels.
python2.7	2.7.6-8ubuntu0.4	2.7.6-8ubuntu0.5	python2.7 (2.7.6-8ubuntu0.5) trusty-security; urgency=medium * SECURITY UPDATE: heap buffer overflow via race condition - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating over a file on multiple threads in Lib/test/test_file2k.py, Objects/fileobject.c. - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple threads iterate over a file in Lib/test/test_file2k.py, Objects/fileobject.c. - CVE-2018-1000030 * SECURITY UPDATE: command injection in shutil module - debian/patches/CVE-2018-1000802.patch: use subprocess rather than distutils.spawn in Lib/shutil.py. - CVE-2018-1000802 * SECURITY UPDATE: DoS via catastrophic backtracking - debian/patches/CVE-2018-106x.patch: fix expressions in Lib/difflib.py, Lib/poplib.py. Added tests to Lib/test/test_difflib.py, Lib/test/test_poplib.py. - CVE-2018-1060 - CVE-2018-1061 * SECURITY UPDATE: incorrect Expat hash salt initialization - debian/patches/CVE-2018-14647.patch: call SetHashSalt in Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c. - CVE-2018-14647
python3.4	3.4.3-1ubuntu1~14.04.6	3.4.3-1ubuntu1~14.04.7	python3.4 (3.4.3-1ubuntu1~14.04.7) trusty-security; urgency=medium * SECURITY UPDATE: command injection in shutil module - debian/patches/CVE-2018-1000802.patch: use subprocess rather than distutils.spawn in Lib/shutil.py. - CVE-2018-1000802 * SECURITY UPDATE: DoS via catastrophic backtracking - debian/patches/CVE-2018-106x.patch: fix expressions in Lib/difflib.py, Lib/poplib.py. Added tests to Lib/test/test_difflib.py, Lib/test/test_poplib.py. - CVE-2018-1060 - CVE-2018-1061 * SECURITY UPDATE: incorrect Expat hash salt initialization - debian/patches/CVE-2018-14647.patch: call SetHashSalt in Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c. - CVE-2018-14647
samba	2:4.3.11+dfsg-0ubuntu0.14.04.13	2:4.3.11+dfsg-0ubuntu0.14.04.17	samba (2:4.3.11+dfsg-0ubuntu0.14.04.16) trusty-security; urgency=medium * SECURITY UPDATE: Insufficient input validation on client directory listing in libsmbclient - debian/patches/CVE-2018-10858-.patch: don't overwrite passed in buffer in source3/libsmb/libsmb_path.c, add checks to source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c. - CVE-2018-10858 SECURITY UPDATE: Confidential attribute disclosure AD LDAP server - debian/patches/CVE-2018-10919-.patch: fix access checks. - CVE-2018-10919 samba (2:4.3.11+dfsg-0ubuntu0.14.04.17) trusty; urgency=medium d/p/bug_1583324_include_with_macro.patch: don't fail parsing the config file if it has macros in include directives (LP: #1583324)
openssl	1.0.1f-1ubuntu2.23	1.0.1f-1ubuntu2.26	openssl (1.0.1f-1ubuntu2.26) trusty-security; urgency=medium * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack (previous update was incomplete) - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737
libsnmp30	5.7.2~dfsg-8.1ubuntu3.2	5.7.2~dfsg-8.1ubuntu3.3	net-snmp (5.7.2~dfsg-8.1ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: DoS via NULL pointer exception - debian/patches/CVE-2018-18065.patch: fix logic in agent/helpers/table.c. - CVE-2018-18065
libsnmp-base	5.7.2~dfsg-8.1ubuntu3.2	5.7.2~dfsg-8.1ubuntu3.3	net-snmp (5.7.2~dfsg-8.1ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: DoS via NULL pointer exception - debian/patches/CVE-2018-18065.patch: fix logic in agent/helpers/table.c. - CVE-2018-18065
libsystemd-daemon0	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
libsystemd-login0	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
libtasn1-6	3.4-3ubuntu0.5	3.4-3ubuntu0.6	libtasn1-6 (3.4-3ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference and DoS - debian/patches/CVE-2017-10790.patch: safer access to values read in /lib/parser_aux.c. - CVE-2017-10790
libtiff5	4.0.3-7ubuntu0.7	4.0.3-7ubuntu0.9	tiff (4.0.3-7ubuntu0.9) trusty-security; urgency=medium * SECURITY UPDATE: buffer overflow in gif2tiff - debian/patches/CVE-2016-3186.patch: check return code in tools/gif2tiff.c. - CVE-2016-3186 * SECURITY UPDATE: buffer overflow in gif2tiff - debian/patches/CVE-2016-5102.patch: make warning fatal in tools/gif2tiff.c. - CVE-2016-5102 * SECURITY UPDATE: multiple overflows - debian/patches/CVE-2016-5318.patch: ignore certain fields in libtiff/tif_dir.h, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c. - CVE-2016-5318 - CVE-2017-9147 * SECURITY UPDATE: bmp2tiff issues - debian/patches/CVE-2017-5563_9117.patch: add check to tools/bmp2tiff.c. - CVE-2017-5563 - CVE-2017-9117 * SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf - debian/patches/CVE-2017-9935-1.patch: fix transfer function handling in libtiff/tif_dir.c, tools/tiff2pdf.c. - debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer table in tools/tiff2pdf.c. - CVE-2017-9935 * SECURITY UPDATE: DoS in TIFFOpen - debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in libtiff/tif_dirread.c. - debian/patches/CVE-2017-11613-2.patch: rework fix in libtiff/tif_dirread.c. - CVE-2017-11613 * SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb - debian/patches/CVE-2017-17095.patch: add workaround to tools/pal2rgb.c. - CVE-2017-17095
libtirpc1	0.2.2-5ubuntu2	0.2.2-5ubuntu2.1	libtirpc (0.2.2-5ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2016-4429.diff: fix in src/clnt_dg.c. - CVE-2016-4429 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-8779.patch: fix in src/rpc_generic.c, src/rpcb_prot.c, src/rpcb_st_xdr.c, src/xdr.c. - CVE-2017-8779 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14622.patch: fix in src/svc_c.c. - CVE-2018-14622
libudev1	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
libwayland-client0	1.4.0-1ubuntu1	1.4.0-1ubuntu1.1	wayland (1.4.0-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: heap overflows when parsing malicious files - debian/patches/CVE-2017-16612.patch: add checks to cursor/xcursor.c. - CVE-2017-16612
libwayland-cursor0	1.4.0-1ubuntu1	1.4.0-1ubuntu1.1	wayland (1.4.0-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: heap overflows when parsing malicious files - debian/patches/CVE-2017-16612.patch: add checks to cursor/xcursor.c. - CVE-2017-16612
libx11-6	2:1.6.2-1ubuntu2	2:1.6.2-1ubuntu2.1	libx11 (2:1.6.2-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7942.patch: fix in src/GetImage.c. - CVE-2016-7942 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7943.patch: fix in src/FontNames.c, src/ListExt.c, src/ModMap.c. - CVE-2016-7943 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c, src/ListExt.c. - CVE-2018-14598 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c, src/GetFPath.c, src/ListExt.c. - CVE-2018-14599 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath. - CVE-2018-14600
libx11-data	2:1.6.2-1ubuntu2	2:1.6.2-1ubuntu2.1	libx11 (2:1.6.2-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7942.patch: fix in src/GetImage.c. - CVE-2016-7942 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7943.patch: fix in src/FontNames.c, src/ListExt.c, src/ModMap.c. - CVE-2016-7943 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c, src/ListExt.c. - CVE-2018-14598 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c, src/GetFPath.c, src/ListExt.c. - CVE-2018-14599 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath. - CVE-2018-14600
libx11-xcb1	2:1.6.2-1ubuntu2	2:1.6.2-1ubuntu2.1	libx11 (2:1.6.2-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7942.patch: fix in src/GetImage.c. - CVE-2016-7942 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2016-7943.patch: fix in src/FontNames.c, src/ListExt.c, src/ModMap.c. - CVE-2016-7943 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c, src/ListExt.c. - CVE-2018-14598 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c, src/GetFPath.c, src/ListExt.c. - CVE-2018-14599 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath. - CVE-2018-14600
libxcursor1	1:1.1.14-1ubuntu0.14.04.1	1:1.1.14-1ubuntu0.14.04.2	libxcursor (1:1.1.14-1ubuntu0.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2015-9262.patch: fix in src/library.c. - CVE-2015-9262
libxkbcommon0	0.4.1-0ubuntu1	0.4.1-0ubuntu1.1	libxkbcommon (0.4.1-0ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15853.patch: fix in src/xkbcomp/expr.c. - CVE-2018-15853 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15854.patch: fix in src/xkbcomp/ast-build.c, src/xkbcomp/ast-build.h, src/xkbcomp/ast.h, src/xkbcomp/parser.y. - CVE-2018-15854 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15855.patch: fix in src/xkbcomp/keymap.c, src/xkbcomp/parser.y. - CVE-2018-15855 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15856.patch: fix in src/compose/parser.c. - CVE-2018-15856 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15857.patch: fix in src/xkbcomp/ast-build.c. - CVE-2018-15857 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15859.patch: fix in src/xkbcomp/expr.c. - CVE-2018-15859 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15861.patch: fix in src/xkbcomp/expr.c. - CVE-2018-15861 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15862.patch: fix in src/xkbcomp/expr.c. - CVE-2018-15862 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15863.patch: fix in src/xkbcomp/compat.c. - CVE-2018-15863 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-15864.patch: fix in src/xkbcomp/parser.y. - CVE-2018-15864
libxml2	2.9.1+dfsg1-3ubuntu4.12	2.9.1+dfsg1-3ubuntu4.13	libxml2 (2.9.1+dfsg1-3ubuntu4.13) trusty-security; urgency=medium * SECURITY UPDATE: XXE attacks - debian/patches/CVE-2016-9318.patch: fix in parser.c. - CVE-2016-9318 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - CVE-2017-18258 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - CVE-2018-14404 * SECURITY UPDATE: Infinite loop in LZMA decompression - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - CVE-2018-14567
linux-generic	3.13.0.137.146	3.13.0.162.172
linux-headers-3.13.0-161-generic	3.13.0-161.211
linux-headers-3.13.0-161	3.13.0-161.211
linux-headers-generic	3.13.0.137.146	3.13.0.162.172
linux-image-generic	3.13.0.137.146	3.13.0.162.172
linux-image-server	3.13.0.137.146	3.13.0.162.172
linux-image-virtual	3.13.0.137.146	3.13.0.162.172
multiarch-support	2.19-0ubuntu6.13	2.19-0ubuntu6.14	eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium * SECURITY UPDATE: Memory leak in dynamic loader (ld.so) - debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff: Compute correct array size in _dl_init_paths - CVE-2017-1000408 * SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so) - debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff: Count components of the expanded path in _dl_init_path - CVE-2017-1000409 * SECURITY UPDATE: One-byte overflow in glob - debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte overflow in glob - CVE-2017-15670 * SECURITY UPDATE: Buffer overflow in glob - debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow during GLOB_TILDE unescaping - CVE-2017-15804 * SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH - debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for empty tokens before dynamic string token expansion - CVE-2017-16997 * SECURITY UPDATE: Buffer underflow in realpath() - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff: Make getcwd(3) fail if it cannot obtain an absolute path - CVE-2018-1000001
mysql-common	5.5.58-0ubuntu0.14.04.1	5.5.62-0ubuntu0.14.04.1	mysql-5.5 (5.5.61-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.5.61 to fix security issues - CVE-2018-2767, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066, CVE-2018-3070, CVE-2018-3081 mysql-5.5 (5.5.62-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Update to 5.5.61 to fix security issues - CVE-2018-3133, CVE-2018-3174, CVE-2018-3282
ntpdate	1:4.2.6.p5+dfsg-3ubuntu2.14.04.12	1:4.2.6.p5+dfsg-3ubuntu2.14.04.13	ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) trusty-security; urgency=medium * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185
openssh-client	1:6.6p1-2ubuntu2.8	1:6.6p1-2ubuntu2.11	openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1-2.patch: remove support for pre-authentication compression in kex.c, kex.h, Makefile.in, monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h, packet.c, servconf.c, sshd.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) - debian/patches/CVE-2018-15473.patch: delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. - CVE-2018-15473 [ Leonidas S. Barbosa ] * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence - debian/patches/CVE-2016-10708.patch: fix in kex.c, pack.c. - CVE-2016-10708
openssh-server	1:6.6p1-2ubuntu2.8	1:6.6p1-2ubuntu2.11	openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1-2.patch: remove support for pre-authentication compression in kex.c, kex.h, Makefile.in, monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h, packet.c, servconf.c, sshd.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) - debian/patches/CVE-2018-15473.patch: delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. - CVE-2018-15473 [ Leonidas S. Barbosa ] * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence - debian/patches/CVE-2016-10708.patch: fix in kex.c, pack.c. - CVE-2016-10708
openssh-sftp-server	1:6.6p1-2ubuntu2.8	1:6.6p1-2ubuntu2.11	openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1-2.patch: remove support for pre-authentication compression in kex.c, kex.h, Makefile.in, monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h, packet.c, servconf.c, sshd.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) - debian/patches/CVE-2018-15473.patch: delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. - CVE-2018-15473 [ Leonidas S. Barbosa ] * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence - debian/patches/CVE-2016-10708.patch: fix in kex.c, pack.c. - CVE-2016-10708
open-vm-tools	2:9.4.0-1280544-5ubuntu6.2	2:9.4.0-1280544-5ubuntu6.4	open-vm-tools (2:9.4.0-1280544-5ubuntu6.4) trusty; urgency=medium * d/local/tools.conf: Explicitly point to logfile in tools.conf fixup for (LP 1748122).
patch	2.7.1-4ubuntu2.3	2.7.1-4ubuntu2.4	patch (2.7.1-4ubuntu2.4) trusty-security; urgency=medium * SECURITY UPDATE: Out-of-bounds access - debian/patches/CVE-2016-10713.patch: fix in src/pch.c. - CVE-2016-10713 * SECURITY UPDATE: Input validation vulnerability - debian/patches/CVE-2018-1000156.patch: fix in src/pch.c adding tests in Makefile.in, tests/ed-style. - debian/patches/0001-Fix-ed-style-test-failure.patch: - CVE-2018-1000156 * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2018-6951.patch: fix in src/pch.c. - CVE-2018-6951
ppp	2.4.5-5.1ubuntu2.2	2.4.5-5.1ubuntu2.3	ppp (2.4.5-5.1ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: buffer overflow in pppd EAP-TLS implementation - debian/patches/CVE-2018-11574.patch: check lengths in pppd/eap.c, pppd/eap-tls.c. - CVE-2018-11574
python-apt	0.9.3.5ubuntu2	0.9.3.5ubuntu3
python3-distupgrade	1:0.220.9	1:0.220.10
python3-update-manager	1:0.196.24	1:0.196.25
python-crypto	2.6.1-4ubuntu0.2	2.6.1-4ubuntu0.3	python-crypto (2.6.1-4ubuntu0.3) trusty-security; urgency=medium * SECURITY UPDATE: weak ElGamal key parameters - debian/patches/CVE-2018-6594.patch: use backported fix from pycryptodome in lib/Crypto/PublicKey/ElGamal.py. - CVE-2018-6594
python-requests	2.2.1-1ubuntu0.3	2.2.1-1ubuntu0.4	requests (2.2.1-1ubuntu0.4) trusty-security; urgency=medium * SECURITY UPDATE: Creadentials through HTTP Authorization header - debian/patches/CVE-2018-18074.patch: fix in requests/sessions.py. - CVE-2018-18074
python-twisted-bin	13.2.0-1ubuntu1	13.2.0-1ubuntu1.2	twisted (13.2.0-1ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: HTTProxy issue - debian/patches/CVE-2016-1000111.patch: fix implementation in twisted/web/twcgi.py and add some test in twisted/web/test/test_cgi.py. - CVE-2016-1000111
python-twisted-core	13.2.0-1ubuntu1	13.2.0-1ubuntu1.2	twisted (13.2.0-1ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: HTTProxy issue - debian/patches/CVE-2016-1000111.patch: fix implementation in twisted/web/twcgi.py and add some test in twisted/web/test/test_cgi.py. - CVE-2016-1000111
python-six	1.5.2-1ubuntu1	1.5.2-1ubuntu1.1	six (1.5.2-1ubuntu1.1) trusty-security; urgency=medium * No change rebuild in -security pocket.
resolvconf	1.69ubuntu1.3	1.69ubuntu1.4
python-urllib3	1.7.1-1ubuntu4	1.7.1-1ubuntu4.1	python-urllib3 (1.7.1-1ubuntu4.1) trusty-security; urgency=medium * No change rebuild in -security pocket.
rsync	3.1.0-2ubuntu0.3	3.1.0-2ubuntu0.4	rsync (3.1.0-2ubuntu0.4) trusty-security; urgency=medium * SECURITY UPDATE: receive_xattr function does not check for '0' character allowing denial of service attacks - debian/patches/CVE-2017-16548.patch: enforce trailing 0 when receiving xattr values in xattrs.c. - CVE-2017-16548 * SECURITY UPDATE: Allows remote attacker to bypass argument
secureboot-db	1.1	1.4~ubuntu0.14.04.1
sensible-utils	0.0.9	0.0.9ubuntu0.14.04.1
shim	0.9+1474479173.6c180c6-1ubuntu1	13-0ubuntu2	shim (13-0ubuntu2) bionic; urgency=medium * debian/patches/abort_abort_abort.patch: signtool.exe isn't happy with some of the structure of our binary, partly because abort() is thought to be an external symbol, which causes some relocalisations to appear.
shim-signed	1.32~14.04.2+0.9 +1474479173.6c180c6-1ubuntu1	1.33.1~14.04.3+13-0ubuntu2	shim-signed (1.33.1~14.04.3) trusty; urgency=medium * debian/control: Add a Pre-Depends on dpkg (>= 1.17.5ubuntu5.8) in order to help ensure upgrades have the right dpkg to be able to extract shim. (LP: #1792497)
snmpd	5.7.2~dfsg-8.1ubuntu3.2	5.7.2~dfsg-8.1ubuntu3.3	net-snmp (5.7.2~dfsg-8.1ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: DoS via NULL pointer exception - debian/patches/CVE-2018-18065.patch: fix logic in agent/helpers/table.c. - CVE-2018-18065
snmp	5.7.2~dfsg-8.1ubuntu3.2	5.7.2~dfsg-8.1ubuntu3.3	net-snmp (5.7.2~dfsg-8.1ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: DoS via NULL pointer exception - debian/patches/CVE-2018-18065.patch: fix logic in agent/helpers/table.c. - CVE-2018-18065
systemd-services	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
tzdata	2017c-0ubuntu0.14.04	2018g-0ubuntu0.14.04	tzdata (2018g-0ubuntu0.14.04) trusty; urgency=high * New upstream version, affecting the following timestamp: - Morocco switches to permanent +01 on 2018-10-27.
ubuntu-release-upgrader-core	1:0.220.9	1:0.220.10
udev	204-5ubuntu20.25	204-5ubuntu20.28	systemd (204-5ubuntu20.28) trusty; urgency=medium * logind: fix memleaks in session's free path and cgmanager glue code (LP: #1750013)
update-manager-core	1:0.196.24	1:0.196.25
w3m	0.5.3-15ubuntu0.1	0.5.3-15ubuntu0.2	w3m (0.5.3-15ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: Infinite recursion flaw in HTMLlineproc0 - debian/patches/CVE-2018-6196.patch: prevent negative indent value in table.c. - CVE-2018-6196 * SECURITY UPDATE: NULL pointer dereference flaw in formUpdateBuffer - debian/patches/CVE-2018-6197.patch: prevent invalid columnPos() call in form.c. - CVE-2018-6197 * SECURITY UPDATE: does not properly handle temp files - debian/patches/CVE-218-6198.patch: make temp directory safely in config.h.dist, config.h.in, configure, configure.ac, main.c and rc.c. - CVE-2018-6198
wget	1.15-1ubuntu1.14.04.3	1.15-1ubuntu1.14.04.4	wget (1.15-1ubuntu1.14.04.4) trusty-security; urgency=medium * SECURITY UPDATE: Cookie injection vulnerability - debian/patches/CVE-2018-0494.patch: fix cooking injection in src/http.c. - CVE-2018-0494
wpasupplicant	2.1-0ubuntu1.5	2.1-0ubuntu1.6	wpa (2.1-0ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: Expose sensitive information - debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c. - CVE-2018-14526
zlib1g	1:1.2.8.dfsg-1ubuntu1	1:1.2.8.dfsg-1ubuntu1.1	zlib (1:1.2.8.dfsg-1ubuntu1.1) trusty-proposed; urgency=medium * SRU: LP: #1766566. * Call dh_makeshlibs for the 64bit multilib package.

Snare Central v7 Documentation

Release Notes for Snare Central v7.4.1

Analytics

Change Log

New Features

Enhancements

Bug Fixes

Security

Operating System Updates

Related content